052ea589dee645a2875260992b3df02a4812686c6129ee7ee7b02f9f36d0711a

Sharing

Copy URL Twitter E-mail

General

Target

052ea589dee645a2875260992b3df02a4812686c6129ee7ee7b02f9f36d0711a
Size

3.3MB
MD5

e826cc31e1676e3603ca55ea7b05b5b3
SHA1

b5964ed40afe15c08b5f54cfd2278d6e4e1a33de
SHA256

052ea589dee645a2875260992b3df02a4812686c6129ee7ee7b02f9f36d0711a
SHA512

6efcd4d806899b4e7af92ece54104c36163afa7b630c000ba0bbad2bc93240c236e8fc697731eae5ce5f39d4190d61b0070438580431a31bcf9c81cee3a416d8
SSDEEP

49152:tcBdYpAibk0ZaLbr/OsxdDB9yq84eV1OEXRB5pCsQfzu87f3HPSsITmEP4mGU/aU:tcBqsxGzRB5fpQ6sG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
052ea589dee645a2875260992b3df02a4812686c6129ee7ee7b02f9f36d0711a

Files

052ea589dee645a2875260992b3df02a4812686c6129ee7ee7b02f9f36d0711a
.exe windows:5 windows x86 arch:x86

4d3bd3be2d8376cf3858f425faff0188

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\File_Transfer\23-Mar-23\mycomputeractivex\6168900\mycomp\StartupApps\CustomerPlugin\project\Release\CustomerPlugin.pdb

Imports

wininet

HttpOpenRequestW
HttpAddRequestHeadersW
InternetReadFile
InternetQueryOptionW
InternetSetOptionW
InternetGetConnectedState
InternetErrorDlg
InternetOpenW
HttpQueryInfoW
HttpSendRequestExW
InternetCloseHandle
InternetConnectW
HttpSendRequestA
DetectAutoProxyUrl

winhttp

WinHttpConnect
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpQueryDataAvailable

netapi32

NetWkstaGetInfo
NetApiBufferFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathStripToRootW
PathFindExtensionW
PathIsUNCW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW

kernel32

GetThreadLocale
SetThreadPriority
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
FreeResource
EncodePointer
GetSystemDirectoryW
GlobalFindAtomW
CompareStringW
FileTimeToSystemTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetTickCount
GetUserDefaultLCID
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DuplicateHandle
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
LoadLibraryA
HeapQueryInformation
ExitThread
SetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
PeekNamedPipe
GetFileType
GetDriveTypeW
RtlUnwind
MoveFileExW
GetTimeZoneInformation
SetEnvironmentVariableA
GetEnvironmentVariableA
GetLongPathNameW
QueryPerformanceFrequency
InterlockedPushEntrySList
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
GetCPInfo
GetStringTypeW
LCMapStringW
SwitchToThread
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
MulDiv
GlobalUnlock
GlobalLock
GetModuleHandleA
OutputDebugStringA
GetACP
VirtualQuery
VirtualProtect
CreateFileA
SetFileAttributesW
FormatMessageA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
IsBadStringPtrW
ReleaseMutex
GetStdHandle
FlushFileBuffers
GetFileSize
GetLocalTime
GetCurrentThreadId
CreateFileW
WriteFile
SetLastError
ReadFile
OutputDebugStringW
CopyFileW
SetCurrentDirectoryW
GlobalFree
GlobalAlloc
CreateMutexW
LocalAlloc
InterlockedIncrement
ResetEvent
LoadLibraryExW
SetEvent
GetExitCodeThread
CreateEventW
WaitForMultipleObjects
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetSystemInfo
GetVersionExW
GetEnvironmentVariableW
GetTempFileNameW
FreeLibrary
GetProcAddress
CreateThread
LoadLibraryW
WaitForSingleObject
GetTempPathW
GetComputerNameW
GetComputerNameExW
InterlockedDecrement
GetModuleHandleW
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
GetCurrentDirectoryW
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
LocalFree
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
CloseHandle
HeapReAlloc
DeleteFileW
LockResource
GetLastError
Sleep
MultiByteToWideChar
HeapSize
GetFileAttributesW
FindClose
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindNextFileW
HeapFree
FindFirstFileW
SizeofResource
CreateDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryA
IsValidLocale
EnumSystemLocalesW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
WriteConsoleW
GetSystemTime
InterlockedExchangeAdd
InterlockedCompareExchange
CreateFiber
DeleteFiber
SwitchToFiber
ConvertThreadToFiber
ConvertFiberToThread
GlobalMemoryStatus
SetConsoleMode
ReadConsoleA
IsProcessorFeaturePresent

