a10fb831ac1721507c1d2cdb7df7cc893502faab0b858a42a58014b2aa0778b6

Sharing

Copy URL Twitter E-mail

General

Target

a10fb831ac1721507c1d2cdb7df7cc893502faab0b858a42a58014b2aa0778b6
Size

2.5MB
MD5

06d70039e7b7d9e2d3ec5cd96d5f6266
SHA1

e47eaa2085789d6e05ea586d6dca706735907a2f
SHA256

a10fb831ac1721507c1d2cdb7df7cc893502faab0b858a42a58014b2aa0778b6
SHA512

de4586e81dcf9a82454e4bb8fcf4117a76f55c3993957afda7b2d17c46bb2570cbc250a6960ba85c149343e14c6e7dd2c4cc0cf90f3fab57b46a094e4c5bdf0d
SSDEEP

49152:/F21dpiRaIodq9+CODq18bT1KZqcND8C3/5ZM:Gp3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a10fb831ac1721507c1d2cdb7df7cc893502faab0b858a42a58014b2aa0778b6

Files

a10fb831ac1721507c1d2cdb7df7cc893502faab0b858a42a58014b2aa0778b6
.dll windows:10 windows x64 arch:x64

b2b0ddce9e8cc1953e59ac7273512304

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WebRuntimeManager.pdb

Imports

msvcp_win

?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
wcslen
memset
wcsncmp

api-ms-win-crt-math-l1-1-0

ceilf
_finite

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_wassert
_initterm

api-ms-win-crt-private-l1-1-0

_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtof
_o__wtoi
_o_ceil
_o_free
_o_isalpha
_o_isdigit
_o_isxdigit
_o_malloc
_o_memcpy_s
_o_realloc
_o_strtol
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
_o_wcstol
__CxxFrameHandler3
memmove
memcpy
memcmp
__C_specific_handler
_o__itow_s
_o__itow
_o__execute_onexit_table
_o__errno
_o__crt_atexit
wcschr
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64tow_s
_CxxThrowException
__std_terminate
__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
CancelWaitableTimer
InitializeSRWLock
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
TryAcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx
ReleaseMutex
CreateEventExW
WaitForSingleObject
InitializeCriticalSectionEx
InitializeCriticalSection
ResetEvent
CreateSemaphoreExW
OpenEventW
EnterCriticalSection
DeleteCriticalSection
ReleaseSemaphore
SetWaitableTimer
SetEvent
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventWriteEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetProcessIdOfThread
OpenProcessToken
SuspendThread
SetPriorityClass
TerminateProcess
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
CreateThread
OpenThreadToken
InitializeProcThreadAttributeList
CreateProcessAsUserW
UpdateProcThreadAttribute
GetExitCodeProcess
OpenThread

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysFreeString
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserUnmarshal
SysStringByteLen
BSTR_UserMarshal64
BSTR_UserFree
VariantCopy
VariantClear
LPSAFEARRAY_UserSize64
VARIANT_UserUnmarshal64
VARIANT_UserFree64
LPSAFEARRAY_UserMarshal
BSTR_UserSize
VARIANT_UserMarshal
SysAllocStringByteLen
LPSAFEARRAY_UserMarshal64
VARIANT_UserSize
LPSAFEARRAY_UserFree64
VARIANT_UserUnmarshal
VARIANT_UserFree
SysStringLen
LPSAFEARRAY_UserUnmarshal
SysAllocStringLen
SafeArrayDestroy
VariantInit
SafeArrayGetUBound
VarBstrCmp
SafeArrayGetLBound
BSTR_UserUnmarshal64
VARIANT_UserSize64
VARIANT_UserMarshal64
SafeArrayUnaccessData
SafeArrayCreate
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserFree
SafeArrayAccessData
SysAllocString
SafeArrayCopy

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-file-l1-1-0

CompareFileTime
FindClose
GetFileAttributesW
SetFileAttributesW
FindFirstFileW
FindNextFileW

api-ms-win-shcore-stream-l1-1-0

IStream_Read
IStream_ReadStr

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorSacl
GetAce
CopySid
GetTokenInformation
IsValidSid
GetLengthSid
GetKernelObjectSecurity

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
TrySubmitThreadpoolCallback
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteTreeW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

userenv

GetAppContainerRegistryLocation

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-shell-shdirectory-l1-1-0

ord290

rpcrt4

CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
UuidCreate
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
RpcImpersonateClient
RpcRevertToSelf
RpcServerInqCallAttributesW
RpcServerInqBindingHandle
I_RpcBindingInqLocalClientPID
NdrOleAllocate
CStdStubBuffer_QueryInterface
RpcBindingFree
CStdStubBuffer_IsIIDSupported
NdrStubCall3
NdrGetUserMarshalInfo
RpcRaiseException
NdrStubForwardingFunction
CStdStubBuffer_Invoke
I_RpcExceptionFilter
NdrClientCall3
NdrDllGetClassObject
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
RpcBindingCreateW
RpcBindingBind
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrCStdStubBuffer2_Release

