decb4c7af12dbeb95eb920a0758d759c105a34d7c9804fa9b0c6393df40a357d

Sharing

Copy URL Twitter E-mail

General

Target

decb4c7af12dbeb95eb920a0758d759c105a34d7c9804fa9b0c6393df40a357d
Size

5.3MB
MD5

7d1b049ebe4f84cc9b70a92f16071194
SHA1

a04e87a9152113bc0e3d01b4c6ccdf66f4b0e272
SHA256

decb4c7af12dbeb95eb920a0758d759c105a34d7c9804fa9b0c6393df40a357d
SHA512

6f2e131ba2be27097bda33aa21d64fdcd68709560216a5cb89e437a32f791a05a3a2f9d5b5e3e0ae564a393da4eca3a36567efbdbe97ca76283be0a38d18584c
SSDEEP

98304:Bi2/mYEafRS5BmdTHY2gLfsTgZ2lkqTRojkJMbF8xo:BF/zxZYBmVH1AEFlRo/b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
decb4c7af12dbeb95eb920a0758d759c105a34d7c9804fa9b0c6393df40a357d

Files

decb4c7af12dbeb95eb920a0758d759c105a34d7c9804fa9b0c6393df40a357d
.dll windows:6 windows x86 arch:x86

0ffc8d6929c3806537648ebb5c703e4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Build\Output\bin\Release\OLIMSISupport.pdb

Imports

kernel32

GetBinaryTypeA
GetShortPathNameA
GetPrivateProfileStringA
WideCharToMultiByte
FindResourceW
GetComputerNameExW
GetLocalTime
QueryPerformanceFrequency
GetVersionExA
SizeofResource
DeleteFiber
LoadResource
FindResourceExW
Sleep
DeleteCriticalSection
LockResource
CreateProcessW
OpenSemaphoreA
DeviceIoControl
GetEnvironmentVariableW
SearchPathA
GetSystemTime
GetComputerNameW
GetFileSize
MoveFileExW
SystemTimeToFileTime
ReleaseSemaphore
ReleaseMutex
OpenProcess
CreateEventA
CreateFileMappingA
InterlockedCompareExchange
MapViewOfFile
GetSystemDirectoryA
SwitchToThread
GetVolumeInformationA
CreateThread
SetFileAttributesW
GetModuleHandleA
GetLogicalDrives
SetErrorMode
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
LocalFree
EncodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSection
lstrcmpiA
GetCurrentProcessId
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
CreateFileA
FindNextFileA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenA
LoadLibraryExA
GetUserDefaultLangID
GetTickCount
InitializeCriticalSectionEx
lstrcpyA
OutputDebugStringA
CreateMutexA
LocalAlloc
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
WriteFile
GetConsoleOutputCP
GetConsoleMode
CreateFileW
GetFileType
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetFileInformationByHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
FlushFileBuffers
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetEndOfFile
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
DeleteFileW
RemoveDirectoryW
WriteConsoleW
OpenMutexA
InterlockedExchangeAdd
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
DecodePointer
GetTempFileNameA
GetFileAttributesA
FindFirstFileA
FindClose
CreateDirectoryA
GetDriveTypeA
QueryDosDeviceA
SetThreadPriority
GetExitCodeThread
UnmapViewOfFile
DuplicateHandle
GetProcessTimes
WaitForSingleObject
ConvertThreadToFiber
SwitchToFiber
ResumeThread
GetVersion
GetSystemInfo
GetEnvironmentVariableA
CreateDirectoryW
TerminateThread
FindFirstFileW
DefineDosDeviceA
CreateSemaphoreA

user32

MessageBoxA
wsprintfA
GetForegroundWindow

comdlg32

GetOpenFileNameA

advapi32

ControlService
CloseServiceHandle
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA

shell32

SHFileOperationA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msi

ord158
ord134
ord159
ord124
ord210
ord67
ord8
ord17
ord120
ord49
ord73
ord103
ord46
ord144
ord57
ord31
ord138
ord160

Exports

Exports

AddMsiSource
AddRequiredNewFeature
BrowseForExecutable
CheckHaspVLib
CreateTempSourceDir
DetectAspenPlus
FormatKeyServerBinding
FormatNetworkSettings
FormatProductData
FormatRPCProtocolCount
FormatSerialData
GenerateTimeStamp
InstallHASPDrivers
InstallHASPSLTrial
IsMinorUpgradeAllowed
IsOrigSrcNeeded
ReadSetupConfig
RemoveDir
RemoveObsoleteComponent
RepairHASPDrivers
SetInstallHASPSLTrialCData
StartWindowsService
UnFormatLicSer
UninstallHASPDrivers
ValidateSerial
VerifySignature
_AddMsiSource@4
_AddRequiredNewFeature@4
_BrowseForExecutable@4
_CheckHaspVLib@4
_CreateTempSourceDir@4
_DetectAspenPlus@4
_FormatKeyServerBinding@4
_FormatNetworkSettings@4
_FormatProductData@4
_FormatRPCProtocolCount@4
_FormatSerialData@4
_GenerateTimeStamp@4
_InstallHASPDrivers@4
_InstallHASPSLTrial@4
_IsMinorUpgradeAllowed@4
_IsOrigSrcNeeded@4
_ReadSetupConfig@4
_RemoveDir@4
_RemoveObsoleteComponent@4
_RepairHASPDrivers@4
_SetInstallHASPSLTrialCData@4
_StartWindowsService@4
_UnFormatLicSer@4
_UninstallHASPDrivers@4
_ValidateSerial@4
_VerifySignature@4

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ffc8d6929c3806537648ebb5c703e4a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

advapi32

shell32

version

msi

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 203KB - Virtual size: 640KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 180KB - Virtual size: 179KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 203KB - Virtual size: 640KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 180KB - Virtual size: 179KB