9856abc46008268a1cf13c2fb1b68338cb75d9a37b9bec0d3ed4fcf897d1486f

Sharing

Copy URL Twitter E-mail

General

Target

9856abc46008268a1cf13c2fb1b68338cb75d9a37b9bec0d3ed4fcf897d1486f
Size

10.0MB
MD5

dfad41e394a4904315f89676def53061
SHA1

bcad6c22722ad8dc91f1579551201b3e84863a5a
SHA256

9856abc46008268a1cf13c2fb1b68338cb75d9a37b9bec0d3ed4fcf897d1486f
SHA512

934070fb7fb5fb5768306ef403919148720bfdbbd14253353c99c90381eb9e23b1da91439c683e8e54c253d6c5e9a4be387c9ac91dca059b69d67d85d5ba7cdc
SSDEEP

98304:Wd1XbraGySXkeeedx5xIxnxBK9Oh8vB//Q+P44GCn9enRWHakD5kDfXXXn5GwAkY:OralSWK9O444of5dqfb9V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9856abc46008268a1cf13c2fb1b68338cb75d9a37b9bec0d3ed4fcf897d1486f

Files

9856abc46008268a1cf13c2fb1b68338cb75d9a37b9bec0d3ed4fcf897d1486f
.dll regsvr32 windows:4 windows x86 arch:x86

ba4d4975fdfd26af553342430897a043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CloseServiceHandle
CommandLineFromMsiDescriptor
ConvertSidToStringSidW
EqualSid
FreeSid
GetTokenInformation
GetUserNameW
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyExW
RegEnumKeyW
RegEnumValueA
RegEnumValueW
RegGetValueW
RegLoadMUIStringA
RegLoadMUIStringW
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegSetValueExA
RegSetValueExW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
DeleteObject
ExtTextOutW
GetBitmapBits
GetDeviceCaps
GetObjectW
GetStockObject
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

ActivateActCtx
CloseHandle
CompareFileTime
CopyFileW
CreateActCtxW
CreateDirectoryW
CreateFileMappingW
CreateFileW
CreateProcessW
DeactivateActCtx
DelayLoadFailureHook
DeleteCriticalSection
DeleteFileA
DeleteFileW
DisableThreadLibraryCalls
DosDateTimeToFileTime
EnterCriticalSection
EnumResourceNamesW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceW
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetBinaryTypeW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLocalTime
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProfileStringW
GetShortPathNameA
GetShortPathNameW
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetVersion
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceExecuteOnce
IsBadStringPtrA
IsBadStringPtrW
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseActCtx
RemoveDirectoryW
ResolveDelayLoadedAPI
SearchPathW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetErrorMode
SetFileAttributesW
SetFilePointer
SizeofResource
Sleep
SystemTimeToFileTime
UnmapViewOfFile
WideCharToMultiByte
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteFile
WritePrivateProfileStringW
lstrcmpA
lstrcmpiA
lstrcmpiW
wine_get_unix_file_name
wine_get_dos_file_name

ntdll

RtlGUIDFromString
RtlInitUnicodeString
RtlRandom
_vsnprintf
wine_get_host_version

shlwapi

ord2
ord3
ord4
ord5
ord6
ord7
ord8
ord9
ord10
ord24
PathAddBackslashA
PathAddBackslashW
PathAppendA
PathAppendW
PathBuildRootA
PathBuildRootW
PathCombineA
PathCombineW
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindOnPathA
PathFindOnPathW
PathGetArgsA
PathGetArgsW
PathGetCharTypeA
PathGetCharTypeW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsDirectoryA
PathIsDirectoryW
PathIsFileSpecA
PathIsFileSpecW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCW
PathIsURLW
PathMatchSpecA
PathMatchSpecW
PathParseIconLocationA
PathParseIconLocationW
PathQuoteSpacesA
PathQuoteSpacesW
PathRemoveArgsA
PathRemoveArgsW
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathSetDlgItemPathA
PathSetDlgItemPathW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnquoteSpacesA
PathUnquoteSpacesW
SHCreateStreamOnFileW
SHDeleteKeyW
SHGetValueW
SHQueryValueExA
SHQueryValueExW
SHStrDupW
StrChrW
StrCmpIW
StrCpyNW
StrFormatByteSizeW
StrFormatKBSizeA
StrFormatKBSizeW
StrPBrkW
StrRChrW
StrRetToBSTR
StrRetToBufW
StrRetToStrW
UrlIsW

