deec16ccabec997b24f087f353c2c04c9700504262eba757920f22599719ebc2N

Sharing

Copy URL

Twitter E-mail

General

Target

deec16ccabec997b24f087f353c2c04c9700504262eba757920f22599719ebc2N
Size

1.6MB
MD5

f60dcc78104d2f2091fffe10f859dcc0
SHA1

422fcd56b8ed283d9eb9483f9db6183f61a1f90b
SHA256

deec16ccabec997b24f087f353c2c04c9700504262eba757920f22599719ebc2
SHA512

7f66ade94bebc8562587a5d3be4699f83e7b7d3cd49cb736e119c11eefd9d70797040f593172fd0a41481d2980ccb60207f62c283b65c5a1c5e72422a2c50bee
SSDEEP

12288:gXP7MgrkI2d3ZbPkjUYVoUvIz3R7n6pUplQZ2v7pbX6rxGmtlNy7hE5sIRrE5tgp:g/gxIe4U5U2h76pUplQZsFrm47h+yHsT

Score

1^/10

Malware Config

Signatures

Files

deec16ccabec997b24f087f353c2c04c9700504262eba757920f22599719ebc2N
.dll regsvr32 windows:6 windows x86 arch:x86

c047997e1a9399d3f7eaf39ab714e716

Code Sign

33:00:00:05:4f:13:66:3c:8b:d6:7c:df:d5:00:00:00:00:05:4f
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:50

Not After

16/10/2024, 19:50

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:8c:b0:c0:ac:0a:4f:7f:39:e9:4d:7d:92:59:cf:80:77:89:3e:13:f7:42:ea:c0:23:c0:71:96:7a:94:a7:fe
Signer

Actual PE Digest

be:8c:b0:c0:ac:0a:4f:7f:39:e9:4d:7d:92:59:cf:80:77:89:3e:13:f7:42:ea:c0:23:c0:71:96:7a:94:a7:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\dbs\sh\odct\0905_112315_0\client\onedrive\Product\UX\Shell\Dll\obj\i386\FileSyncShell.pdb

Imports

bcrypt

BCryptGenRandom

propsys

PropVariantToUInt32

kernel32

GetVolumePathNameW
ReadFile
RemoveDirectoryW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
GetCompressedFileSizeW
FindFirstFileNameW
IsDebuggerPresent
SetHandleInformation
CreatePipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeviceIoControl
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
ReadDirectoryChangesW
CreateSymbolicLinkW
CompareStringOrdinal
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessIoCounters
GetPrivateProfileStringW
WritePrivateProfileStringW
SetDllDirectoryW
CopyFileW
MoveFileExW
ReplaceFileW
GetComputerNameW
RegisterApplicationRestart
GetFileInformationByHandleEx
OpenFileById
GetFinalPathNameByHandleW
GetCurrentThread
FindNextFileW
WriteFile
QueueUserWorkItem
MoveFileWithProgressW
OpenEventW
OpenMutexW
SystemTimeToTzSpecificLocalTime
UnregisterApplicationRestart
DuplicateHandle
GetVolumeInformationW
GetLogicalDrives
GetComputerNameExW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetFileType
GetFileSizeEx
GetDllDirectoryW
CreateFileW
CreateDirectoryW
SetThreadInformation
GetSystemTimes
SetProcessShutdownParameters
CreateProcessW
GetExitCodeProcess
GetProcessTimes
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW
WaitForMultipleObjects
Sleep
ReleaseMutex
SetLastError
VerifyVersionInfoW
GetProductInfo
VerSetConditionMask
LCMapStringW
WideCharToMultiByte
GetFileInformationByHandle
K32GetModuleFileNameExW
GetUserDefaultLCID
GetUserGeoID
LCIDToLocaleName
SystemTimeToFileTime
MoveFileW
LocalFree
LocalAlloc
LoadLibraryW
FreeLibrary
IsWow64Process
GetVersionExW
GetSystemTimeAsFileTime
OpenProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
CreateMutexW
FindFirstFileW
FindClose
DeleteFileW
GetDriveTypeW
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
CloseHandle
GetCurrentThreadId
GetLongPathNameW
WaitForSingleObject
MulDiv
GetSystemTime
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetThreadLocale
GetThreadLocale
RaiseException
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx
GetLastError
GetFileAttributesExW
GetStringTypeW
FormatMessageA
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
OutputDebugStringW
QueryPerformanceCounter
GetLocaleInfoEx
GetDateFormatW
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
FindFirstFileExW
CreateThread
SetEndOfFile
SetFilePointerEx
CreateHardLinkW
GetFileSize
GetTickCount64
GetFileAttributesW
GetDiskFreeSpaceExW
FindVolumeClose
FindNextVolumeW
MultiByteToWideChar
FindFirstVolumeW
LCMapStringEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
InitializeSListHead
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
WaitForSingleObjectEx

