1203e898091980f4d5973ea4036530c0N

Sharing

Copy URL Twitter E-mail

General

Target

1203e898091980f4d5973ea4036530c0N
Size

1.5MB
MD5

1203e898091980f4d5973ea4036530c0
SHA1

926c434fecc0457c54010aa3fa039ac99219b7c4
SHA256

afa31f26b017d4f00de1bb4d5938503281256d856fac361b70aa0dbe88464e72
SHA512

247127e6d3c067ad66d8c94f516897c593e744ca35f541b83f94fc8fe6f4077acb31d2b4b8455a9c7b146bfb29156ae9acd5c81642457a2c2fc017eb9f936a26
SSDEEP

24576:wQSt6dMo4+FSbB9YZ6YGdmUsnncwa5BJNsL5YR1vMb9ruJ62ArQhkrtyjoxWvy:BStx+0/Ys9zcUBrsLpVE+rtyxK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1203e898091980f4d5973ea4036530c0N

Files

1203e898091980f4d5973ea4036530c0N
.dll windows:5 windows x86 arch:x86

ed737af4d5480082ed12ebc1ddcd67f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\wiK65.pdb

Imports

advapi32

RegDeleteValueA
RegisterServiceCtrlHandlerExA
RegSaveKeyW
SetSecurityDescriptorGroup
SetFileSecurityW
RegCreateKeyA
GetOldestEventLogRecord
AccessCheckAndAuditAlarmW
ChangeServiceConfigA
GetPrivateObjectSecurity
BuildExplicitAccessWithNameW
CryptSetProvParam
GetAclInformation
SetNamedSecurityInfoA
SetEntriesInAclW
ObjectCloseAuditAlarmW
CryptVerifySignatureW
GetNumberOfEventLogRecords
RegCloseKey
RegQueryInfoKeyW
CreateWellKnownSid
ControlService

pdh

PdhExpandWildCardPathW
PdhExpandWildCardPathHW

shell32

ShellExecuteExA
SHCreateDirectoryExW
SHLoadInProc
SHFormatDrive
SHGetMalloc
SHEnumerateUnreadMailAccountsW

netapi32

NetShareCheck
NetUserSetInfo
NetShareAdd
NetFileGetInfo
NetGroupAdd
NetConnectionEnum

winscard

SCardSetCardTypeProviderNameA
SCardReleaseContext
SCardConnectW

msacm32

acmFormatTagEnumW
acmDriverEnum

crypt32

CryptSIPGetSignedDataMsg
CertDuplicateStore
CertGetSubjectCertificateFromStore
CertGetCRLFromStore
CryptFormatObject
CertAddEncodedCertificateToStore
CryptSignMessage
CertCreateCertificateChainEngine
CryptInstallOIDFunctionAddress
CertSaveStore

esent

JetEscrowUpdate

urlmon

CoInternetIsFeatureEnabled
CoInternetIsFeatureZoneElevationEnabled

kernel32

GetProfileStringA
FormatMessageA
SetCommState
GetTimeZoneInformation
DuplicateHandle
DeleteCriticalSection
OpenThread
VirtualProtect
ExpandEnvironmentStringsW
FindNextVolumeMountPointW
QueryPerformanceCounter
ReadConsoleOutputAttribute
GlobalCompact
GetComputerNameW
GetSystemTimeAsFileTime
InitializeCriticalSection
GetVolumeInformationA
HeapCompact
GetSystemWindowsDirectoryW
GetConsoleCursorInfo
GetModuleFileNameW
CreateRemoteThread
VirtualLock
GetStdHandle
GetBinaryTypeW
GetModuleFileNameA
OutputDebugStringA
GetModuleHandleA
GetVersion
SetHandleInformation
GetDiskFreeSpaceW
WritePrivateProfileSectionA
Process32FirstW
GetProcessHeap
SetStdHandle
ProcessIdToSessionId
LeaveCriticalSection
ContinueDebugEvent
WaitNamedPipeA
GetLocaleInfoW
SetLocaleInfoW
GetAtomNameA
FillConsoleOutputCharacterW

psapi

GetModuleInformation

iphlpapi

GetInterfaceInfo

wininet

UnlockUrlCacheEntryFile
InternetReadFile
SetUrlCacheEntryInfoW

user32

GetKeyboardState
IsWindowUnicode
InternalGetWindowText
GetClassInfoExW
GetKeyboardType
ShowWindow
IsDlgButtonChecked
SetScrollInfo
SetWinEventHook
GetClassLongW
GetWindowContextHelpId
GrayStringA
EnumDisplaySettingsA
SetWindowsHookExA
CallMsgFilterA
SetDoubleClickTime
GetParent
GetMenuItemCount
CheckMenuRadioItem
DrawIconEx
GetMenuStringA
GetClassInfoW
SendMessageW
GetPropW
PostQuitMessage
DrawFocusRect
ArrangeIconicWindows
CreateCursor
GetCaretPos
BeginPaint
LockSetForegroundWindow
EnumThreadWindows
DefFrameProcW
ToAsciiEx
CreateIcon
CreateDialogIndirectParamW
IsCharLowerA
RegisterRawInputDevices
ScrollWindowEx
CreateWindowStationA

