f2bddc06c4481a47366089ad9263b0725bf709c656321e0d9274728f900ef09eN[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f2bddc06c4481a47366089ad9263b0725bf709c656321e0d9274728f900ef09eN.exe
Size

579KB
MD5

50b75f4ddaf950d93590dae1d8e0eee0
SHA1

d0c95d3f30ab45ae31c69aa9b0183f1f2ff1abfb
SHA256

f2bddc06c4481a47366089ad9263b0725bf709c656321e0d9274728f900ef09e
SHA512

ea6adec86af4214a52aafb09585b81d40b26e70a3163257a1f25386c44b09d8d8339893dd08571f150c98ed5d9d8565fe32171b4d10d1acd3ed0d09766938ccb
SSDEEP

12288:O5EF3pum3LqLNNtT5CMa+L8mqsB6xHmNl2+omnbAxKJ:O5EaNtT5CMabmxB6xGG+d0xK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2bddc06c4481a47366089ad9263b0725bf709c656321e0d9274728f900ef09eN.exe

Files

f2bddc06c4481a47366089ad9263b0725bf709c656321e0d9274728f900ef09eN.exe
.dll regsvr32 windows:10 windows x64 arch:x64

aef7f602742fbfcb67d48a3c10f18666

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WLanConn.pdb

Imports

msvcrt

wcsstr
_wtol
_vsnwprintf
strchr
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
mbtowc
iswspace
towlower
setlocale
___lc_collate_cp_func
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
memset
__pctype_func
memcmp
abort
iswctype
_wcsdup
__crtCompareStringW
__crtLCMapStringW
_get_current_locale
_free_locale
??3@YAXPEAX@Z
wprintf
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
calloc
memmove_s
_purecall
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
pow

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
EnterCriticalSection
InitializeSRWLock
InitializeCriticalSectionEx
AcquireSRWLockExclusive
LeaveCriticalSection
SetEvent
ReleaseSRWLockShared
CreateWaitableTimerExW
InitializeCriticalSection
CreateEventW
CancelWaitableTimer
DeleteCriticalSection
ReleaseSRWLockExclusive
SetWaitableTimer
AcquireSRWLockShared

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
LoadStringW
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
LockResource

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
CreateThread
ProcessIdToSessionId

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenA
lstrlenW
lstrcmpiW

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
ReleaseActCtx
ActivateActCtx
QueryActCtxW
CreateActCtxW
DeactivateActCtx

ntdll

NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
WinSqmIsOptedIn
WinSqmAddToStream
WinSqmIncrementDWORD
RtlUnsubscribeWnfNotificationWaitForCompletion
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
WinSqmAddToStreamEx
RtlNtStatusToDosError

rpcrt4

RpcStringFreeW
UuidToStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

dui70

?AdviseEventRemoved@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?AdviseEventAdded@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?get_FragmentRoot@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderFragmentRoot@@@Z
?SetFocus@ElementProvider@DirectUI@@UEAAJXZ
?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?get_BoundingRectangle@ElementProvider@DirectUI@@UEAAJPEAUUiaRect@@@Z
?GetRuntimeId@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?Navigate@ElementProvider@DirectUI@@UEAAJW4NavigateDirection@@PEAPEAUIRawElementProviderFragment@@@Z
?ShowContextMenu@ElementProvider@DirectUI@@UEAAJXZ
?get_HostRawElementProvider@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderSimple@@@Z
?GetPropertyValue@ElementProvider@DirectUI@@UEAAJHPEAUtagVARIANT@@@Z
?get_ProviderOptions@ElementProvider@DirectUI@@UEAAJPEAW4ProviderOptions@@@Z
?AddRef@ElementProvider@DirectUI@@UEAAKXZ
?QueryInterface@ElementProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?TossElement@ElementProvider@DirectUI@@UEAAXXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetForegroundColorRef@RichText@DirectUI@@UEAAJPEAK@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@RichText@DirectUI@@UEAAXPEAVElement@2@@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?GetElement@ElementProvider@DirectUI@@UEAAPEDVElement@2@XZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@RichText@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@RichText@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@RichText@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@RichText@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
StrToID
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
??0ElementProvider@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?UserTextChanged@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?HasContent@Element@DirectUI@@QEAA_NXZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?CreatePatternProvider@Schema@DirectUI@@SAJW4Pattern@12@PEAVElementProvider@2@PEAPEAUIUnknown@@@Z
?IsPatternSupported@ElementProxy@DirectUI@@IEAAJW4Pattern@Schema@2@PEA_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
DuiCreateObject
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?Register@Element@DirectUI@@SAJXZ
??1ElementProvider@DirectUI@@UEAA@XZ
?GetID@Element@DirectUI@@QEAAGXZ
?Release@ElementProvider@DirectUI@@UEAAKXZ
?Init@ElementProvider@DirectUI@@MEAAJPEAVElement@2@PEAVInvokeHelper@2@@Z
??1AutoLock@DirectUI@@QEAA@XZ
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
??0AutoLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?DoInvoke@ElementProvider@DirectUI@@IEAAJHZZ
?PatternFromPatternId@Schema@DirectUI@@SA?AW4Pattern@12@H@Z
?Init@ElementProxy@DirectUI@@MEAAXPEAVElement@2@@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?SetCheckedState@TouchCheckBox@DirectUI@@QEAAJW4CheckedStateFlags@2@@Z
?DoMethod@ElementProxy@DirectUI@@UEAAJHPEAD@Z
?GetProperty@ElementProxy@DirectUI@@IEAAJPEAUtagVARIANT@@H@Z
?Initialize@RichText@DirectUI@@QEAAJPEAVElement@2@PEAK@Z
??1RichText@DirectUI@@UEAA@XZ
??0RichText@DirectUI@@QEAA@XZ
?GetInvokeHelper@InvokeManager@DirectUI@@SAJPEAPEAVInvokeHelper@2@@Z
?SetMaxLength@TouchEditBase@DirectUI@@QEAAJH@Z
?SetPasswordCharacter@TouchEditBase@DirectUI@@QEAAJH@Z
?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetLayoutPos@Element@DirectUI@@QEAAHXZ
?Detach@CSafeElementProxy@@QEAAXXZ
?CreateInstance@CSafeElementProxy@@SAJPEAVElement@DirectUI@@PEAPEAV1@@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?GetCheckedState@TouchCheckBox@DirectUI@@QEAA?AW4CheckedStateFlags@2@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aef7f602742fbfcb67d48a3c10f18666

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

rpcrt4

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

dui70

Exports

Exports

Sections

.text Size: 355KB - Virtual size: 355KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 11KB - Virtual size: 14KB

.pdata Size: 21KB - Virtual size: 20KB

.didat Size: 1024B - Virtual size: 968B

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 355KB - Virtual size: 355KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 11KB - Virtual size: 14KB

.pdata
Size: 21KB - Virtual size: 20KB

.didat
Size: 1024B - Virtual size: 968B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 6KB - Virtual size: 5KB