504fe4eca26654d95524df945f22bf97997ae15acb9e3d96cf332c184885b722

Sharing

Copy URL Twitter E-mail

General

Target

504fe4eca26654d95524df945f22bf97997ae15acb9e3d96cf332c184885b722
Size

621KB
MD5

fa05dabd5439efa91da4863524c85c9d
SHA1

fbee396399ec397aa630c6f627bc4ee2c862c3a4
SHA256

504fe4eca26654d95524df945f22bf97997ae15acb9e3d96cf332c184885b722
SHA512

29829d14ed4f3437f7b33c9f225aeef7394b73ac041b6c64e931e482f891b946f695a7ff973fd50aefec7f0807060ace4ee1b5013a0f5d8f30b69feb85f615a1
SSDEEP

6144:yFYwl89xiQeed833gJkpb0+krUhUMcwJwY7gh21v2CRueq3psm9bFFY:ySxpeed6GkpIhrU6w7+Q1Y9mm9bFFY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
504fe4eca26654d95524df945f22bf97997ae15acb9e3d96cf332c184885b722

Files

504fe4eca26654d95524df945f22bf97997ae15acb9e3d96cf332c184885b722
.dll regsvr32 windows:4 windows x86 arch:x86

9fc83d8b471e7a76a51b7d8f2def9cc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.Depot\Current\Client\OutlookMonitor\Release\mco.pdb

Imports

kernel32

FindNextFileW
GetACP
GetFileSize
CreateFileW
Sleep
FindFirstFileW
FindFirstChangeNotificationW
lstrcpyW
RaiseException
InitializeCriticalSection
FlushInstructionCache
GetModuleHandleW
lstrcmpiW
GetCurrentThreadId
SetLastError
FreeLibrary
LoadLibraryExW
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
SetEndOfFile
WriteFile
SetFilePointer
GetFileAttributesExW
LocalFree
GetComputerNameW
HeapFree
GetProcessHeap
lstrcpynW
ReadFile
HeapAlloc
GetProcAddress
LoadLibraryW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetExitCodeThread
GetCurrentProcessId
GetTempFileNameW
MoveFileExW
FlushFileBuffers
SetFileAttributesW
IsValidCodePage
HeapSize
HeapReAlloc
FileTimeToSystemTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReleaseMutex
ReleaseSemaphore
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
GetTimeZoneInformation
OpenProcess
FindClose
GetTickCount
GetVersionExW
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetLocalTime
GetFileInformationByHandle
lstrlenA
IsBadReadPtr
GlobalReAlloc
CreateSemaphoreW
CreateMutexW
CreateFileA
CreateFileMappingW
lstrcpyA
ProcessIdToSessionId
OpenFileMappingW
GetComputerNameExW
FindNextFileA
FindFirstFileA
lstrcpynA
CreateMutexA
GlobalSize
GetSystemTime
SetFileTime
GetSystemTimeAsFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
FindNextChangeNotification
FindCloseChangeNotification
GetModuleFileNameW
lstrcatW
CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
CreateEventW
SetThreadPriority
GetCurrentProcess
DuplicateHandle
WaitForMultipleObjects
EnterCriticalSection
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
LeaveCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
MoveFileW
LoadResource
LockResource
SizeofResource
lstrlenW
GetTempPathW
GetLastError
DeleteFileW
CreateProcessW
GetOEMCP
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
RtlUnwind
GetDriveTypeW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
HeapDestroy
GetVersionExA

user32

TranslateMessage
PeekMessageW
UnregisterClassA
wsprintfW
MsgWaitForMultipleObjects
FindWindowExW
PostMessageW
IsWindow
CharNextW
SetWindowLongW
ShowWindow
GetClassInfoExW
LoadCursorW
DestroyWindow
LoadStringW
DefWindowProcW
DispatchMessageW
RegisterClassExW
GetWindowLongW
CallWindowProcW
CreateWindowExW
GetDesktopWindow
RegisterWindowMessageW
GetWindowThreadProcessId
GetParent
CharLowerBuffW
CharLowerW
SendMessageTimeoutW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountSidW
OpenProcessToken
CryptDeriveKey
CryptDecrypt
CryptEncrypt
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

WriteClassStg
StgCreateStorageEx
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
StringFromGUID2
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoRevokeClassObject
CoRegisterPSClsid
CoRegisterClassObject
StgOpenStorage
StgIsStorageFile
StgOpenStorageOnILockBytes
StgIsStorageILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitializeEx

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SetErrorInfo
GetErrorInfo
SysFreeString
SysStringLen
VariantChangeType
VarBstrFromI4
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantClear
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarBstrCat
SafeArrayRedim
VarBstrCmp
VarI4FromStr
SafeArrayDestroy
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
SysAllocStringLen
VarUI4FromStr
CreateErrorInfo

shlwapi

PathIsDirectoryA
PathStripPathW
PathAppendW
PathRemoveFileSpecA
PathFindFileNameA
PathAppendA
PathMatchSpecA
PathSkipRootA
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathMatchSpecW
PathSkipRootW
SHCreateStreamOnFileW
PathFileExistsW

mapi32

ord135
ord59
ord196
ord17
ord15
ord13
ord198
ord197

wtsapi32

WTSOpenServerW
WTSQuerySessionInformationW
WTSCloseServer
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

psapi

GetModuleFileNameExW

Exports

Exports

DisableDLP
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableDLP
ExchEntryPoint

Sections

.text
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GBL
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fc83d8b471e7a76a51b7d8f2def9cc5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

mapi32

wtsapi32

netapi32

rpcrt4

psapi

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 444KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 16KB - Virtual size: 22KB

.GBL Size: 4KB - Virtual size: 32B

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 448KB - Virtual size: 444KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 16KB - Virtual size: 22KB

.GBL
Size: 4KB - Virtual size: 32B

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 24KB - Virtual size: 21KB