ce73764f2a7f942859d9278699376b2ab275c111820a6c290dda6b1b3457e8f0

Sharing

Copy URL Twitter E-mail

General

Target

ce73764f2a7f942859d9278699376b2ab275c111820a6c290dda6b1b3457e8f0
Size

1.3MB
MD5

b62b7533ef36583ebec3b30d41b809e1
SHA1

96af2573a0facd9ac34a4c5feeae2716db5c9397
SHA256

ce73764f2a7f942859d9278699376b2ab275c111820a6c290dda6b1b3457e8f0
SHA512

b158adbea673fdea543c9a5b5681f93bfd5011700289128bd4a379398735dc44c9dbd3913eeffb867fddc5230052634961d074eccb2ffd488eeb22e566e7f24d
SSDEEP

24576:8ghOrbxlMlAOErEKOAuu8GotgA3Tx4lLrUHMQEJZde//PoeUy:qrRVR3AtMLrUH2rde/HoeUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce73764f2a7f942859d9278699376b2ab275c111820a6c290dda6b1b3457e8f0

Files

ce73764f2a7f942859d9278699376b2ab275c111820a6c290dda6b1b3457e8f0
.dll windows:6 windows x86 arch:x86

7792c6d6ba0a9a61e4ee08fce4ffd7c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\.jenkins\workspace\lib_common\js_basic_branch\js_basic\js_basic\Release\js_basic.pdb

Imports

gdiplus

GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipFree
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectRect
GdipCreateBitmapFromFile
GdipDrawImagePointRectI
GdipDrawImageRectRectI
GdipAlloc
GdipDeleteGraphics
GdipCreateFromHDC

kernel32

MoveFileW
WideCharToMultiByte
K32GetModuleFileNameExW
SetEvent
WaitForSingleObject
CreateEventW
Sleep
CreateThread
GetTickCount
RaiseException
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
SetLastError
GetCurrentThreadId
DecodePointer
CreateFileW
FlushFileBuffers
WriteFile
GetExitCodeProcess
lstrlenW
LoadLibraryExW
lstrcmpW
WaitForMultipleObjects
WritePrivateProfileStringW
SetFilePointer
OpenFileMappingW
GetFileSize
lstrcmpA
DeviceIoControl
GetVersionExW
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
FindClose
DeleteFileW
CreateDirectoryW
GetPrivateProfileIntW
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
GetLogicalDriveStringsW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CopyFileW
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
VirtualQuery
GetSystemInfo
GetModuleHandleExW
ExitThread
RtlUnwind
CreateFileA
lstrcmpiA
UnregisterWaitEx
QueryDepthSList
SetUnhandledExceptionFilter
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
OpenProcess
GetCurrentProcess
InitializeCriticalSectionEx
CloseHandle
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
FindNextFileW
GetLongPathNameW
QueryDosDeviceW
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
SetFileAttributesW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateSemaphoreW
WaitForMultipleObjectsEx
WaitNamedPipeW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetTempPathW
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
CreateMutexW
ReleaseMutex
GetCurrentProcessId
LocalFree
GetLocaleInfoW
LCMapStringW
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
FindFirstFileW
UnhandledExceptionFilter
InterlockedFlushSList
InterlockedDecrement
InterlockedIncrement
GetStartupInfoW
TerminateProcess
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetCPInfo
CompareStringW

user32

EnumDisplaySettingsW
GetDesktopWindow
PostMessageW
RegisterWindowMessageW
SendMessageTimeoutW
IsWindow
FindWindowW
FindWindowExW
GetShellWindow
GetWindowThreadProcessId
GetWindow
SendMessageW
GetSystemMetrics
GetForegroundWindow
GetDC
ReleaseDC
GetWindowRect
MessageBoxW
MonitorFromPoint
DispatchMessageW
TranslateMessage
GetClassNameW
EnumWindows
SetParent
GetParent
LoadImageW
LoadIconW
SetClassLongW
SetWindowTextW
InvalidateRect
SetForegroundWindow
ReleaseCapture
SetFocus
IsZoomed
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
PostQuitMessage
AttachThreadInput
GetActiveWindow
GetWindowPlacement
SystemParametersInfoW
LoadCursorW
SetWindowLongW
GetWindowLongW
GetClientRect
SetWindowRgn
EndPaint
BeginPaint
KillTimer
SetTimer
UpdateLayeredWindow
ShowWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
wsprintfW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
MonitorFromWindow
RegisterClassW
UnregisterClassW
PostThreadMessageW
PeekMessageW
GetMessageW
MonitorFromRect
OffsetRect
CopyRect
IsWindowVisible
SetWindowPos
GetAncestor
GetWindowInfo
GetMonitorInfoW
WindowFromPoint

gdi32

GetObjectW
CreateCompatibleDC
ExtTextOutW
SetBkColor
SetViewportOrgEx
CreateRectRgn
CreateCompatibleBitmap
CombineRgn
BitBlt
CreateDIBSection
SelectObject
GetDeviceCaps
DeleteObject
DeleteDC

comdlg32

CommDlgExtendedError
GetSaveFileNameW

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
MapGenericMask
GetFileSecurityW
DuplicateToken
AccessCheck
OpenProcessToken
RegGetValueW
SetSecurityDescriptorDacl
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHChangeNotify
SHBrowseForFolderW
ord165
SHGetPropertyStoreForWindow
SHFileOperationW

ole32

CoCreateInstance
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

shlwapi

SHGetValueW
SHSetValueW
StrCmpIW
PathAppendW
PathCombineW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW
PathIsRelativeW
AssocQueryStringW
PathIsRootW
StrCmpNIW
StrTrimA
StrStrIA
SHGetValueA
SHSetValueA
StrStrIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

Exports

Exports

GetWebWindowFactory
GetWebWindowFactoryEx

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7792c6d6ba0a9a61e4ee08fce4ffd7c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

urlmon

iphlpapi

crypt32

wintrust

wininet

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 217KB - Virtual size: 216KB

.data Size: 29KB - Virtual size: 37KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 52KB - Virtual size: 52KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 217KB - Virtual size: 216KB

.data
Size: 29KB - Virtual size: 37KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 52KB - Virtual size: 52KB