user32

PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
GetProcessWindowStation
WinHelpW
SetWindowLongW
SetPropW
GetScrollPos
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
SetWindowTextW
IsDialogMessageW
DrawTextW
DrawTextExW
GrayStringW
MonitorFromWindow
GetClassInfoW
RegisterClassW
TabbedTextOutW
UnregisterClassW
GetDesktopWindow
PostMessageW
GetUserObjectInformationW
EnableWindow
IsIconic
KillTimer
AppendMenuW
GetClientRect
LoadIconW
SetTimer
DrawIcon
GetSystemMetrics
SendMessageW
GetClassLongW
GetFocus
SendDlgItemMessageA
GetMonitorInfoW
OffsetRect
GetParent
GetSubMenu
GetMenuItemID
GetMenuItemCount
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
PostQuitMessage
SetCursor
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetDC
GetWindowDC
ReleaseDC
ClientToScreen
DestroyMenu
GetSysColorBrush
LoadCursorW
RealChildWindowFromPoint
InvalidateRect
DefWindowProcW
SetCapture
ReleaseCapture
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
GetLastActivePopup
IsWindow
DestroyWindow
CreateDialogIndirectParamW
GetClassNameW
GetTopWindow
GetSystemMenu
UnhookWindowsHookEx
PostThreadMessageW
EndDialog
GetDlgItem
GetNextDlgTabItem
SetActiveWindow
SetWindowPos
SetWindowContextHelpId
ShowWindow
MoveWindow
SetRectEmpty
GetWindow
MapDialogRect
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
CallWindowProcW

gdi32

ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetMapMode
SelectObject
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
Escape
DeleteObject
DeleteDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetObjectW
TextOutW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyExW
ConvertSidToStringSidW
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
RegCloseKey
OpenProcessToken
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
GetTokenInformation
GetUserNameW
DuplicateToken
RegQueryValueW
RegEnumKeyW
AllocateAndInitializeSid
CreateWellKnownSid
FreeSid
CheckTokenMembership

shell32

ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

comctl32

InitCommonControlsEx

ole32

CoTaskMemAlloc
CoCreateGuid
CLSIDFromString
CoCreateInstance
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CoUninitialize
CLSIDFromProgID
CoInitialize
CoTaskMemFree

oleaut32

OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

oleacc

CreateStdAccessibleObject
LresultFromObject

ws2_32

setsockopt
ioctlsocket
sendto
getsockopt
recv
recvfrom
connect
socket
send
select
getsockname
getpeername
WSAGetLastError
ntohs
listen
shutdown
WSASetLastError
ntohl
getaddrinfo
inet_addr
freeaddrinfo
accept
bind
htons
WSACleanup
WSAStartup
closesocket

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy
CertFindCertificateInStore
CertCreateCertificateContext
CertDuplicateCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 965KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d3bd3be2d8376cf3858f425faff0188

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

winhttp

netapi32

version

shlwapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

oledlg

urlmon

oleacc

ws2_32

crypt32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 965KB - Virtual size: 964KB

.data Size: 60KB - Virtual size: 92KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 113KB - Virtual size: 112KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 965KB - Virtual size: 964KB

.data
Size: 60KB - Virtual size: 92KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 113KB - Virtual size: 112KB