OldNewExplorer64[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

OldNewExplorer64.dll
Size

255KB
MD5

fcf194e3b9101064939a000075149f29
SHA1

7a3767dabba5368da9092ea17b0dcbdd23b23bfb
SHA256

21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18
SHA512

e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24
SSDEEP

6144:Bq55rea+EvK+Evx+EvU+EN+EvH+Evb+Ev6NZN/No+Ev1+EvZ+EvS+Ef+EvZ+EvlG:Bq5E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OldNewExplorer64.dll

Files

OldNewExplorer64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

c6dbf69d7b14f7e04cc3a3798082d28e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\DEVEL\OldNewExplorer\Release\OldNewExplorer64.pdb

Imports

msvcrt

memcpy
??2@YAPEAX_K@Z
wcsncmp
malloc
??3@YAXPEAX@Z

kernel32

FreeLibrary
LoadLibraryExW
lstrcmpW
FindResourceW
lstrcatW
GetLastError
LoadResource
SizeofResource
OpenMutexW
GetModuleFileNameW
lstrcpyW
IsBadReadPtr
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
GetCurrentProcess
lstrcmpiW
GetProcAddress
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleExW
FlushInstructionCache
VirtualProtect
lstrcmpiA
GetCurrentThreadId
DisableThreadLibraryCalls
CloseHandle

user32

GetWindowLongPtrW
SetWindowPos
SendMessageW
EnumThreadWindows
FindWindowExW
RegisterWindowMessageW
GetClassWord
FillRect
GetAncestor
GetClientRect
GetParent
CharUpperW
LoadStringW
GetAsyncKeyState
wvsprintfW
GetWindowTextW

gdi32

GetStockObject
GetCurrentObject
GetTextColor
SetBkColor
GetBkColor
ExtTextOutW
SelectObject

advapi32

RegGetValueW
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegDeleteTreeW
RegDeleteKeyW

shell32

SHCreateItemWithParent
ord18
ord155

ole32

CoCreateInstance
CoTaskMemFree
PropVariantClear

dwmapi

DwmExtendFrameIntoClientArea

uxtheme

OpenThemeData
CloseThemeData
BeginBufferedPaint
DrawThemeTextEx
EndBufferedPaint
BufferedPaintSetAlpha
SetWindowThemeAttribute
GetCurrentThemeName

comctl32

ImageList_Destroy
ImageList_LoadImageW
ord410
ord413
ord412

shlwapi

PathFindFileNameW
StrCmpNW
StrNCatW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6dbf69d7b14f7e04cc3a3798082d28e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

dwmapi

uxtheme

comctl32

shlwapi

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 928B

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 226KB - Virtual size: 226KB

.reloc Size: 512B - Virtual size: 88B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 928B

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 226KB - Virtual size: 226KB

.reloc
Size: 512B - Virtual size: 88B