ntdsapi

DsFreeNameResultW
DsReplicaGetInfo2W

mprapi

MprInfoBlockRemove
MprAdminInterfaceTransportRemove
MprAdminMIBEntrySet
MprConfigGetFriendlyName

msvcrt

ftell
fgets
iswcntrl
strtol

imm32

ImmGetProperty
ImmAssociateContext
ImmDisableIME

comctl32

ImageList_SetOverlayImage

oleaut32

VARIANT_UserMarshal
SafeArrayAllocDescriptorEx
VARIANT_UserUnmarshal
SafeArrayCreateVector
CreateTypeLi
GetRecordInfoFromTypeInfo
VarI2FromStr
GetErrorInfo
SysReAllocStringLen
SafeArrayGetElement

winmm

joyGetPosEx
midiStreamOut
midiInAddBuffer
timeEndPeriod
timeSetEvent

ws2_32

WSAGetLastError
getservbyport
WSAAsyncSelect

lz32

GetExpandedNameW
LZCopy

wintrust

CryptCATStoreFromHandle
CryptCATAdminEnumCatalogFromHash
CryptCATGetMemberInfo
WTHelperGetProvSignerFromChain

mscms

GetColorDirectoryW
EnumColorProfilesW

shlwapi

wnsprintfW
PathStripPathW
UrlUnescapeW
PathIsPrefixA
SHQueryInfoKeyW
StrStrIA
StrRetToBufA
StrCmpNIA
PathUndecorateA
PathStripToRootW
StrChrIA
StrStrA

rasapi32

RasGetEapUserIdentityA
RasSetEapUserDataW
RasFreeEapUserIdentityW

ole32

OleCreateLinkToFile
CoReleaseServerProcess
OleDoAutoConvert
OleMetafilePictFromIconAndLabel
HDC_UserUnmarshal
HBITMAP_UserFree
CoMarshalInterThreadInterfaceInStream
CoIsOle1Class
DoDragDrop
CoDisconnectObject
OleDuplicateData
HMENU_UserSize
CLSIDFromString

comdlg32

ChooseFontA
PrintDlgA

rpcrt4

I_RpcServerUseProtseq2W
NdrConformantStringMarshall
NdrStubCall2
RpcAsyncCompleteCall
IUnknown_QueryInterface_Proxy
RpcBindingSetAuthInfoW
I_RpcBindingIsClientLocal
UuidEqual
RpcErrorGetNextRecord
I_RpcGetExtendedError
UuidCreateNil
RpcBindingInqObject
I_RpcNsInterfaceUnexported
RpcServerUseProtseqEpW

avifil32

AVIFileInit

msvfw32

ICDecompress
ICCompressorFree

gdi32

GetWinMetaFileBits
GetEnhMetaFileA
GetOutlineTextMetricsW
GetSystemPaletteUse
OffsetViewportOrgEx
CombineRgn
PolyBezierTo
SetMapMode
GetTextColor
RealizePalette
SetWorldTransform
GetMiterLimit
GetTextCharacterExtra
DeleteDC
CreateFontIndirectA
EnumObjects
GetBkColor
CreateHalftonePalette
AddFontResourceW
GetCharABCWidthsFloatA
GetFontUnicodeRanges
SetBoundsRect
CreateBrushIndirect
SetTextAlign
CreateFontA
GetDeviceGammaRamp

setupapi

SetupDiOpenDeviceInterfaceA
CMP_WaitNoPendingInstallEvents
SetupDiBuildClassInfoListExW
SetupDiGetClassDescriptionExA
SetupFindFirstLineA
SetupQueueCopyIndirectW
CM_Free_Log_Conf_Handle
SetupDiSetDeviceInstallParamsA
CM_Get_Sibling_Ex
SetupUninstallOEMInfW
CM_Get_Res_Des_Data_Ex
SetupDiDestroyDeviceInfoList
SetupDiEnumDriverInfoW
SetupGetFileQueueCount
SetupQuerySpaceRequiredOnDriveW
CM_Get_Resource_Conflict_DetailsW

clusapi

OpenCluster

winspool.drv

ScheduleJob
AddPrinterDriverExW
FindClosePrinterChangeNotification
AddFormW
SetPrinterW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CODE
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed737af4d5480082ed12ebc1ddcd67f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

pdh

shell32

netapi32

winscard

msacm32

crypt32

esent

urlmon

kernel32

psapi

iphlpapi

wininet

user32

ntdsapi

mprapi

msvcrt

imm32

comctl32

oleaut32

winmm

ws2_32

lz32

wintrust

mscms

shlwapi

rasapi32

ole32

comdlg32

rpcrt4

avifil32

msvfw32

gdi32

setupapi

clusapi

winspool.drv

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

CODE Size: 8KB - Virtual size: 7KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 104KB - Virtual size: 106KB

.CODE Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 1.4MB - Virtual size: 1.4MB

CODE
Size: 8KB - Virtual size: 7KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 104KB - Virtual size: 106KB

.CODE
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 40KB - Virtual size: 36KB