b1de4105f8913422540c3a9acd5851e6a40a43d77ff7c560ec6bde306c1c08dd

Sharing

Copy URL Twitter E-mail

General

Target

b1de4105f8913422540c3a9acd5851e6a40a43d77ff7c560ec6bde306c1c08dd
Size

1.9MB
MD5

5aec88647c5434ebf9ec42c48d86c9c8
SHA1

e2d79a856e36e720a30956d8b09e791f0ac33170
SHA256

b1de4105f8913422540c3a9acd5851e6a40a43d77ff7c560ec6bde306c1c08dd
SHA512

9ab1646e11b7e94b303d50f6d4ade822ae089cbf67db23912562751e6378a0a522e07c4b065da72fa2104143a26cd9fa4098d1331088bd42ad08de144ce03da9
SSDEEP

49152:Wk1Td0SxkyZ0gxOmEFlbHRm34MfXg/DLP:Wk1R2G0+OmEp5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1de4105f8913422540c3a9acd5851e6a40a43d77ff7c560ec6bde306c1c08dd

Files

b1de4105f8913422540c3a9acd5851e6a40a43d77ff7c560ec6bde306c1c08dd
.dll regsvr32 windows:4 windows x86 arch:x86

43765c2f5f24c71d2308a43ebeef6f62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

ChangeServiceConfig2W
CloseServiceHandle
ControlService
ConvertSidToStringSidW
CreateServiceW
DeleteService
EnumDependentServicesW
GetServiceDisplayNameW
GetTokenInformation
GetUserNameW
LookupAccountNameW
MD5Final
MD5Init
MD5Update
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteTreeW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
StartServiceW

cabinet

FDICreate
FDICopy
FDIDestroy

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon

crypt32

CertDuplicateCertificateContext

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject
GetTextMetricsW
SelectObject
SetBkMode
SetTextColor
StretchBlt

imagehlp

BindImage

kernel32

CloseHandle
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateFileMappingW
CreateFileW
CreateNamedPipeW
CreateProcessW
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileW
DisableThreadLibraryCalls
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
EnumResourceNamesW
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FreeLibrary
GetComputerNameW
GetCurrentDirectoryW
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLocalTime
GetLogicalDriveStringsW
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleW
GetNativeSystemInfo
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDefaultLangID
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetTickCount64
GetTimeFormatW
GetUserDefaultLangID
GetVersion
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
IsValidCodePage
IsValidLocale
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MoveFileExW
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
RemoveDirectoryW
RtlUnwind
SearchPathW
SetFileAttributesW
SetFilePointer
SetFileTime
SizeofResource
Sleep
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteFile
WritePrivateProfileStringW

mspatcha

ApplyPatchToFileW

ntdll

NtCreateSection
NtQuerySection
RtlGetVersion
_vsnprintf

odbccp32

SQLConfigDataSourceW
SQLRemoveTranslatorW
SQLRemoveDriverW
SQLInstallDriverExW
SQLInstallTranslatorExW

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemFree
CoUninitialize
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes
StringFromGUID2

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantCopy
VariantCopyInd
VariantChangeType
DispGetParam
SysAllocStringByteLen
LoadTypeLib
LoadRegTypeLib
RegisterTypeLib
LoadTypeLibEx
SystemTimeToVariantTime
VariantTimeToSystemTime
UnRegisterTypeLib
OleLoadPicture

rpcrt4

I_RpcExceptionFilter
I_RpcGetBuffer
NdrAllocate
NdrClientInitializeNew
NdrComplexStructBufferSize
NdrComplexStructMarshall
NdrComplexStructUnmarshall
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrConformantStringUnmarshall
NdrConvert
NdrFreeBuffer
NdrGetBuffer
NdrPointerBufferSize
NdrPointerFree
NdrPointerMarshall
NdrPointerUnmarshall
NdrSendReceive
NdrServerInitializeNew
NdrSimpleStructMarshall
NdrSimpleStructUnmarshall
RpcBindingFree
RpcBindingFromStringBindingW
RpcRaiseException
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcStringBindingComposeW
RpcStringFreeW

