6f43a8f1be5de89599a1db23cb6d3179f84a9cbbab7be1cc4edbfe14d51f216f

Sharing

Copy URL Twitter E-mail

General

Target

6f43a8f1be5de89599a1db23cb6d3179f84a9cbbab7be1cc4edbfe14d51f216f
Size

4.8MB
MD5

870d60db5c33708fc643cdd8f95c3958
SHA1

959ba39acc28c7028245df4731acd6b8b83d15a3
SHA256

6f43a8f1be5de89599a1db23cb6d3179f84a9cbbab7be1cc4edbfe14d51f216f
SHA512

b0b842afe14241e0afa793ff74998beefba2abfffb4df1a31ca84ee7788947fafe501f328427f63657d4be2251e76532ace6d7240ca9c1668738eb253e35dff9
SSDEEP

98304:gXVY9k6IPGLD8f5embqtYr56f6berQASLon:QVTnhembqtY1UQnLon

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f43a8f1be5de89599a1db23cb6d3179f84a9cbbab7be1cc4edbfe14d51f216f

Files

6f43a8f1be5de89599a1db23cb6d3179f84a9cbbab7be1cc4edbfe14d51f216f
.dll windows:5 windows x86 arch:x86

b1c316ec0715c1aaaedc19a7cd118a30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\.jenkins\workspace\dolphin_install_exe\dida_install_exe\branch\dll\Dolphin_Release\Install.pdb

Imports

kernel32

InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetCommandLineW
WritePrivateProfileStringW
GetDriveTypeW
FreeResource
GetSystemInfo
SwitchToThread
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
ResetEvent
GetLocalTime
OutputDebugStringW
OutputDebugStringA
CopyFileW
GetExitCodeProcess
TerminateProcess
UnmapViewOfFile
CreateFileMappingW
FormatMessageW
GlobalAddAtomW
GetStartupInfoW
CreateProcessW
OpenEventW
Sleep
GetVersion
LocalFree
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
GetVersionExW
GetTickCount
GetFileSize
UnlockFile
LockFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateMutexW
GetCurrentProcessId
OpenProcess
GetLongPathNameW
CreateFileW
ReadFile
GetFileSizeEx
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetEndOfFile
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
lstrlenW
FindClose
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
CreateEventW
SizeofResource
LoadResource
DecodePointer
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
GetProcAddress
FreeLibrary
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InterlockedFlushSList
GetSystemWindowsDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
LockResource
DeleteFileA
CreateFileA
GlobalAlloc
FlushFileBuffers
LoadLibraryExA
VirtualFree
GetTempFileNameA
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
SetLastError
GlobalFindAtomW
IsDebuggerPresent
GetShortPathNameW
GetPrivateProfileStringW
LocalAlloc
InterlockedCompareExchange
InterlockedExchange
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetLogicalDriveStringsW
GetFileAttributesExW
SetFilePointer
GetEnvironmentVariableW
GetTempFileNameW
GetTempPathA
CloseHandle
WriteFile
MapViewOfFile

user32

CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
FindWindowExW
SetWindowRgn
GetClassInfoExW
CreateWindowExW
UnregisterClassW
ShowWindow
UpdateLayeredWindow
EndPaint
PostMessageW
KillTimer
SetTimer
SetWindowPos
IsWindowVisible
RegisterClassExW
IsWindow
GetDC
ReleaseDC
MoveWindow
BeginPaint
IsDialogMessageW
OffsetRect
GetActiveWindow
EndDialog
DialogBoxParamW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
SetForegroundWindow
GetSystemMetrics
IsIconic
PostQuitMessage
CharNextW
BringWindowToTop
MessageBoxW
wsprintfW
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
UnionRect
EqualRect
PtInRect
SetCursor
DrawFocusRect
DestroyCursor
GetClientRect
UnregisterClassA
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetParent
FillRect
ScreenToClient
GetWindowTextLengthW
SetWindowTextW
InvalidateRect
DrawTextW
ReleaseCapture
SetCapture
GetAsyncKeyState
GetFocus
DestroyWindow
UnhookWinEvent
SetWinEventHook
GetWindowTextW
WaitForInputIdle
SendMessageW
GetShellWindow
SystemParametersInfoW
LoadCursorW
SetWindowLongW
GetWindowLongW
CopyRect
GetWindowRect

gdi32

RectVisible
EnumFontFamiliesW
CreateFontW
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
DeleteObject
SelectObject
SetViewportOrgEx
CreateRectRgnIndirect
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
OffsetViewportOrgEx
DeleteDC

advapi32

GetTokenInformation
FreeSid
AllocateAndInitializeSid
GetUserNameW
EqualSid
DeleteAce
LookupAccountSidW
LookupAccountNameW
RegQueryValueExA
SetEntriesInAclW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
RegEnumKeyExA
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
GetExplicitEntriesFromAclW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CheckTokenMembership

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
SHChangeNotify
ShellExecuteExW
SHLoadInProc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ord165
CommandLineToArgvW
SHFileOperationW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal
CoInitializeEx
OleRun

oleaut32

VarUI4FromStr
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysStringLen
VariantCopy

shlwapi

StrToIntExW
SHGetValueA
StrCmpIW
StrStrIA
PathFindFileNameA
PathRenameExtensionA
StrTrimA
StrCmpNIW
PathAppendW
wnsprintfW
PathIsPrefixW
PathIsDirectoryW
SHSetValueW
SHDeleteValueW
StrStrIW
AssocQueryStringW
SHSetValueA
PathIsRootW
PathIsRelativeW
PathRemoveFileSpecW
SHGetValueW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign

psapi

GetModuleFileNameExW
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupIterateCabinetW

secur32

GetUserNameExW

crypt32

CryptBinaryToStringA
CertGetNameStringW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

BasicEntry
Dll_Entry
Start

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1c316ec0715c1aaaedc19a7cd118a30

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

setupapi

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 22KB - Virtual size: 33KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 48KB - Virtual size: 48KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 22KB - Virtual size: 33KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 48KB - Virtual size: 48KB