keygen-step-2[.]cpl[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

keygen-step-2.cpl.dll
Size

1.5MB
MD5

12cae571e64492458fb8c8bad13a6625
SHA1

e1674fd9bbaff6681475dfc5814512411cf187b6
SHA256

a85378e7f3bdada770384764dd20aead8a6ec634a9316f8c81f3ce5e5587a100
SHA512

d6c16555c1baa1a601b42daf3ad27d6a0ec22f4be86290311fc862150386a4cb24b0f4cf7922bc9f48209c43c012f94a1f7b3eabbede80a629fe2c31fd8772e2
SSDEEP

24576:oJ0NS+hWr1IFXTZOT2xvJCVro7Aq+IKYF0X/xuJE2zGSCOv3gYpdS3ciMCGd:Cr1Ip9x4Vk7/+IKNX/caFrtYpd4cC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
keygen-step-2.cpl.dll

Files

keygen-step-2.cpl.dll
.dll windows:5 windows x86 arch:x86

7255e01590a935e3b13c4180ef0c211f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrPointerFree
RpcMgmtWaitServerListen
I_RpcAsyncSetHandle
RpcStringFreeW
NdrConformantArrayBufferSize

shlwapi

StrChrIA

winspool.drv

DocumentPropertiesA
EnumPrinterDataExW

user32

DefMDIChildProcA
GetClipboardData
CheckMenuRadioItem
CreateWindowStationA
GetCursorPos
WaitForInputIdle
GetRawInputDeviceList
GetCursorInfo
IsZoomed
ShowCursor
CreateDesktopA
GetSystemMenu
EndDialog
EndDeferWindowPos
SetRectEmpty
IsWindowUnicode
OpenClipboard
VkKeyScanExA

crypt32

CryptStringToBinaryA
CryptMsgControl

msacm32

acmFormatEnumW
acmFormatDetailsW
acmFormatChooseW
acmStreamClose

advapi32

RevertToSelf
RegOpenKeyExA
ObjectOpenAuditAlarmW
AreAllAccessesGranted
OpenServiceW
AddAce
AccessCheckAndAuditAlarmW

ntdsapi

DsBindW

ole32

OleConvertIStorageToOLESTREAM
CLIPFORMAT_UserUnmarshal
CoMarshalInterface

rasapi32

RasGetEapUserDataW

oleaut32

VarI2FromR8
GetRecordInfoFromGuids
GetErrorInfo

setupapi

SetupRemoveFromSourceListW
SetupDiDestroyDeviceInfoList
CM_Get_Res_Des_Data
SetupDiGetINFClassW
CM_Get_Res_Des_Data_Size

gdi32

SetMetaFileBitsEx
PatBlt
FlattenPath
StrokePath
PlayEnhMetaFile

pdh

PdhExpandWildCardPathHW

shell32

ExtractAssociatedIconW
SHGetPathFromIDListW
ExtractAssociatedIconA
ShellExecuteExA

ws2_32

inet_addr

comctl32

ImageList_Add

wininet

FindNextUrlCacheEntryExA

wintrust

OpenPersonalTrustDBDialog

clusapi

ClusterCloseEnum

msvfw32

ICInfo

kernel32

CreateFileA
GetLocaleInfoW
GetCommandLineA
CloseHandle
HeapSize
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
ExitProcess
HeapFree
Sleep
GetCurrentThread
GetLastError
FatalAppExitA
GetEnvironmentStringsW
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
CompareStringW
GetCurrentThreadId
SetLastError
SetStdHandle
FlushFileBuffers
LoadLibraryA
InterlockedExchange
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
FreeLibrary
SetConsoleCtrlHandler
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
CompareStringA
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
MultiByteToWideChar
RtlUnwind
CancelIo
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
InterlockedPushEntrySList
EnterCriticalSection
TerminateProcess
SetEvent
GetCPInfo
CreateActCtxW
HeapAlloc
FindAtomA
GetModuleFileNameA
GetBinaryTypeA
GetModuleFileNameW
GetFileSize
OutputDebugStringA
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA

urlmon

CreateAsyncBindCtx

lz32

GetExpandedNameW
LZCopy

mprapi

MprConfigGetFriendlyName
MprConfigInterfaceEnum

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 616KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7255e01590a935e3b13c4180ef0c211f

Headers

File Characteristics

Imports

rpcrt4

shlwapi

winspool.drv

user32

crypt32

msacm32

advapi32

ntdsapi

ole32

rasapi32

oleaut32

setupapi

gdi32

pdh

shell32

ws2_32

comctl32

wininet

wintrust

clusapi

msvfw32

kernel32

urlmon

lz32

mprapi

Sections

.text Size: 108KB - Virtual size: 107KB

.qdata Size: 616KB - Virtual size: 613KB

.rdata Size: 592KB - Virtual size: 589KB

.data Size: 36KB - Virtual size: 45KB

.crt0 Size: 148KB - Virtual size: 146KB

DATA Size: 4KB - Virtual size: 3KB

2 Size: 8KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 108KB - Virtual size: 107KB

.qdata
Size: 616KB - Virtual size: 613KB

.rdata
Size: 592KB - Virtual size: 589KB

.data
Size: 36KB - Virtual size: 45KB

.crt0
Size: 148KB - Virtual size: 146KB

DATA
Size: 4KB - Virtual size: 3KB

2
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 24KB - Virtual size: 22KB