shell32

SHGetFolderPathW
ShellExecuteW

shlwapi

PathAddBackslashW
PathAppendW
PathFindFileNameW
PathIsRelativeW
PathRemoveBackslashW
PathRemoveFileSpecW
PathStripPathW
PathStripToRootW
SHCreateStreamOnFileW
StrFormatByteSizeW
UrlIsW

sxs

CreateAssemblyCache

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
_assert
_strdup
_wcsdup
_wcsicmp
_wcsnicmp
_wcsupr
_wtoi
bsearch
calloc
free
fwrite
getenv
iswdigit
iswspace
malloc
memcmp
memcpy
memmove
memset
qsort
realloc
strcat
strchr
strcmp
strcpy
strcspn
strlen
strtol
towupper
wcschr
wcscmp
wcslen
wcsncmp
wcsrchr
wcsstr
wcstol

urlmon

URLDownloadToCacheFileW

user32

AdjustWindowRect
AppendMenuA
CallWindowProcW
CharLowerW
CharUpperW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
EnableWindow
EnumChildWindows
GetClientRect
GetDC
GetFocus
GetNextDlgTabItem
GetParent
GetPropW
GetWindowLongW
GetWindowRect
GetWindowTextW
InvalidateRect
IsDialogMessageW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadStringW
MapWindowPoints
MessageBoxExA
MessageBoxExW
MessageBoxW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
RegisterClassW
ReleaseDC
RemovePropW
SendMessageW
SetFocus
SetPropW
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
TrackPopupMenu
TranslateMessage
UnregisterClassW
wsprintfA
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

