939912218c17288e395e5f71fb15d7a6beed1bc567d0555d1fbc35bfb70d8cf8N

Sharing

Copy URL

Twitter E-mail

General

Target

939912218c17288e395e5f71fb15d7a6beed1bc567d0555d1fbc35bfb70d8cf8N
Size

224KB
MD5

3e584469fadb0043c490070d3e84ce60
SHA1

dfc3a1d0c400b00c51f84d23e7e8302b091eaa68
SHA256

939912218c17288e395e5f71fb15d7a6beed1bc567d0555d1fbc35bfb70d8cf8
SHA512

f54d147ffea4533e9af2e3e5a840c7096a8a251c07caed97ea9e94f5a76396726f8e32de1b8a60e261ad008c89dfd12f8cb9dfef7952525e2680bc13ddb23e79
SSDEEP

6144:hCQkoP8bYkosIdHcTl2p1i10S6HSRKDYUsn:UoP8oRd62p137D+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ipsnap.dll

Files

939912218c17288e395e5f71fb15d7a6beed1bc567d0555d1fbc35bfb70d8cf8N
.cab
ipsnap.dll
.dll regsvr32 windows:5 windows x86 arch:x86

a83c147f4152787e4563c914acdeda4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ipsnap.pdb

Imports

mfc42u

ord3733
ord561
ord815
ord3948
ord2717
ord1128
ord1165
ord1662
ord2644
ord5597
ord1085
ord6136
ord5854
ord6874
ord910
ord5798
ord641
ord773
ord5617
ord4370
ord4847
ord1083
ord5947
ord6279
ord6278
ord3093
ord801
ord501
ord541
ord5603
ord2768
ord5706
ord4124
ord2756
ord5618
ord5596
ord6879
ord2754
ord3991
ord2284
ord2357
ord654
ord341
ord697
ord395
ord6667
ord6563
ord4181
ord3431
ord1683
ord2520
ord4433
ord2046
ord4425
ord496
ord771
ord1563
ord1194
ord4371
ord489
ord768
ord4616
ord2638
ord3471
ord2876
ord4279
ord3296
ord3870
ord1008
ord3016
ord2820
ord6565
ord3084
ord2286
ord2354
ord4183
ord4180
ord5624
ord909
ord912
ord5627
ord3433
ord2606
ord394
ord397
ord2637
ord656
ord941
ord3605
ord3297
ord2281
ord2362
ord6330
ord600
ord1240
ord1173
ord1571
ord1250
ord1248
ord342
ord1179
ord1570
ord1568
ord1115
ord269
ord826
ord3396
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord702
ord400
ord4186
ord915
ord2914
ord5568
ord942
ord5276
ord6898
ord803
ord543
ord3579
ord1144
ord3871
ord538
ord940
ord6195
ord3090
ord6211
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord2634
ord616
ord542
ord802
ord2809
ord1197
ord861
ord4155
ord2099
ord6379
ord5436
ord6390
ord5446
ord696
ord699
ord2836
ord4050
ord3087
ord1771
ord3281
ord858
ord3542
ord3092
ord2810
ord5949
ord6896
ord540
ord1196
ord800
ord5977
ord2294
ord3714
ord3397
ord3993
ord825
ord6003
ord567
ord3635
ord4418
ord3365
ord4831
ord5286
ord5237
ord4396
ord1768
ord6051
ord2574
ord2859
ord6024
ord793
ord693
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4829
ord3793
ord5283
ord4347
ord6370
ord5157
ord2377
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4848
ord5261
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord823
ord6466
ord1143
ord1634
ord3566
ord2406
ord3621
ord3658
ord5293
ord5846
ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord692
ord4688
ord2078
ord5711
ord4221
ord1940
ord817
ord565
ord4693
ord2718
ord5299
ord3792
ord2088
ord3905
ord1840
ord2092
ord326
ord1808
ord1226
ord4294
ord2248
ord6266
ord3133
ord1637
ord2430
ord3649
ord2576
ord4215
ord4238
ord4282
ord491
ord6451
ord5852
ord2757
ord2857
ord4709
ord6193
ord4253
ord1899
ord5284
ord4254
ord1900
ord384
ord686
ord2090
ord3430
ord5586
ord927
ord2910
ord324
ord4199
ord3592
ord3716
ord2371
ord4229
ord818
ord3737
ord795
ord925
ord5679
ord4272
ord547
ord268
ord1560
ord1145
ord1230
ord2144
ord2755
ord4270

msvcrt

_ultow
_purecall
_except_handler3
free
malloc
_wtoi
__CxxFrameHandler
_wtol
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
wcstok
_itow
wcsstr
wcslen
wcscpy
wcschr
memmove
wcstombs
_wcsdup
wcstoul
wcscmp
_wcsicmp

atl

ord15
ord22
ord18
ord21
ord16
ord32

rtrfiltr

MprUIFilterConfigInfoBase

advapi32

RegOpenKeyExA
RegQueryValueExA
StartServiceW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegConnectRegistryW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW

gdi32

CreateFontIndirectW
GetCharWidthW
CreateSolidBrush
Rectangle
SetTextColor
SetBkColor
TextOutW
GetDeviceCaps
DeleteObject
SelectObject

kernel32

DeleteCriticalSection
lstrlenW
lstrcmpiW
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryW
GetCurrentThreadId
GetLastError
CloseHandle
GetCurrentProcess
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetModuleHandleW
GetModuleFileNameW
GetCurrentThread
WaitForSingleObject
CreateThread
GetUserDefaultLangID
LocalFree
FormatMessageW
GetProcAddress
lstrcpyW
lstrcpynA
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
LoadLibraryExW
lstrcpynW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalAlloc
Sleep
GlobalFree
HeapCreate
HeapDestroy
GetThreadLocale
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsW
lstrcpyA
WideCharToMultiByte
LoadLibraryW
lstrcatW
GetLocaleInfoW
LoadLibraryA
InitializeCriticalSection
ResetEvent
CreateEventW
SetEvent
DuplicateHandle
GetComputerNameExW
GetComputerNameW

