02ccc3e1285151425f9b0be540256ed50ce8de0ad8e1ed0e9f10b18f271c7424

Sharing

Copy URL Twitter E-mail

General

Target

02ccc3e1285151425f9b0be540256ed50ce8de0ad8e1ed0e9f10b18f271c7424
Size

2.1MB
MD5

c159e7db1684797c4a15c2b2e40cd7a5
SHA1

6b2b1acc6136ac950510016d334eb24351fff654
SHA256

02ccc3e1285151425f9b0be540256ed50ce8de0ad8e1ed0e9f10b18f271c7424
SHA512

f9055b85666c889f9756168ed0bc43ba8dc622a76ea85235659918522c3c7a772e8add45c1239746d1d1526a20f4846dd8524e5d0866aa25470ced4b3d608a5e
SSDEEP

49152:zHiLHil3diVbuX7XZwTndvxMkPFBaP/2BlwF3X:zCLCnz7JwTndvxMqBS2B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02ccc3e1285151425f9b0be540256ed50ce8de0ad8e1ed0e9f10b18f271c7424

Files

02ccc3e1285151425f9b0be540256ed50ce8de0ad8e1ed0e9f10b18f271c7424
.dll windows:6 windows x86 arch:x86

f1e5d60809770f2e3169241a71cf8203

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\XD\NewModule\PopPlugin\Output\bin\Release\Win32\PopPlugin.pdb

Imports

kernel32

FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
LCMapStringEx
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetCurrentThreadId
GlobalUnlock
GlobalLock
InterlockedPopEntrySList
GlobalAlloc
FreeResource
DecodePointer
ReadDirectoryChangesW
CreateEventW
CreateFileW
Sleep
WaitForSingleObject
CloseHandle
SetEvent
CreateThread
DeleteFileW
OutputDebugStringW
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
GetLastError
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
WriteConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleInputW
SetConsoleMode
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MulDiv
IsDebuggerPresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
FormatMessageA
QueryPerformanceCounter
WakeAllConditionVariable
SleepConditionVariableSRW
LocalFree
GetTempPathW
GetSystemTimeAsFileTime
WideCharToMultiByte
GetCurrentProcess
SystemTimeToFileTime
GetVersion
GetTickCount
GetSystemTime
CreateProcessW
GetExitCodeProcess
SetEndOfFile
SetFilePointer
GetFileSizeEx
GlobalFree
MoveFileExW
GetFileAttributesExW
DeviceIoControl
GetDriveTypeW
GetLogicalDriveStringsW
ReadFile
TerminateProcess
LoadLibraryW
SetLastError
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileSize
WriteFile
CreateDirectoryW
TerminateThread
WaitForMultipleObjects
lstrlenA
GetThreadLocale
SetThreadLocale
InitializeCriticalSection
SleepEx
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleA
GetCurrentProcessId
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer

user32

SetForegroundWindow
SetActiveWindow
SetFocus
wsprintfW
GetDC
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
SystemParametersInfoW
IsWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
BeginPaint
CopyRect
EndPaint
IsIconic
GetClientRect
EqualRect
InvalidateRect
PtInRect
TrackMouseEvent
GetCursorPos
SetCapture
ReleaseCapture
GetWindowRect
ClientToScreen
SetWindowRgn
SetWindowPos
MapWindowPoints
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
EnableWindow
PostQuitMessage
IsWindowVisible
IsZoomed
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
SetRectEmpty
IsRectEmpty
GetIconInfo
DrawTextW
ScreenToClient
SetCursor
GetDoubleClickTime
IntersectRect
UpdateLayeredWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetFocus
FillRect
UpdateWindow
SetTimer
KillTimer
CharNextW
DestroyWindow
PeekMessageW
GetForegroundWindow
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
ShowWindow
MoveWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
PostMessageW
GetDlgItem
SendMessageW
SetWindowLongW

advapi32

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
DeregisterEventSource
RegisterEventSourceA
ReportEventA

ole32

CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen

shlwapi

StrFormatByteSizeW
SHGetValueW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW

gdiplus

GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipBitmapLockBits
GdipSetTextRenderingHint
GdipDrawString
GdiplusStartup
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipCreateBitmapFromFile
GdipSetInterpolationMode

ws2_32

getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
WSAStartup
WSACleanup
WSASetLastError
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSAGetLastError
__WSAFDIsSet
select

wldap32

ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord145
ord167
ord142
ord79
ord133
ord27
ord147
ord301
ord127

gdi32

RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
SetBitmapBits
SetTextColor
SetBkMode
GetCurrentObject
GetBitmapBits
StretchBlt
CreatePen
GetObjectW
SetTextCharacterExtra
CreateDIBSection
CreateRectRgn
CombineRgn
CreateRoundRectRgn
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
Rectangle
CreateFontIndirectW
SetBkColor
CreateSolidBrush
SetStretchBltMode
GetTextColor
DeleteObject
GetStockObject
SetPixel

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetKnownFolderPath

comctl32

DrawShadowText
ord17

msimg32

AlphaBlend

Exports

Exports

CreateTrayClient

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1e5d60809770f2e3169241a71cf8203

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

gdiplus

ws2_32

wldap32

gdi32

shell32

comctl32

msimg32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 405KB - Virtual size: 404KB

.data Size: 48KB - Virtual size: 63KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 81KB - Virtual size: 80KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 405KB - Virtual size: 404KB

.data
Size: 48KB - Virtual size: 63KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 81KB - Virtual size: 80KB