GetUrlCacheEntryInfoW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrustEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer
Migrate10CachedPackagesA
Migrate10CachedPackagesW
MsiAdvertiseProductA
MsiAdvertiseProductExA
MsiAdvertiseProductExW
MsiAdvertiseProductW
MsiAdvertiseScriptA
MsiAdvertiseScriptW
MsiApplyMultiplePatchesA
MsiApplyMultiplePatchesW
MsiApplyPatchA
MsiApplyPatchW
MsiBeginTransactionA
MsiBeginTransactionW
MsiCloseAllHandles
MsiCloseHandle
MsiCollectUserInfoA
MsiCollectUserInfoW
MsiConfigureFeatureA
MsiConfigureFeatureFromDescriptorA
MsiConfigureFeatureFromDescriptorW
MsiConfigureFeatureW
MsiConfigureProductA
MsiConfigureProductExA
MsiConfigureProductExW
MsiConfigureProductW
MsiCreateAndVerifyInstallerDirectory
MsiCreateRecord
MsiCreateTransformSummaryInfoA
MsiCreateTransformSummaryInfoW
MsiDatabaseApplyTransformA
MsiDatabaseApplyTransformW
MsiDatabaseCommit
MsiDatabaseExportA
MsiDatabaseExportW
MsiDatabaseGenerateTransformA
MsiDatabaseGenerateTransformW
MsiDatabaseGetPrimaryKeysA
MsiDatabaseGetPrimaryKeysW
MsiDatabaseImportA
MsiDatabaseImportW
MsiDatabaseIsTablePersistentA
MsiDatabaseIsTablePersistentW
MsiDatabaseMergeA
MsiDatabaseMergeW
MsiDatabaseOpenViewA
MsiDatabaseOpenViewW
MsiDecomposeDescriptorA
MsiDecomposeDescriptorW
MsiDeleteUserDataA
MsiDeleteUserDataW
MsiDetermineApplicablePatchesA
MsiDetermineApplicablePatchesW
MsiDeterminePatchSequenceA
MsiDeterminePatchSequenceW
MsiDoActionA
MsiDoActionW
MsiEnableLogA
MsiEnableLogW
MsiEnableUIPreview
MsiEndTransaction
MsiEnumClientsA
MsiEnumClientsExA
MsiEnumClientsExW
MsiEnumClientsW
MsiEnumComponentCostsA
MsiEnumComponentCostsW
MsiEnumComponentQualifiersA
MsiEnumComponentQualifiersW
MsiEnumComponentsA
MsiEnumComponentsExA
MsiEnumComponentsExW
MsiEnumComponentsW
MsiEnumFeaturesA
MsiEnumFeaturesW
MsiEnumPatchesA
MsiEnumPatchesExA
MsiEnumPatchesExW
MsiEnumPatchesW
MsiEnumProductsA
MsiEnumProductsExA
MsiEnumProductsExW
MsiEnumProductsW
MsiEnumRelatedProductsA
MsiEnumRelatedProductsW
MsiEvaluateConditionA
MsiEvaluateConditionW
MsiExtractPatchXMLDataA
MsiExtractPatchXMLDataW
MsiFormatRecordA
MsiFormatRecordW
MsiGetActiveDatabase
MsiGetComponentPathA
MsiGetComponentPathExA
MsiGetComponentPathExW
MsiGetComponentPathW
MsiGetComponentStateA
MsiGetComponentStateW
MsiGetDatabaseState
MsiGetFeatureCostA
MsiGetFeatureCostW
MsiGetFeatureInfoA
MsiGetFeatureInfoW
MsiGetFeatureStateA
MsiGetFeatureStateW
MsiGetFeatureUsageA
MsiGetFeatureUsageW
MsiGetFeatureValidStatesA
MsiGetFeatureValidStatesW
MsiGetFileHashA
MsiGetFileHashW
MsiGetFileSignatureInformationA
MsiGetFileSignatureInformationW
MsiGetFileVersionA
MsiGetFileVersionW
MsiGetLanguage
MsiGetLastErrorRecord
MsiGetMode
MsiGetPatchFileListA
MsiGetPatchFileListW
MsiGetPatchInfoA
MsiGetPatchInfoExA
MsiGetPatchInfoExW
MsiGetPatchInfoW
MsiGetProductCodeA
MsiGetProductCodeFromPackageCodeA
MsiGetProductCodeFromPackageCodeW
MsiGetProductCodeW
MsiGetProductInfoA
MsiGetProductInfoExA
MsiGetProductInfoExW
MsiGetProductInfoFromScriptA
MsiGetProductInfoFromScriptW
MsiGetProductInfoW
MsiGetProductPropertyA
MsiGetProductPropertyW
MsiGetPropertyA
MsiGetPropertyW
MsiGetShortcutTargetA
MsiGetShortcutTargetW
MsiGetSourcePathA
MsiGetSourcePathW
MsiGetSummaryInformationA
MsiGetSummaryInformationW
MsiGetTargetPathA
MsiGetTargetPathW
MsiGetUserInfoA
MsiGetUserInfoW
MsiInstallMissingComponentA
MsiInstallMissingComponentW
MsiInstallMissingFileA
MsiInstallMissingFileW
MsiInstallProductA
MsiInstallProductW
MsiInvalidateFeatureCache
MsiIsProductElevatedA
MsiIsProductElevatedW
MsiJoinTransaction
MsiLoadStringA
MsiLoadStringW
MsiLocateComponentA
MsiLocateComponentW
MsiMessageBoxA
MsiMessageBoxExA
MsiMessageBoxExW
MsiMessageBoxW
MsiNotifySidChangeA
MsiNotifySidChangeW
MsiOpenDatabaseA
MsiOpenDatabaseW
MsiOpenPackageA
