kms_pico_fake_dll[.]bin

Resubmissions

17-08-2024 17:13

240817-vrw6lazdqj 3

17-08-2024 17:13

240817-vrj62azdnp 3

17-08-2024 17:06

240817-vmkl1awglg 3

Sharing

Copy URL

Twitter E-mail

General

Target

kms_pico_fake_dll.bin
Size

2.4MB
MD5

2dd6d74189ce256e6bcb088d7a3ee29c
SHA1

47f3618d4f68a8cf1c9eda3b6b18e8b8e721ced3
SHA256

fa337f53515da48c0134af74cf3b2d557c562b6ff4a8262bcb347cf4aecbfb4a
SHA512

c232e6b3258ca7387b923ca781f84b65490b11570474ea3355083a13dcef0699d16ef370fd04b01befdf6aa39275f2b097f83bc9ac03c06bf8bf1a9fe70ced64
SSDEEP

49152:Dh39oIisk10LW6O+eTFtQkhBTK0oxjzTqNdj4lt+IIf+vjxV4Ye3X:DEf10LteTFikhBTK0kXTqjj4l3vHy3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
kms_pico_fake_dll.bin

Files

kms_pico_fake_dll.bin
.dll windows:5 windows x86 arch:x86

d64f0c4c27e4c435f4c1588536b8680a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvfw32

ICInfo

wintrust

OpenPersonalTrustDBDialog

oleaut32

GetErrorInfo
VarI2FromR8
GetRecordInfoFromGuids

ntdsapi

DsBindW

gdi32

SetMetaFileBitsEx
FlattenPath
PatBlt
PlayEnhMetaFile
StrokePath

ws2_32

inet_addr

clusapi

ClusterCloseEnum

user32

OpenClipboard
GetRawInputDeviceList
DefMDIChildProcA
CreateWindowStationA
GetCursorPos
IsZoomed
ShowCursor
CheckMenuRadioItem
GetSystemMenu
EndDialog
EndDeferWindowPos
SetRectEmpty
IsWindowUnicode
GetCursorInfo
CreateDesktopA
GetClipboardData
VkKeyScanExA
WaitForInputIdle

urlmon

CreateAsyncBindCtx

kernel32

GetCommandLineA
CloseHandle
HeapSize
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
WaitForSingleObject
InterlockedPushEntrySList
EnterCriticalSection
TerminateProcess
SetEvent
CancelIo
CreateActCtxW
HeapAlloc
FindAtomA
GetStdHandle
GetLocaleInfoW
OutputDebugStringA
GetModuleFileNameW
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableA
QueryPerformanceCounter
GetTickCount
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
SetFilePointer
FatalAppExitA
ExitProcess
HeapFree
Sleep
GetCurrentThread
GetLastError
GetCurrentThreadId
SetLastError
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
DeleteCriticalSection
CompareStringA
CompareStringW
GetModuleFileNameA
GetStartupInfoA
GetFileType
SetHandleCount
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
LeaveCriticalSection
GetACP

ole32

CoMarshalInterface
OleConvertIStorageToOLESTREAM
CLIPFORMAT_UserUnmarshal

advapi32

AreAllAccessesGranted
AccessCheckAndAuditAlarmW
RegOpenKeyExA
ObjectOpenAuditAlarmW
AddAce
RevertToSelf
OpenServiceW

shlwapi

StrChrIA

shell32

ExtractAssociatedIconA
ShellExecuteExA
ExtractAssociatedIconW
SHGetPathFromIDListW

wininet

FindNextUrlCacheEntryExA

rasapi32

RasGetEapUserDataW

rpcrt4

NdrConformantArrayBufferSize
NdrPointerFree
RpcMgmtWaitServerListen
I_RpcAsyncSetHandle
RpcStringFreeW

winspool.drv

EnumPrinterDataExW
DocumentPropertiesA

comctl32

ImageList_Add

pdh

PdhExpandWildCardPathHW

msacm32

acmFormatChooseW
acmFormatDetailsW
acmFormatEnumW
acmStreamClose

mprapi

MprConfigGetFriendlyName
MprConfigInterfaceEnum

crypt32

CryptStringToBinaryA
CryptMsgControl

lz32

GetExpandedNameW
LZCopy

setupapi

CM_Get_Res_Des_Data
SetupDiGetINFClassW
CM_Get_Res_Des_Data_Size
SetupRemoveFromSourceListW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 972KB - Virtual size: 970KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d64f0c4c27e4c435f4c1588536b8680a

Headers

File Characteristics

Imports

msvfw32

wintrust

oleaut32

ntdsapi

gdi32

ws2_32

clusapi

user32

urlmon

kernel32

ole32

advapi32

shlwapi

shell32

wininet

rasapi32

rpcrt4

winspool.drv

comctl32

pdh

msacm32

mprapi

crypt32

lz32

setupapi

Sections

.text Size: 108KB - Virtual size: 107KB

.qdata Size: 1016KB - Virtual size: 1015KB

.rdata Size: 972KB - Virtual size: 970KB

.data Size: 80KB - Virtual size: 86KB

.crt0 Size: 244KB - Virtual size: 242KB

DATA Size: 8KB - Virtual size: 4KB

2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 108KB - Virtual size: 107KB

.qdata
Size: 1016KB - Virtual size: 1015KB

.rdata
Size: 972KB - Virtual size: 970KB

.data
Size: 80KB - Virtual size: 86KB

.crt0
Size: 244KB - Virtual size: 242KB

DATA
Size: 8KB - Virtual size: 4KB

2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 32KB - Virtual size: 28KB