user32

GetSubMenu
TrackPopupMenu
GetWindowRect
GetIconInfo
GetProcessDefaultLayout
GetLastActivePopup
SetFocus
AllowSetForegroundWindow
MessageBoxW
AdjustWindowRectEx
SetWindowPos
EmptyClipboard
PostQuitMessage
GetWindowLongW
MapWindowPoints
IsHungAppWindow
GetLastInputInfo
GetClassInfoExW
CloseClipboard
PeekMessageW
GetDoubleClickTime
LoadIconW
RegisterClassExW
GetClientRect
EnableMenuItem
SetMenuDefaultItem
SetTimer
GetClipboardData
GetMenuStringW
RegisterClipboardFormatW
SetClipboardData
GetMenuItemCount
OpenClipboard
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
DispatchMessageW
TranslateMessage
GetMessageW
SendMessageTimeoutW
SystemParametersInfoW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
PostMessageW
ReleaseDC
GetDC
SetMenuItemInfoW
InsertMenuW
CreatePopupMenu
InsertMenuItemW
LoadImageW
GetForegroundWindow
CharNextW
SendMessageW
FindWindowW
SetForegroundWindow
IsWindow
EndDialog
ModifyMenuW
AppendMenuW
DeleteMenu
RemoveMenu
KillTimer

gdi32

GetDeviceCaps
DeleteObject
GetObjectW

advapi32

RegCopyTreeW
RegNotifyChangeKeyValue
CheckTokenMembership
AccessCheck
DuplicateToken
MapGenericMask
IsValidAcl
OpenThreadToken
CreateProcessWithTokenW
GetUserNameW
SetFileSecurityW
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegDeleteTreeW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
RegDeleteKeyExW
RegCreateKeyTransactedW
GetAclInformation
FreeSid
DuplicateTokenEx
CreateWellKnownSid
AllocateAndInitializeSid
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegGetValueW
RegSetKeyValueW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
AdjustTokenPrivileges
OpenProcessToken
EnableTraceEx2
StartTraceW
ControlTraceW
EventUnregister
EventRegister
EventWriteTransfer
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
AssocCreateForClasses
SHGetKnownFolderItem
ord526
SHSetKnownFolderPath
SHGetFolderPathAndSubDirW
SHGetFolderPathW
SHCreateDirectoryExW
SHAssocEnumHandlers
ShellExecuteExW
SHParseDisplayName
SHChangeNotify
SHGetKnownFolderPath
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
ord147
SHCreateItemFromParsingName
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
ShellExecuteW
Shell_NotifyIconW
SHQueryUserNotificationState

ole32

GetRunningObjectTable
CreateItemMoniker
CoSetProxyBlanket
CoCreateGuid
StringFromCLSID
CreateBindCtx
CoUninitialize
CoGetObject
CoTaskMemFree
CoRevokeClassObject
CoInitializeSecurity
CoWaitForMultipleHandles
CoInitializeEx
CoAllowSetForegroundWindow
PropVariantClear
StringFromGUID2
CoCreateInstance
CoRegisterClassObject

oleaut32

UnRegisterTypeLi
SysAllocString
LoadTypeLi
SysFreeString
RegisterTypeLi
SysStringLen
VariantClear
VariantInit
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
GetRecordInfoFromTypeInfo

