a43402fbd645fd9f6439c6992558f8de46b4819052e9323cd8c8e483a04a1db6

Sharing

Copy URL Twitter E-mail

General

Target

a43402fbd645fd9f6439c6992558f8de46b4819052e9323cd8c8e483a04a1db6
Size

2.3MB
MD5

239e966d89196a7554b7f8b929f0ab56
SHA1

d1d3efc5cb9acabbbcdb038c2980171b9c98cd7b
SHA256

a43402fbd645fd9f6439c6992558f8de46b4819052e9323cd8c8e483a04a1db6
SHA512

f3b5f496698f14aacf0376761e4ae23ea5f00f4d9b9e0af1d8e87062d92962efd45940cd5322e741567ab2557cf3ecd3e2f91199d5a700b2c185435ab8514c4c
SSDEEP

49152:doQxvq4pBkWiZC5d3BMVpbBqJSJFqOTmd2gH8pepCS4zc:FMtdtLSddoRw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a43402fbd645fd9f6439c6992558f8de46b4819052e9323cd8c8e483a04a1db6

Files

a43402fbd645fd9f6439c6992558f8de46b4819052e9323cd8c8e483a04a1db6
.dll windows:6 windows x64 arch:x64

dfead37e683d14c2820275ddf8f11401

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

O:\webex-productivitytools-plugin\output\maps\release\pt\ptSSO64.pdb

Imports

shlwapi

PathIsDirectoryW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
wnsprintfW
StrCmpIW
PathAppendW
StrStrW
StrCpyW
StrChrW
StrRChrW
PathRemoveBackslashW
PathAddBackslashW
StrChrA
StrTrimA
StrStrIA
PathAppendA
PathFindFileNameW
StrCmpW
PathIsDirectoryA

wcldll64

wclSubclassMgr
at_mem_free
at_mem_cpy
wclSendMessage
wclGetHWND
wclGetApp20211213
at_mem_realloc2
wclUnsubclassMgr

kernel32

ReadFile
WriteFile
LoadResource
LockResource
SizeofResource
FindResourceW
lstrlenA
lstrlenW
DecodePointer
DisableThreadLibraryCalls
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
lstrcmpiW
SetThreadUILanguage
GlobalHandle
GlobalFree
CreateEventW
GetTickCount
lstrcpyW
SystemTimeToFileTime
SetEvent
ResetEvent
WaitForSingleObject
GetTickCount64
CreateDirectoryW
DeleteFileW
InitializeCriticalSectionEx
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
lstrcatW
FindClose
FindFirstFileW
GetWindowsDirectoryW
GetShortPathNameW
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
K32EnumProcesses
K32GetModuleFileNameExW
InitializeCriticalSection
GetTimeZoneInformation
Sleep
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetLongPathNameW
GetWindowsDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
ReleaseMutex
CreateMutexW
GetLocalTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetUserDefaultLCID
IsDBCSLeadByteEx
CreateThread
ResumeThread
CreateDirectoryA
CreateFileW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
GetStdHandle
GetACP
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwindEx
RtlPcToFileHeader
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
TryEnterCriticalSection
FormatMessageA
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
IsDebuggerPresent
lstrcpynW
LocalFree
GetSystemDirectoryW
OpenProcess
ProcessIdToSessionId
GetModuleHandleW
GetVersionExW
GetCurrentProcess
FormatMessageW
LocalAlloc
GetCurrentThreadId
OpenEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
CloseHandle
GetSystemTime
RaiseException
MultiByteToWideChar
LoadLibraryW
RtlUnwind
LoadLibraryExW
GetProcAddress
GetFileSize
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
VirtualQuery
OutputDebugStringW
OutputDebugStringA
GetEnvironmentVariableW
GetFileType
IsValidLocale
EnumSystemLocalesW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
SetEndOfFile
RtlCaptureStackBackTrace
CreateFileMappingW

user32

GetMessageW
TranslateMessage
UnhookWindowsHookEx
IsWindowVisible
PostMessageW
CharUpperW
DispatchMessageW
IsDialogMessageW
MsgWaitForMultipleObjects
SetWindowsHookExW
SetActiveWindow
LoadStringW
MessageBoxW
PeekMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
DestroyWindow
SetTimer
KillTimer
GetWindowLongPtrW
SetWindowLongPtrW
LoadCursorW
RegisterClassW
CallNextHookEx
GetMonitorInfoW
MonitorFromWindow
MapDialogRect
LoadImageW
OffsetRect
UnionRect
MapWindowPoints
SetWindowContextHelpId
GetWindowRect
SetForegroundWindow
GetSystemMetrics
EndDialog
CreateDialogIndirectParamW
BringWindowToTop
ShowWindow
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
SetWindowPos
MoveWindow
IsChild
SendMessageW
RegisterWindowMessageW

gdi32

GetStockObject
CreateFontIndirectW
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
SelectObject

advapi32

CreateProcessWithTokenW
LookupAccountSidW
DuplicateTokenEx
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
LookupPrivilegeValueW
MapGenericMask
GetTokenInformation
GetSecurityDescriptorDacl
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AdjustTokenPrivileges
AccessCheck
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptGenKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListA

ole32

CoCreateGuid
OleLockRunning
OleUninitialize
OleInitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
OleRun
CoCreateInstance

oleaut32

SysFreeString
LoadRegTypeLi
SafeArrayCreateVector
SafeArrayUnlock
SafeArrayLock
SysAllocStringLen
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
VarUI4FromStr
DispCallFunc
LoadTypeLi
VarBstrCmp
VariantChangeType
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocString

comctl32

ImageList_Draw
ImageList_LoadImageW
ord17

rpcrt4

UuidCreateSequential

psapi

EnumProcesses

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken

crypt32

CryptProtectData
CryptUnprotectData

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetConnectW
InternetErrorDlg
InternetCloseHandle
InternetOpenW
InternetReadFile
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetCrackUrlW

Exports

Exports

PTCheckCITicket
PTCheckSiteType
PTGetSSOTicket
PTGetThirdPartyOAuthToken
PTIsSupportSSO
PTSSOCancel
PTSSOSetDlgCaption
PTSSOUnit

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfead37e683d14c2820275ddf8f11401

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wcldll64

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

rpcrt4

psapi

wtsapi32

crypt32

version

wininet

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 534KB - Virtual size: 534KB

.data Size: 33KB - Virtual size: 43KB

.pdata Size: 87KB - Virtual size: 86KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 534KB - Virtual size: 534KB

.data
Size: 33KB - Virtual size: 43KB

.pdata
Size: 87KB - Virtual size: 86KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB