MSI801D[.]tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

MSI801D.tmp
Size

1.5MB
MD5

e93fc74b28319ecb5ca6fd8756fcbe33
SHA1

781b74da8a681a41b4e8a1a300f8f5dcf2088789
SHA256

664a6383e229551f56429d648aa81791174579c6918ed373e206087a859e3951
SHA512

899e7b81645778f6bf57c0195e4e06f74f62494287f1c5e7ee96b9317a7768d10e5c62dccaab426735d528d49ad6cf6d26993ae2aa5e4cd6bb5caba96c232e53
SSDEEP

49152:dWJ3+JA3iD1Vwt0Cay8NwXKO15sUXOwz2oTw/B:dWJ8A3Ost0CfZXT1ZO2w/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MSI801D.tmp

Files

MSI801D.tmp
.dll windows:5 windows x86 arch:x86

0dede7fcd3f43253ac9ac57f71f57add

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\wiK65.pdb

Imports

wintrust

CryptCATAdminEnumCatalogFromHash
WTHelperGetProvSignerFromChain
CryptCATGetMemberInfo
CryptCATStoreFromHandle
CryptSIPGetSignedDataMsg

imm32

ImmDisableIME
ImmAssociateContext
ImmGetProperty

winmm

joyGetPosEx
midiInAddBuffer
midiStreamOut
timeSetEvent
timeEndPeriod

oleaut32

CreateTypeLi
SysReAllocStringLen
VarI2FromStr
GetErrorInfo
GetRecordInfoFromTypeInfo
SafeArrayGetElement
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
VARIANT_UserMarshal
VARIANT_UserUnmarshal

ws2_32

WSAAsyncSelect
getprotobynumber
getservbyport
WSAGetLastError

urlmon

CoInternetIsFeatureZoneElevationEnabled
URLDownloadToCacheFileA
CoInternetIsFeatureEnabled

iphlpapi

GetIpStatistics
GetInterfaceInfo

wininet

InternetReadFile
UnlockUrlCacheEntryFile
SetUrlCacheEntryInfoW

rasapi32

RasGetEapUserIdentityA
RasSetEapUserDataW
RasFreeEapUserIdentityW

advapi32

BuildExplicitAccessWithNameW
RegQueryInfoKeyW
SetSecurityDescriptorGroup
SetFileSecurityW
RegEnumKeyA
ControlService
RegCreateKeyA
RegCloseKey
GetPrivateObjectSecurity
RegSaveKeyW
GetNumberOfEventLogRecords
CreateWellKnownSid
CryptSetProvParam
RegisterServiceCtrlHandlerExA
SetEntriesInAclW
ObjectCloseAuditAlarmW
SetNamedSecurityInfoA
GetAclInformation
RegDeleteValueA
ChangeServiceConfigA
GetOldestEventLogRecord
AccessCheckAndAuditAlarmW

netapi32

NetConnectionEnum
NetFileGetInfo
NetGroupAdd
NetShareAdd
NetShareCheck
NetUserSetInfo

comctl32

ImageList_SetOverlayImage

setupapi

SetupDiGetDriverInfoDetailW
CM_Get_Res_Des_Data_Ex
SetupGetIntField
SetupDiSetDeviceInstallParamsA
SetupDiBuildClassInfoListExW
SetupGetFileQueueCount
SetupQuerySpaceRequiredOnDriveW
SetupDiGetClassDescriptionExA
SetupUninstallOEMInfW
SetupFindFirstLineA
CM_Get_Sibling_Ex
SetupDiOpenDeviceInterfaceA
CM_Get_Resource_Conflict_DetailsW
SetupQueueCopyIndirectW
SetupDiDestroyDeviceInfoList
CMP_WaitNoPendingInstallEvents
CM_Free_Log_Conf_Handle
SetupDiEnumDriverInfoW

rpcrt4

RpcAsyncCompleteCall
UuidEqual
I_RpcNsInterfaceUnexported
RpcServerUseProtseqEpW
RpcBindingSetAuthInfoW
UuidCreateNil
NdrConformantStringMarshall
I_RpcGetExtendedError
I_RpcBindingIsClientLocal
I_RpcMapWin32Status
NdrStubCall2
I_RpcServerUseProtseq2W
IUnknown_QueryInterface_Proxy
RpcErrorGetNextRecord

ntdsapi

DsFreeNameResultW
DsReplicaGetInfo2W

gdi32

CreateHalftonePalette
CreateBrushIndirect
GetBkColor
SetTextAlign
PolyBezierTo
GetTextColor
CreateFontIndirectA
GetOutlineTextMetricsW
ExtCreateRegion
RealizePalette
AddFontResourceW
GetDeviceGammaRamp
StrokeAndFillPath
SetWorldTransform
GetEnhMetaFileA
OffsetWindowOrgEx
GetMiterLimit
SetBoundsRect
OffsetViewportOrgEx
ArcTo
GetTextCharacterExtra
GetCharABCWidthsFloatA
GetFontUnicodeRanges
SetMapMode
GetSystemPaletteUse
GetWinMetaFileBits
EnumObjects
CombineRgn

ole32

CoReleaseServerProcess
OleDoAutoConvert
CoDisconnectObject
OleCreateLinkToFile
OleMetafilePictFromIconAndLabel
CLSIDFromString
HBITMAP_UserFree
CoUninitialize
CoGetCallerTID
OleDuplicateData
CoMarshalInterThreadInterfaceInStream
HDC_UserUnmarshal
HMENU_UserSize
CoIsOle1Class
OleSave
DoDragDrop

msacm32

acmFormatTagEnumW
acmDriverEnum

lz32

LZCopy
GetExpandedNameW

secur32

SetContextAttributesW
GetUserNameExA

comdlg32

PrintDlgA
ChooseFontA

winspool.drv

ScheduleJob
SetPrinterW
FindClosePrinterChangeNotification

kernel32

WaitForDebugEvent
GetConsoleScreenBufferInfo
GetFileInformationByHandle
GetModuleFileNameA
GetModuleHandleA
GetBinaryTypeW
OutputDebugStringA
GetModuleHandleW
DuplicateHandle
SetLocaleInfoW
FillConsoleOutputCharacterW
InitializeCriticalSection
GetProfileStringA
VirtualAllocEx
ReadConsoleOutputAttribute
GetDiskFreeSpaceW
VirtualLock
GlobalCompact
FindNextVolumeMountPointW
Process32FirstW
SetHandleInformation
HeapCompact
GetSystemTimeAsFileTime
GetProcessHeap
VirtualProtect
WritePrivateProfileSectionA
FormatMessageA
QueryPerformanceCounter
GetModuleFileNameW
CreateRemoteThread
ContinueDebugEvent
ActivateActCtx
OpenThread
WaitNamedPipeA
SetStdHandle
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetVersion
GetLocaleInfoW
ProcessIdToSessionId
GetConsoleCursorInfo
GetAtomNameA
GetComputerNameW
GetTimeZoneInformation
LeaveCriticalSection
SetCommState
GetVolumeInformationA
DeleteCriticalSection

crypt32

CryptSignMessage
CryptFormatObject
CertSaveStore
CryptInstallOIDFunctionAddress
CertGetSubjectCertificateFromStore
CertAddEncodedCertificateToStore
CertDuplicateStore
CertCreateCertificateChainEngine
CertGetCRLFromStore

mscms

EnumColorProfilesW

msvcrt

iswcntrl
ftell
fgets
memset
strtol
strspn

avifil32

AVIFileInit

msvfw32

ICCompressorFree
ICDecompress

psapi

GetModuleInformation

clusapi

OpenCluster

mprapi

MprInfoBlockRemove
MprConfigGetFriendlyName
MprAdminMIBEntrySet
MprAdminInterfaceTransportRemove

esent

JetEscrowUpdate

shlwapi

SHQueryInfoKeyW
PathIsURLW
PathIsPrefixA
StrCmpNIA
StrChrIA
AssocQueryStringA
StrStrIA
PathStripToRootW
UrlUnescapeW
PathUndecorateA
PathStripPathW
StrStrA
StrRetToBufA

user32

DrawFocusRect
GetWindowContextHelpId
GetParent
PostQuitMessage
GetClassInfoW
GetClassLongW
LockSetForegroundWindow
CheckMenuRadioItem
DrawIconEx
CreateCursor
BeginPaint
GetPropW
GetClipboardFormatNameW
CallMsgFilterA
CreateWindowStationA
GrayStringA
InternalGetWindowText
ArrangeIconicWindows
SendMessageW
ToAsciiEx
IsDlgButtonChecked
SetScrollInfo
IsWindowUnicode
SetWinEventHook
DrawCaption
EnableScrollBar
OpenInputDesktop
DestroyWindow
GetKeyboardType
ShowWindow
ScrollWindowEx
RegisterRawInputDevices
DefFrameProcW
IsCharLowerA
GetCaretPos
GetKeyboardState
GetClassInfoExW
EnumDisplaySettingsA
EnumThreadWindows
GetMenuItemCount
SetWindowsHookExA
SetDoubleClickTime
GetMenuStringA
CreateDialogIndirectParamW
CreateIcon

opengl32

glDisable

pdh

PdhExpandWildCardPathHW
PdhExpandWildCardPathW

shell32

SHFormatDrive
SHCreateDirectoryExW
ShellExecuteExA
SHEnumerateUnreadMailAccountsW
SHGetMalloc
SHLoadInProc
SHGetFolderPathAndSubDirW

winscard

SCardSetCardTypeProviderNameA
SCardReleaseContext
SCardConnectW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CODE
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dede7fcd3f43253ac9ac57f71f57add

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

imm32

winmm

oleaut32

ws2_32

urlmon

iphlpapi

wininet

rasapi32

advapi32

netapi32

comctl32

setupapi

rpcrt4

ntdsapi

gdi32

ole32

msacm32

lz32

secur32

comdlg32

winspool.drv

kernel32

crypt32

mscms

msvcrt

avifil32

msvfw32

psapi

clusapi

mprapi

esent

shlwapi

user32

opengl32

pdh

shell32

winscard

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

CODE Size: 8KB - Virtual size: 7KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 104KB - Virtual size: 103KB

.CODE Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 1.4MB - Virtual size: 1.4MB

CODE
Size: 8KB - Virtual size: 7KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 104KB - Virtual size: 103KB

.CODE
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 40KB - Virtual size: 36KB