MsiOpenPackageExA
MsiOpenPackageExW
MsiOpenPackageW
MsiOpenProductA
MsiOpenProductW
MsiPreviewBillboardA
MsiPreviewBillboardW
MsiPreviewDialogA
MsiPreviewDialogW
MsiProcessAdvertiseScriptA
MsiProcessAdvertiseScriptW
MsiProcessMessage
MsiProvideAssemblyA
MsiProvideAssemblyW
MsiProvideComponentA
MsiProvideComponentFromDescriptorA
MsiProvideComponentFromDescriptorW
MsiProvideComponentW
MsiProvideQualifiedComponentA
MsiProvideQualifiedComponentExA
MsiProvideQualifiedComponentExW
MsiProvideQualifiedComponentW
MsiQueryComponentStateA
MsiQueryComponentStateW
MsiQueryFeatureStateA
MsiQueryFeatureStateExA
MsiQueryFeatureStateExW
MsiQueryFeatureStateFromDescriptorA
MsiQueryFeatureStateFromDescriptorW
MsiQueryFeatureStateW
MsiQueryProductStateA
MsiQueryProductStateW
MsiRecordClearData
MsiRecordDataSize
MsiRecordGetFieldCount
MsiRecordGetInteger
MsiRecordGetStringA
MsiRecordGetStringW
MsiRecordIsNull
MsiRecordReadStream
MsiRecordSetInteger
MsiRecordSetStreamA
MsiRecordSetStreamW
MsiRecordSetStringA
MsiRecordSetStringW
MsiReinstallFeatureA
MsiReinstallFeatureFromDescriptorA
MsiReinstallFeatureFromDescriptorW
MsiReinstallFeatureW
MsiReinstallProductA
MsiReinstallProductW
MsiRemovePatchesA
MsiRemovePatchesW
MsiSequenceA
MsiSequenceW
MsiSetComponentStateA
MsiSetComponentStateW
MsiSetExternalUIA
MsiSetExternalUIRecord
MsiSetExternalUIW
MsiSetFeatureAttributesA
MsiSetFeatureAttributesW
MsiSetFeatureStateA
MsiSetFeatureStateW
MsiSetInstallLevel
MsiSetInternalUI
MsiSetMode
MsiSetOfflineContextW
MsiSetPropertyA
MsiSetPropertyW
MsiSetTargetPathA
MsiSetTargetPathW
MsiSourceListAddMediaDiskA
MsiSourceListAddMediaDiskW
MsiSourceListAddSourceA
MsiSourceListAddSourceExA
MsiSourceListAddSourceExW
MsiSourceListAddSourceW
MsiSourceListClearAllA
MsiSourceListClearAllExA
MsiSourceListClearAllExW
MsiSourceListClearAllW
MsiSourceListClearMediaDiskA
MsiSourceListClearMediaDiskW
MsiSourceListClearSourceA
MsiSourceListClearSourceW
MsiSourceListEnumMediaDisksA
MsiSourceListEnumMediaDisksW
MsiSourceListEnumSourcesA
MsiSourceListEnumSourcesW
MsiSourceListForceResolutionA
MsiSourceListForceResolutionExA
MsiSourceListForceResolutionExW
MsiSourceListForceResolutionW
MsiSourceListGetInfoA
MsiSourceListGetInfoW
MsiSourceListSetInfoA
MsiSourceListSetInfoW
MsiSummaryInfoGetPropertyA
MsiSummaryInfoGetPropertyCount
MsiSummaryInfoGetPropertyW
MsiSummaryInfoPersist
MsiSummaryInfoSetPropertyA
MsiSummaryInfoSetPropertyW
MsiUseFeatureA
MsiUseFeatureExA
MsiUseFeatureExW
MsiUseFeatureW
MsiVerifyDiskSpace
MsiVerifyPackageA
MsiVerifyPackageW
MsiViewClose
MsiViewExecute
MsiViewFetch
MsiViewGetColumnInfo
MsiViewGetErrorA
MsiViewGetErrorW
MsiViewModify
QueryInstanceCount
__wine_msi_call_dll_function

Sections

.text
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43765c2f5f24c71d2308a43ebeef6f62

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cabinet

comctl32

crypt32

gdi32

imagehlp

kernel32

mspatcha

ntdll

odbccp32

ole32

oleaut32

rpcrt4

shell32

shlwapi

sxs

ucrtbase

urlmon

user32

version

wininet

wintrust

Exports

Exports

Sections

.text Size: 708KB - Virtual size: 706KB

.data Size: 4KB - Virtual size: 1KB

.rodata Size: 4KB - Virtual size: 2KB

.rdata Size: 144KB - Virtual size: 140KB

/4 Size: 92KB - Virtual size: 88KB

.edata Size: 12KB - Virtual size: 9KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 324KB - Virtual size: 322KB

.reloc Size: 36KB - Virtual size: 34KB

.text
Size: 708KB - Virtual size: 706KB

.data
Size: 4KB - Virtual size: 1KB

.rodata
Size: 4KB - Virtual size: 2KB

.rdata
Size: 144KB - Virtual size: 140KB

/4
Size: 92KB - Virtual size: 88KB

.edata
Size: 12KB - Virtual size: 9KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 324KB - Virtual size: 322KB

.reloc
Size: 36KB - Virtual size: 34KB