crypt32

CryptBinaryToStringW
CryptStringToBinaryW
CertFindExtension

rpcrt4

RpcBindingFromStringBindingW
RpcBindingVectorFree
RpcStringBindingComposeW
RpcStringFreeW
RpcServerInqBindings
RpcBindingFree
RpcServerUnregisterIf
RpcServerUseProtseqW
RpcBindingSetAuthInfoExW
RpcEpRegisterW
RpcEpUnregister
RpcServerInqCallAttributesW
RpcServerRegisterIfEx
UuidToStringW

secur32

GetUserNameExW

shlwapi

UrlEscapeW
AssocCreate
SHRegSetUSValueW
UrlCreateFromPathW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHCreateStreamOnFileEx
ord176
PathIsPrefixW
ord615
AssocQueryStringW
SHStrDupW
PathFileExistsW
PathFindFileNameW
SHGetValueW
SHRegGetUSValueW
PathIsDirectoryW
PathStripPathW
PathStripToRootW
StrStrIW
PathRemoveFileSpecW
SHDeleteKeyW
SHDeleteValueW
SHGetValueA
SHSetValueW
SHRegGetValueW
PathIsDirectoryEmptyW
SHCreateStreamOnFileW
SHRegGetBoolUSValueW
SHRegGetPathW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetCheckConnectionW
InternetGetConnectedState

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

userenv

GetDefaultUserProfileDirectoryW
CreateEnvironmentBlock

Exports

Exports

?DecrementActiveHydrationsCount@QoS@@YAXXZ
?GetActiveHydrationsCount@QoS@@YAIXZ
?GetApplicationPropertyId@QoS@@YA?AW4Id@PropertyId@TelemetryConstants@@XZ
?GetErrorType@QoS@@YG?AW4Type@ErrorType@TelemetryConstants@@JI@Z
?GetErrorType@QoS@@YG?AW4Type@ErrorType@TelemetryConstants@@JIABV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z
?GetInstance@Telemetry@@CGPAV1@XZ
?GetLogObfuscationKeyManger@@YAJPAPAVILogObfuscationKeyManager@@@Z
?GetResultType@QoS@@YAPB_WJI@Z
?GetResultType@QoS@@YAPB_WW4Type@ErrorType@TelemetryConstants@@@Z
?IncrementActiveHydrationsCount@QoS@@YAXXZ
?InsertIntoIrmEnabledLibrarySet@QoS@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsAnyLibraryIrmEnabled@QoS@@YA_NXZ
?RemoveFromIrmEnabledLibrarySet@QoS@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetApplicationId@QoS@@YAXI@Z
?SizeUnknown@QoS@@YGIXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Test_IsMemberOf

Sections

.text
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 741KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c047997e1a9399d3f7eaf39ab714e716

Code Sign

33:00:00:05:4f:13:66:3c:8b:d6:7c:df:d5:00:00:00:00:05:4fCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

be:8c:b0:c0:ac:0a:4f:7f:39:e9:4d:7d:92:59:cf:80:77:89:3e:13:f7:42:ea:c0:23:c0:71:96:7a:94:a7:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

propsys

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

rpcrt4

secur32

shlwapi

version

wininet

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 595KB - Virtual size: 594KB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 26KB - Virtual size: 37KB

.rsrc Size: 741KB - Virtual size: 741KB

.reloc Size: 40KB - Virtual size: 39KB

33:00:00:05:4f:13:66:3c:8b:d6:7c:df:d5:00:00:00:00:05:4f
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

be:8c:b0:c0:ac:0a:4f:7f:39:e9:4d:7d:92:59:cf:80:77:89:3e:13:f7:42:ea:c0:23:c0:71:96:7a:94:a7:fe
Signer

.text
Size: 595KB - Virtual size: 594KB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 26KB - Virtual size: 37KB

.rsrc
Size: 741KB - Virtual size: 741KB

.reloc
Size: 40KB - Virtual size: 39KB