ff9f6ed7a1f136b3cb401865bfa54a87e4bd9415409ab7b4d344c89681a7f95d

Sharing

Copy URL

Twitter E-mail

General

Target

ff9f6ed7a1f136b3cb401865bfa54a87e4bd9415409ab7b4d344c89681a7f95d
Size

293KB
MD5

7bb99d71c60fc6d11195df6272bc2646
SHA1

73af7ac0b54d46e63f5cd82e640a38f2e1315488
SHA256

ff9f6ed7a1f136b3cb401865bfa54a87e4bd9415409ab7b4d344c89681a7f95d
SHA512

11cc6c5a9cc3850af15bb6781a5dd30a08e57b21088e5964e682f549e1773690a3a169a5bf62bab94b6a47c91d56dbfb3cbec35e25aaeb39b2721c50d9991655
SSDEEP

6144:JtWFdmV8fpt2Qe+tyeSwe0tdYI1H/F8c4PW24F:rqmV8BMbD3weIDfGnPaF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff9f6ed7a1f136b3cb401865bfa54a87e4bd9415409ab7b4d344c89681a7f95d

Files

ff9f6ed7a1f136b3cb401865bfa54a87e4bd9415409ab7b4d344c89681a7f95d
.dll regsvr32 windows:5 windows x64 arch:x64

58d69fa36d5810193f5b4c8a7509da97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\code_version\code_3.2.7.3\rel\XDShellExtHelper64.pdb

Imports

kernel32

lstrcmpiW
lstrlenW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
FindResourceW
FindResourceExW
GetWindowsDirectoryW
GetVersionExW
SystemTimeToFileTime
FileTimeToSystemTime
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
CloseHandle
LoadLibraryExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
EncodePointer
GetThreadLocale
SetThreadLocale
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SizeofResource
LoadResource
IsDebuggerPresent
GetCurrentThread
LocalFree
GetCurrentProcess
GetProcAddress
FreeLibrary
LockResource
RtlCaptureStackBackTrace
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetSystemTime
DecodePointer
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetStringTypeW
CreateFileW
GetFileType
GetStdHandle
GetACP
WideCharToMultiByte
GetModuleFileNameA
ExitProcess
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetLastError
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext

user32

CharLowerBuffW
IsCharAlphaW
SetMenuItemBitmaps
InsertMenuW
CreatePopupMenu
CharNextW

gdi32

SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
IsValidSid
GetTokenInformation
OpenProcessToken
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ReleaseStgMedium
CreateStreamOnHGlobal
StringFromGUID2

oleaut32

SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
SysStringLen

shlwapi

StrStrIW
StrRChrW
ord154
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindExtensionW
PathSearchAndQualifyW

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipAlloc
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteGraphics

secur32

GetUserNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58d69fa36d5810193f5b4c8a7509da97

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

secur32

version

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 176KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 224B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 224B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 3KB