cb395d81b1178141469e362cdeb04db0889ea34b9b692f229999fa536fe09a4fN

Sharing

Copy URL Twitter E-mail

General

Target

cb395d81b1178141469e362cdeb04db0889ea34b9b692f229999fa536fe09a4fN
Size

7.8MB
MD5

9c7c5d9acc3dff6b0d9ca32ccf92e9d0
SHA1

661f051892f8dbe84d08c7472a55d3183ebade89
SHA256

cb395d81b1178141469e362cdeb04db0889ea34b9b692f229999fa536fe09a4f
SHA512

7117243aba94778ddf31179ecc8052dc26c08073f70c300a0928f60856d7353239c9ea2d375c5243a6de4175be29c6eec44bb7d2acfd487e2885bbf71e0cec7b
SSDEEP

196608:UTI9ro61shf8YBZy/OoTErWLWvkZ/5U3:TX1sFHZyG1SL3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb395d81b1178141469e362cdeb04db0889ea34b9b692f229999fa536fe09a4fN

Files

cb395d81b1178141469e362cdeb04db0889ea34b9b692f229999fa536fe09a4fN
.dll windows:4 windows x86 arch:x86

2ac6d4107a1433169d8c675d7c5c1c60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

PrintDlgW

ole32

CoFileTimeNow
HGLOBAL_UserSize
CoInitialize
CoAddRefServerProcess
ReleaseStgMedium
OleNoteObjectVisible
CoCreateGuid
GetClassFile
CoGetPSClsid
OleCreateStaticFromData
CoReleaseServerProcess
OleCreateEx
StgCreatePropStg
StgCreateStorageEx
StgOpenStorageOnILockBytes
CoMarshalInterface
OleMetafilePictFromIconAndLabel
OleInitialize
STGMEDIUM_UserFree
OleSetClipboard
StgIsStorageFile
CreateFileMoniker
OleRegEnumVerbs
HWND_UserSize
OleUninitialize
SetConvertStg
PropVariantClear
OleCreateDefaultHandler
WriteClassStg
FmtIdToPropStgName
StringFromGUID2
HACCEL_UserSize
OleCreateFromData
OleLockRunning
CoFreeUnusedLibraries

advapi32

LsaOpenPolicy
InitializeSid
CreateProcessAsUserW
GetSidIdentifierAuthority
RegOpenKeyExA
LsaFreeMemory
LookupAccountNameW
RegNotifyChangeKeyValue
SetSecurityDescriptorGroup
GetSidSubAuthorityCount
RegQueryValueA
RegOverridePredefKey
AdjustTokenPrivileges
RegUnLoadKeyW
RegQueryValueW
SetKernelObjectSecurity
OpenThreadToken
ReportEventA
RegSetValueExA
CreateProcessAsUserA
BuildExplicitAccessWithNameA
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
SetThreadToken
GetEffectiveRightsFromAclW

msi

ord15
ord170
ord54
ord26
ord30
ord17

version

GetFileVersionInfoA
VerFindFileA
GetFileVersionInfoW

wininet

InternetCreateUrlW
InternetCloseHandle
InternetReadFile
GopherFindFirstFileW
RetrieveUrlCacheEntryFileA
FtpRenameFileA

clusapi

ClusterRegSetValue
GetClusterNetworkId
CloseClusterNetInterface
SetClusterName
ResumeClusterNode
ClusterRegCreateKey
ClusterRegCloseKey
OpenClusterGroup
ChangeClusterResourceGroup
PauseClusterNode
ClusterNetworkCloseEnum
GetClusterNodeState
CloseClusterNotifyPort
GetClusterNotify
GetClusterInformation
ClusterGroupControl
ClusterRegDeleteKey
GetClusterKey
ClusterResourceEnum
DeleteClusterResourceType
GetClusterResourceTypeKey
SetClusterQuorumResource
GetClusterResourceKey

resutils

ResUtilFindSzProperty
ResUtilGetAllProperties
ResUtilGetResourceDependency
ResUtilGetPrivateProperties
ResUtilVerifyPrivatePropertyList
ClusWorkerCreate
ResUtilSetPrivatePropertyList
ResUtilGetDwordProperty

urlmon

CoGetClassObjectFromURL
URLDownloadToCacheFileA
FindMimeFromData
URLOpenBlockingStreamA
GetClassFileOrMime