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

iertutil

ord654
ord398
ord594
CreateIUriBuilder
CreateUri
ord37
ord790
ord850
ord852
ord855
ord854
ord798
ord652
ord99
ord61
ord65
ord70
ord650
ord651
ord870
ord67
ord57
ord63
ord597
ord795
ord661
ord140
ord300
ord144
ord794
ord797
ord792
ord85
ord74
ord81
ord793
ord134
ord791
ord796
ord79
ord596
ord76
ord64
ord89
ord78
ord230
ord68

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-downlevel-shlwapi-l1-1-0

QISearch
StrChrW
StrCmpCW
StrCmpICW
StrStrIW

api-ms-win-downlevel-shlwapi-l2-1-0

IStream_Reset
IStream_Size
SHCreateMemStream

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetComputerNameW
RaiseFailFastException

ntdll

NtQueryInformationToken
NtCompareTokens
NtQueryWnfStateData
NtUpdateWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryInformationProcess
RtlNtStatusToDosError
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation

api-ms-win-core-psm-app-l1-1-0

PsmUnregisterAppStateChangeNotification
PsmRegisterAppStateChangeNotification

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

rmclient

HamAddDependency
HamDisconnectForExtendedExecution
HamConnectForExtendedExecution

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-namespace-l1-1-0

OpenPrivateNamespaceW
DeleteBoundaryDescriptor
ClosePrivateNamespace
CreateBoundaryDescriptorW

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-registry-l2-1-0

RegDeleteKeyTransactedW
RegCreateKeyW
RegCreateKeyTransactedW
RegOpenKeyTransactedW

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-shcore-sysinfo-l1-1-0

GetCurrentProcessExplicitAppUserModelID

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-downlevel-advapi32-l1-1-0

AddAccessAllowedAceEx

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

kernelbase

__chkstk
GlobalAlloc
GlobalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalSize
GlobalUnlock
GlobalFlags

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient20
ObjectStublessClient15
CStdStubBuffer2_Connect
ObjectStublessClient23
ObjectStublessClient4
NdrProxyForwardingFunction7
NdrProxyForwardingFunction9
NdrProxyForwardingFunction10
CStdAsyncStubBuffer_QueryInterface
NdrProxyForwardingFunction5
CStdAsyncStubBuffer_Invoke
CStdAsyncStubBuffer_AddRef
CStdStubBuffer2_QueryInterface
CStdAsyncStubBuffer_Connect
ObjectStublessClient18
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction6
NdrProxyForwardingFunction8
CStdStubBuffer2_CountRefs
CStdAsyncStubBuffer_Disconnect
ObjectStublessClient31
ObjectStublessClient30
ObjectStublessClient29
ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient27
ObjectStublessClient22
ObjectStublessClient7
NdrProxyForwardingFunction4
NdrProxyForwardingFunction11
NdrProxyForwardingFunction3
ObjectStublessClient3
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient28
CStdAsyncStubBuffer_Release
ObjectStublessClient19
ObjectStublessClient26
ObjectStublessClient17
ObjectStublessClient16
ObjectStublessClient21
ObjectStublessClient24
ObjectStublessClient25

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

Exports

Exports

CreateMessagePortEventDispatcher
CreateServiceWorkerClientMessageDispatcher
CreateWebRuntimeFactory
CreateWebRuntimeNotificationFromEventArg
DllGetActivationFactory
EnsureServiceWorkerManagerComponent

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2b0ddce9e8cc1953e59ac7273512304

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-path-l1-1-0

userenv

api-ms-win-core-registry-l1-1-1

api-ms-win-shell-shdirectory-l1-1-0

rpcrt4

api-ms-win-core-heap-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

iertutil

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-shlwapi-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

ntdll

api-ms-win-core-psm-app-l1-1-0

api-ms-win-core-string-l1-1-0

rmclient

api-ms-win-core-file-l1-2-0

api-ms-win-core-namespace-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

kernelbase

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-url-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-featurestaging-l1-1-1

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 693KB - Virtual size: 693KB

.data
Size: 14KB - Virtual size: 22KB

.pdata
Size: 110KB - Virtual size: 110KB

.didat
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 49KB - Virtual size: 49KB