9c2b11af5c53b96d83aed848f38cc8450cf52c7e87c5ab24054824801e44c1c2

Sharing

Copy URL Twitter E-mail

General

Target

9c2b11af5c53b96d83aed848f38cc8450cf52c7e87c5ab24054824801e44c1c2
Size

990KB
MD5

68ba32c0022661d36094d79091d1f1e2
SHA1

47818c0ad56cb4a1103385205aa09cca98dd0801
SHA256

9c2b11af5c53b96d83aed848f38cc8450cf52c7e87c5ab24054824801e44c1c2
SHA512

093b86fc77e76a0e165537f222fdcabaae88c394ca1f9065163640e365623495a4eb45e9ebadaa2067bcfcf9b71e3da1b1f6700db05001ffd17f81f00cd48141
SSDEEP

12288:obFH2ZNDVenlmv7FYZJauP92RhAJJiQoMjt0RtketCJgZQIwO1LvwGdUqklnYiCS:Yx2JiARq+QogqhtrLzCqka+Jpz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c2b11af5c53b96d83aed848f38cc8450cf52c7e87c5ab24054824801e44c1c2

Files

9c2b11af5c53b96d83aed848f38cc8450cf52c7e87c5ab24054824801e44c1c2
.dll windows:6 windows x86 arch:x86

430d25628caca713f4df78107c59dbcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\webex-productivitytools-plugin\output\maps\release\pt\ptSSO.pdb

Imports

shlwapi

PathAppendA
PathAppendW
PathIsDirectoryA
StrStrIA
StrTrimA
StrChrA
PathRemoveBackslashW
PathAddBackslashW
StrCmpW
StrRChrW
StrChrW
StrCpyW
StrStrW
wnsprintfW
PathFindFileNameW
PathIsDirectoryW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
StrCmpIW

wcldll

at_mem_cpy
at_mem_free
at_mem_realloc2
wclUnsubclassMgr
wclSubclassMgr
wclGetApp20211213
wclGetHWND
wclSendMessage

wininet

HttpQueryInfoW
InternetErrorDlg
InternetCrackUrlW
HttpSendRequestW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryOptionW
InternetSetOptionW

kernel32

LocalAlloc
FormatMessageW
GetCurrentProcess
GetVersionExW
GetModuleHandleW
ProcessIdToSessionId
OpenProcess
GetSystemDirectoryW
LocalFree
lstrcpynW
CreateFileW
GetFileSize
ReadFile
WriteFile
LoadResource
LockResource
SizeofResource
FindResourceW
lstrlenA
lstrlenW
DecodePointer
DisableThreadLibraryCalls
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
lstrcmpiW
SetThreadUILanguage
GlobalHandle
GlobalFree
CreateEventW
OpenEventW
lstrcpyW
SystemTimeToFileTime
SetEvent
ResetEvent
WaitForSingleObject
GetTickCount64
CreateDirectoryW
DeleteFileW
InitializeCriticalSectionEx
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
lstrcatW
FindClose
FindFirstFileW
GetWindowsDirectoryW
GetShortPathNameW
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
K32EnumProcesses
K32GetModuleFileNameExW
InitializeCriticalSection
GetTimeZoneInformation
Sleep
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetLongPathNameW
GetWindowsDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
ReleaseMutex
CreateMutexW
GetLocalTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetUserDefaultLCID
IsDBCSLeadByteEx
CreateThread
ResumeThread
CreateDirectoryA
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
CloseHandle
GetSystemTime
RaiseException
MultiByteToWideChar
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
VirtualQuery
OutputDebugStringW
OutputDebugStringA
GetEnvironmentVariableW
IsDebuggerPresent
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentThreadId
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
GetTickCount

user32

PeekMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
LoadCursorW
RegisterWindowMessageW
RegisterClassW
MsgWaitForMultipleObjects
CharUpperW
PostMessageW
IsWindowVisible
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetActiveWindow
LoadStringW
GetMonitorInfoW
MonitorFromWindow
MapDialogRect
LoadImageW
OffsetRect
UnionRect
MapWindowPoints
SetWindowContextHelpId
GetWindowRect
SetForegroundWindow
GetSystemMetrics
EndDialog
CreateDialogIndirectParamW
BringWindowToTop
ShowWindow
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
SetWindowPos
MoveWindow
IsChild
SendMessageW
MessageBoxW

gdi32

CreateSolidBrush
CreateCompatibleBitmap
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
CreateCompatibleDC
CreateFontIndirectW
BitBlt

advapi32

RegCloseKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptGenKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
CreateProcessWithTokenW
LookupAccountSidW
DuplicateTokenEx
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegQueryValueExW
LookupPrivilegeValueW
MapGenericMask
GetTokenInformation
GetSecurityDescriptorDacl
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AdjustTokenPrivileges
AccessCheck
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
RegQueryInfoKeyW
RegEnumValueW
CryptDestroyHash
OpenProcessToken

shell32

SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetMalloc

ole32

OleLockRunning
CoCreateGuid
CoUninitialize
OleInitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
OleRun
CoCreateInstance
OleUninitialize

oleaut32

SafeArrayCreateVector
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringByteLen
VarUI4FromStr
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
VariantChangeType
VariantCopy
GetErrorInfo
SetErrorInfo
VariantClear
VariantInit
CreateErrorInfo
SysStringByteLen
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

comctl32

ImageList_Draw
ImageList_LoadImageW
ord17

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
_Xtime_get_ticks
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z

rpcrt4

UuidCreateSequential

psapi

EnumProcesses

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

crypt32

CryptProtectData
CryptUnprotectData

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

vcruntime140

memset
__std_terminate
_purecall
memcmp
wcsstr
__std_type_info_name
memchr
strchr
strstr
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memmove
memcpy
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_errno
terminate
_beginthreadex
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
_recalloc
free

api-ms-win-crt-string-l1-1-0

strcat
towupper
_strnicmp
strnlen
wcslen
_wcsnicmp
wcsncpy_s
toupper
_wcsupr
_wcslwr
strlen
iswspace
iswdigit
tolower
wcstok_s
_wcsicmp
wcsnlen
_wcsrev
strpbrk
towlower

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswscanf
setvbuf
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_wfopen
fwrite
_fseeki64
ungetc
__stdio_common_vsprintf
fsetpos
fopen_s
fseek
ftell
fread
__stdio_common_vsscanf
_get_stream_buffer_pointers
fclose
fputc
fflush
fgetpos
fgetc
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-convert-l1-1-0

strtol
wcstoul
_wtoi
_wtol
_wtoi64
atoi
atol
_i64tow
_atoi64

api-ms-win-crt-time-l1-1-0

__daylight
_time64
wcsftime
_mktime64
_localtime64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wsplitpath_s
_wsplitpath

api-ms-win-crt-utility-l1-1-0

labs
rand
abs

api-ms-win-crt-math-l1-1-0

modf
_except1
_dtest

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

PTCheckCITicket
PTCheckSiteType
PTGetSSOTicket
PTGetThirdPartyOAuthToken
PTIsSupportSSO
PTSSOCancel
PTSSOSetDlgCaption
PTSSOUnit

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

430d25628caca713f4df78107c59dbcf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wcldll

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msvcp140

rpcrt4

psapi

wtsapi32

crypt32

version

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 643KB - Virtual size: 643KB

.rdata Size: 284KB - Virtual size: 283KB

.data Size: 14KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 45KB

.text
Size: 643KB - Virtual size: 643KB

.rdata
Size: 284KB - Virtual size: 283KB

.data
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 45KB