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_assert
_recalloc
_strdup
_wcsdup
_wcsicmp
_wcsnicmp
_wgetenv
atoi
calloc
free
fwrite
getenv
isprint
iswspace
malloc
memcmp
memcpy
memmove
memset
qsort
realloc
strchr
strcmp
strcpy
strcspn
strlen
strrchr
towlower
towupper
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstol

user32

BeginDeferWindowPos
BeginPaint
CallWindowProcW
CharLowerW
CheckMenuRadioItem
CopyImage
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DdeClientTransaction
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleW
DdeDisconnect
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeA
DdeInitializeW
DdeNameService
DdeQueryStringW
DdeUninitialize
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DrawEdge
DrawMenuBar
DrawStateW
DrawTextW
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
ExitWindowsEx
FindWindowExW
FindWindowW
GetActiveWindow
GetAncestor
GetCapture
GetClassInfoW
GetClientRect
GetClipboardFormatNameA
GetDC
GetDCEx
GetDlgItem
GetDlgItemTextW
GetIconInfo
GetKeyState
GetMenu
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuItemRect
GetMessageW
GetParent
GetPropW
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindowLongA
GetWindowLongW
GetWindowRect
GetWindowTextA
GetWindowTextLengthW
GetWindowTextW
InsertMenuA
InsertMenuItemW
InsertMenuW
InvertRect
IsProcessDPIAware
IsWindow
IsWindowVisible
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconW
LoadImageA
LoadImageW
LoadMenuA
LoadMenuW
LoadStringA
LoadStringW
MapWindowPoints
MessageBoxA
MessageBoxIndirectW
MessageBoxW
MoveWindow
PostQuitMessage
PrivateExtractIconExW
PrivateExtractIconsW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
SendDlgItemMessageW
SendMessageA
SendMessageTimeoutW
SendMessageW
SetCapture
SetCursor
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuInfo
SetPropW
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA

Exports

Exports

AddCommasW
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CheckEscapesA
CheckEscapesW
CommandLineToArgvW
Control_FillCache_RunDLL
Control_FillCache_RunDLLA
Control_FillCache_RunDLLW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_SetDragImageFromListView
DAD_ShowDragImage
Desktop_UpdateBriefcaseOnEvent
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubst
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryInfo
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconResInfoA
ExtractIconResInfoW
ExtractIconW
ExtractVersionResource16W
FOOBAR1217
FindExeDlgProc
FindExecutableA
FindExecutableW
FixupOptionalComponents
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetPseudoNameW
ILGetSize
ILIsEqual
ILIsParent
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
Int64ToString
InternalExtractIconListA
InternalExtractIconListW
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsUserAnAdmin
LargeIntegerToString
Link_AddExtraDataSection
Link_ReadExtraDataSection
Link_RemoveExtraDataSection
LogoffWindowsDialog
OCInstall
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
PathCleanupSpec
PathGetShortPath
PathIsExe
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
Printer_LoadIconsW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
Printers_AddPrinterPropPages
Printers_GetPidl
Printers_RegisterWindowW
Printers_UnregisterWindow
ReadCabinetState
RealDriveType
RealDriveTypeFlags
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
ReceiveAddToRecentDocs
RegenerateUserEnvironment
RestartDialog
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHBindToFolderIDListParent
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyReceive
SHChangeNotifyRegister
SHChangeNotifySuspendResume
SHChangeRegistrationReceive
SHCloneSpecialIDList
SHCoCreateInstance
SHCreateAssociationRegistration
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnumerateUnreadMailAccountsW
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindComputer
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetFileIcon
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetFreeDiskSpace
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGlobalDefect
SHHandleDiskFull
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsBadInterfacePtr
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHLocalAlloc
SHLocalFree
SHLocalReAlloc
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHNetConnectionDialog
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRegCloseKey
SHRegDeleteKeyW
SHRegOpenKeyA
SHRegOpenKeyW
SHRegQueryValueA
SHRegQueryValueExA
SHRegQueryValueExW
SHRegQueryValueW
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHRestricted
SHSetInstanceExplorer
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHSimpleIDListFromPath
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SHWaitOp_Operate
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExA
SheChangeDirExW
SheChangeDirW
SheConvertPathW
SheFullPathA
SheFullPathW
SheGetCurDrive
SheGetDirA
SheGetDirExW
SheGetDirW
SheGetPathOffsetW
SheRemoveQuotesA
SheRemoveQuotesW
SheSetCurDrive
SheShortenPathA
SheShortenPathW
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
ShortSizeFormatW
SignalFileOpen
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrCpyNA
StrCpyNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrNCpyA
StrNCpyW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
WOWShellExecute
Win32DeleteFile

Sections

.text
Size: 584KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba4d4975fdfd26af553342430897a043

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

ntdll

shlwapi

ucrtbase

user32

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 580KB

.data Size: 8KB - Virtual size: 4KB

.rodata Size: 8KB - Virtual size: 6KB

.rdata Size: 160KB - Virtual size: 159KB

/4 Size: 100KB - Virtual size: 99KB

.edata Size: 16KB - Virtual size: 14KB

.idata Size: 16KB - Virtual size: 15KB

.rsrc Size: 8.4MB - Virtual size: 8.4MB

.reloc Size: 40KB - Virtual size: 38KB

.text
Size: 584KB - Virtual size: 580KB

.data
Size: 8KB - Virtual size: 4KB

.rodata
Size: 8KB - Virtual size: 6KB

.rdata
Size: 160KB - Virtual size: 159KB

/4
Size: 100KB - Virtual size: 99KB

.edata
Size: 16KB - Virtual size: 14KB

.idata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

.reloc
Size: 40KB - Virtual size: 38KB