rpcrt4

NdrXmitOrRepAsBufferSize
RpcEpResolveBinding
RpcSmSetClientAllocFree
RpcServerRegisterIfEx
NdrFreeBuffer
NdrUserMarshalBufferSize
NdrConformantArrayMarshall
RpcTestCancel
NdrConformantVaryingArrayUnmarshall
RpcServerUseProtseqEpA
I_RpcReceive
RpcMgmtInqServerPrincNameA
RpcBindingSetAuthInfoExA
NdrFixedArrayUnmarshall
NdrConformantStructFree
RpcBindingInqAuthInfoA
NdrVaryingArrayMarshall
I_RpcBindingInqTransportType
NdrInterfacePointerUnmarshall
RpcBindingSetAuthInfoA
NdrConformantVaryingStructMarshall
I_RpcSsDontSerializeContext
NdrAllocate
RpcSmDestroyClientContext
RpcAsyncAbortCall
RpcBindingReset
NdrConformantVaryingStructUnmarshall
NdrClientContextMarshall
long_from_ndr
NdrMesTypeEncode
NdrServerCall
RpcServerUseProtseqEpExA
NdrComplexStructFree
I_RpcDeleteMutex
NdrXmitOrRepAsFree
NdrPointerMarshall
NdrGetDcomProtocolVersion
NdrConformantStringMarshall
NdrConformantStringMemorySize
IUnknown_QueryInterface_Proxy
RpcServerRegisterAuthInfoW
MesDecodeIncrementalHandleCreate
NdrComplexArrayUnmarshall
NdrByteCountPointerMarshall
RpcMgmtSetComTimeout
RpcMgmtStopServerListening
RpcNetworkIsProtseqValidW
RpcEpRegisterNoReplaceA
RpcMgmtEpEltInqNextW
RpcMgmtEpUnregister
RpcObjectInqType
NdrComplexArrayMemorySize
RpcIfInqId
I_RpcClearMutex
NdrInterfacePointerFree
tree_peek_ndr
RpcServerUseAllProtseqs
RpcSmSwapClientAllocFree
RpcMgmtEpEltInqDone
enum_from_ndr
NdrSimpleStructBufferSize
double_array_from_ndr
NdrNonConformantStringUnmarshall
RpcSmSetThreadHandle
RpcServerUseProtseqW
NdrConformantStringBufferSize
NdrConformantStructMemorySize
I_RpcBindingInqDynamicEndpointA
RpcServerUnregisterIf
NdrConformantVaryingArrayBufferSize
RpcBindingSetOption
RpcStringFreeA
NdrConformantArrayFree
DceErrorInqTextA
NdrUserMarshalMarshall
RpcServerInqIf
I_RpcGetBuffer
NdrConvert
RpcMgmtWaitServerListen
float_array_from_ndr

shell32

SHEmptyRecycleBinW
ExtractIconA
ShellExecuteW
ShellAboutA
SHBrowseForFolderW
ExtractAssociatedIconA
DragQueryFileA
SHQueryRecycleBinW
DuplicateIcon
SHAppBarMessage

user32

RemovePropA
GetScrollPos
LockWindowUpdate
SetClipboardData
GetClipCursor
MapVirtualKeyExA
InSendMessage
DrawStateA

mpr

WNetGetLastErrorA
WNetGetUniversalNameW
MultinetGetConnectionPerformanceW

setupapi

SetupSetPlatformPathOverrideA
SetupDefaultQueueCallbackA
SetupPromptForDiskA
SetupGetMultiSzFieldA
SetupQueueDeleteSectionA
SetupDiBuildClassInfoListExA
SetupLogErrorA
SetupDiClassGuidsFromNameW
SetupCommitFileQueueA
SetupDiGetDriverInfoDetailW
SetupQueueRenameSectionA
SetupDecompressOrCopyFileW
SetupDiGetDeviceInterfaceAlias
SetupDiGetClassDescriptionA
SetupGetInfFileListW
SetupCancelTemporarySourceList
SetupDiGetActualSectionToInstallW
SetupDiCreateDevRegKeyA
SetupAddToDiskSpaceListA
SetupRemoveInstallSectionFromDiskSpaceListW
SetupDiSelectBestCompatDrv
SetupDiGetClassDevPropertySheetsW
SetupDiGetHwProfileList
SetupGetFieldCount
SetupDiRegisterCoDeviceInstallers
SetupRemoveFromDiskSpaceListA
SetupDiSetClassInstallParamsW
SetupDiInstallClassExA
SetupGetTargetPathW
SetupGetIntField
SetupScanFileQueueA
SetupTermDefaultQueueCallback
SetupCopyOEMInfA
SetupDiDestroyClassImageList
SetupGetLineByIndexW
SetupDiSetDeviceInstallParamsW
SetupDiSetDriverInstallParamsW
SetupDiGetHwProfileFriendlyNameA
SetupDiGetDeviceInterfaceDetailA
SetupDiInstallDeviceInterfaces
SetupCopyErrorW
SetupInitializeFileLogW
SetupInitDefaultQueueCallback
SetupDiCreateDeviceInfoListExA
SetupGetSourceFileLocationW
SetupDiOpenDeviceInterfaceA
SetupDiGetDeviceInstanceIdW
SetupDiClassGuidsFromNameA
SetupRemoveFromSourceListW
SetupDiGetHwProfileFriendlyNameExW
SetupCloseLog

msvcrt

memcmp
puts
_initterm
_y0
fgetc

shlwapi

PathIsPrefixA

oleacc

AccessibleObjectFromEvent
GetStateTextA
AccessibleChildren

comctl32

ImageList_DrawEx
ImageList_LoadImageW
CreatePropertySheetPageA
ImageList_Create
PropertySheetA

Exports

Exports

PbrHXnDTjzPfvwiC
PlacentaSqueezerStuffiness
PreferableRelinedRelaunching
ReachableRedoneSublimest
StreakedRedoundedProviders

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ac6d4107a1433169d8c675d7c5c1c60

Headers

File Characteristics

Imports

comdlg32

ole32

advapi32

msi

version

wininet

clusapi

resutils

urlmon

rpcrt4

shell32

user32

mpr

setupapi

msvcrt

shlwapi

oleacc

comctl32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 644KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 7.7MB - Virtual size: 7.7MB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 644KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 7.7MB - Virtual size: 7.7MB