0d11f7158844492e63dea11a29ba704e1ff70d1c6c59ec78b5db379334625598

Sharing

Copy URL Twitter E-mail

General

Target

0d11f7158844492e63dea11a29ba704e1ff70d1c6c59ec78b5db379334625598
Size

501KB
MD5

6eb66e5dc632b547a5aea0024aef133e
SHA1

631100ea4cfd5981d5b9610d8c238f7bab8ecdcf
SHA256

0d11f7158844492e63dea11a29ba704e1ff70d1c6c59ec78b5db379334625598
SHA512

ce12c08cdfc6984ee56b816381e2d9bcc774e42729a034134055e7dd6addb5daa0af42e961ed3a7e9798f348afa062a5eb1984ce3a2e78aae6dc0a7e8f0ef0e0
SSDEEP

12288:nWG//I/OaCFea7O2/Kj6qYspR8D+qZgu4gyZB6tyq:WG//yxNHYsza+Kg7gEW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d11f7158844492e63dea11a29ba704e1ff70d1c6c59ec78b5db379334625598

Files

0d11f7158844492e63dea11a29ba704e1ff70d1c6c59ec78b5db379334625598
.dll regsvr32 windows:6 windows x86 arch:x86

0b5f9fb9ebd55d1e95c5838e59cb9996

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Helmut\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.32.pdb

Imports

kernel32

CreateDirectoryW
CreateFileW
GetFileSize
ReadFile
SetFileAttributesW
WriteFile
GetTempPathW
CloseHandle
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateThread
GetCurrentThread
GetCurrentThreadId
OpenThread
SetPriorityClass
GetPriorityClass
GetProcessId
GetThreadTimes
OpenProcess
GetSystemTimes
GetLocalTime
GetTickCount
VirtualProtect
ReadProcessMemory
WriteProcessMemory
IsWow64Process
FindResourceExW
LockResource
MulDiv
QueryFullProcessImageNameW
WideCharToMultiByte
WriteConsoleW
SetEndOfFile
SetStdHandle
GetThreadLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwind
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
SetLastError
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
DecodePointer
EncodePointer
VerifyVersionInfoW
GlobalLock
SetThreadLocale
GlobalUnlock
GlobalSize
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
VerSetConditionMask

user32

SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
IntersectRect
SetRect
FillRect
DrawFocusRect
GetSysColor
WindowFromPoint
MapWindowPoints
ClientToScreen
GetCursorPos
MessageBeep
MessageBoxW
GetParent
EnumChildWindows
FindWindowW
FindWindowExW
EnumWindows
EnumThreadWindows
GetClassNameW
SetProcessDefaultLayout
CharUpperW
GetActiveWindow
GetDC
ReleaseDC
CharNextW
RegisterWindowMessageW
TrackMouseEvent
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
GetWindowThreadProcessId
GetWindow
GetGUIThreadInfo
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
InternalGetWindowText
SystemParametersInfoW
DrawIconEx
DestroyIcon
LoadCursorW
GetTopWindow
SendMessageTimeoutW
SendNotifyMessageW
SendMessageCallbackW
PostMessageW
DefWindowProcW
PostQuitMessage
GetDoubleClickTime
RegisterClassW
UnregisterClassW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetLayeredWindowAttributes
SetLayeredWindowAttributes
MoveWindow
CallNextHookEx
SetWindowPos
IsWindowVisible
IsIconic
GetDlgItem
SetDlgItemTextW
SendDlgItemMessageW
GetFocus
GetKeyState
GetAsyncKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
EnableWindow
GetSystemMetrics
CreatePopupMenu
DestroyMenu
AppendMenuW
TrackPopupMenu
DrawTextW
UpdateWindow
SetActiveWindow
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextW
SetWindowTextW
RemovePropW
GetPropW
SetPropW
SetWindowsHookExW
UnhookWindowsHookEx
InvalidateRect
EndPaint
BeginPaint
AllowSetForegroundWindow
SetForegroundWindow
SwitchToThisWindow
GetForegroundWindow

gdi32

CreateDIBSection
GdiAlphaBlend
StretchBlt
SetLayout
SetBkMode
GetStockObject
GetDeviceCaps
DeleteObject
CreateFontIndirectW
SelectObject
DeleteDC
CreateCompatibleDC
BitBlt

advapi32

RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
Shell_NotifyIconW
ExtractIconExW
SHAppBarMessage
DuplicateIcon
ShellExecuteW

ole32

RevokeDragDrop
RegisterDragDrop
CoInitialize
StringFromCLSID
ReleaseStgMedium
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoUninitialize

oleaut32

LoadRegTypeLi
VariantChangeType
VariantCopy
VariantClear
GetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
VariantInit
SysFreeString
SysAllocString

dwmapi

DwmExtendFrameIntoClientArea
DwmGetColorizationColor
DwmIsCompositionEnabled
DwmQueryThumbnailSourceSize
DwmRegisterThumbnail
DwmSetWindowAttribute
DwmUnregisterThumbnail
DwmEnableBlurBehindWindow
DwmUpdateThumbnailProperties

gdiplus

GdipGetImageWidth
GdipDisposeImage
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImageRectI
GdipBitmapLockBits
GdipImageRotateFlip

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeSysFont
DrawThemeTextEx

comctl32

ord345
ord410
CreatePropertySheetPageW
ord413
ord412
ord381
PropertySheetW

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b5f9fb9ebd55d1e95c5838e59cb9996

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dwmapi

gdiplus

uxtheme

comctl32

oleacc

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 270KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 6KB - Virtual size: 149KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 17KB - Virtual size: 17KB

.text Size: 109KB - Virtual size: 112KB

.text
Size: 271KB - Virtual size: 270KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 6KB - Virtual size: 149KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 109KB - Virtual size: 112KB