mprapi

MprConfigBufferFree
MprConfigInterfaceTransportGetInfo
MprConfigInterfaceTransportGetHandle
MprConfigInterfaceEnum
MprAdminTransportSetInfo
MprAdminTransportGetInfo
MprAdminBufferFree
MprAdminInterfaceTransportSetInfo
MprAdminInterfaceTransportGetInfo
MprAdminInterfaceEnum
MprConfigTransportCreate
MprAdminGetErrorString
MprConfigTransportGetInfo
MprConfigTransportSetInfo
MprAdminMIBEntryGetFirst
MprAdminMIBEntryGetNext
MprAdminMIBEntryGet
MprAdminMIBBufferFree
MprConfigServerConnect
MprAdminMIBServerConnect
MprAdminServerConnect
MprConfigServerDisconnect
MprAdminMIBServerDisconnect
MprAdminServerDisconnect
MprConfigTransportGetHandle
MprConfigInterfaceTransportSetInfo

mprsnap

?CreateInfoBase@@YGJPAPAUIInfoBase@@@Z
?LookupRtrMgrInterface@@YGJPAUIRouterInfo@@PBGKPAPAUIRtrMgrInterfaceInfo@@@Z
?IsRouterServiceRunning@@YGJPBGPAK@Z
?LookupRtrMgrProtocolInterface@@YGJPAUIInterfaceInfo@@KKPAPAUIRtrMgrProtocolInterfaceInfo@@@Z
?CreateRouterInfoAggregation@@YGJPAUIRouterInfo@@PAUIUnknown@@PAPAU2@@Z
?CreateRtrMgrInfoAggregation@@YGJPAUIRtrMgrInfo@@PAUIUnknown@@PAPAU2@@Z
?CreateRtrMgrProtocolInfoAggregation@@YGJPAUIRtrMgrProtocolInfo@@PAUIUnknown@@PAPAU2@@Z
?CreateInterfaceInfoAggregation@@YGJPAUIInterfaceInfo@@PAUIUnknown@@PAPAU2@@Z
?ConnectRegistry@@YGKPBGPAPAUHKEY__@@@Z
?LoadInfoBase@@YGJPAX0PAPAUIInfoBase@@1@Z
?ConnectRouter@@YGKPBGPAPAX@Z
?ForceGlobalRefresh@@YGJPAUIRouterInfo@@@Z
?UpdateRoutes@@YGKPBG0KPAUHWND__@@@Z
?DisconnectRegistry@@YGXPAUHKEY__@@@Z
?QueryRouterVersionInfo@@YGJPAUHKEY__@@PAU_RouterVersionInfo@@@Z
?AddIpPerInterfaceBlocks@@YGJPAUIInterfaceInfo@@PAUIInfoBase@@@Z
?IsNT4Machine@@YGKPAUHKEY__@@PAH@Z
?CreateRtrMgrInterfaceInfo@@YGJPAPAUIRtrMgrInterfaceInfo@@PBGK1K@Z
?CreateRtrMgrProtocolInterfaceInfo@@YGJPAPAUIRtrMgrProtocolInterfaceInfo@@PBURtrMgrProtocolInterfaceCB@@@Z
?CreateRtrMgrProtocolInfo@@YGJPAPAUIRtrMgrProtocolInfo@@PBU_RtrMgrProtocolCB@@@Z

netapi32

NetWkstaGetInfo
NetApiBufferFree

ole32

CoCreateInstanceEx
CoQueryProxyBlanket
CoSetProxyBlanket
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
StringFromCLSID
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
SysStringLen

user32

UnhookWindowsHookEx
CallNextHookEx
GetSysColor
SetFocus
SendMessageW
EnableWindow
GetParent
PostMessageW
LoadBitmapW
BeginDeferWindowPos
EndDeferWindowPos
GetClassNameW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
ScreenToClient
CreatePopupMenu
SystemParametersInfoW
GetActiveWindow
FillRect
EndPaint
DefWindowProcW
CallWindowProcW
GetKeyState
wsprintfW
MessageBeep
GetWindowLongW
SetWindowLongW
SetWindowsHookExW
GetDC
ReleaseDC
PostQuitMessage
EnumChildWindows
SetActiveWindow
TranslateMessage
SendNotifyMessageW
EnumThreadWindows
GetDesktopWindow
IsWindowVisible
SetWindowPos
GetDlgCtrlID
WinHelpW
IsWindowEnabled
ShowWindow
GetWindowRect
GetDlgItem
DestroyIcon
LoadIconW
RegisterClipboardFormatW
LoadCursorW
RegisterClassW
InvalidateRect
CreateWindowExW
DestroyWindow
GetAsyncKeyState
IsWindow
GetSystemMetrics
GetFocus
GetClientRect
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
SetTimer
KillTimer
BeginPaint
AppendMenuW

ws2_32

ntohl
ntohs
inet_ntoa
inet_addr

ntdll

RtlRunDecodeUnicodeString

comctl32

CreatePropertySheetPageW
ImageList_ReplaceIcon

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a83c147f4152787e4563c914acdeda4e

Headers

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

rtrfiltr

advapi32

gdi32

kernel32

mprapi

mprsnap

netapi32

ole32

oleaut32

user32

ws2_32

ntdll

comctl32

Exports

Exports

Sections

.text Size: 594KB - Virtual size: 594KB

.data Size: 17KB - Virtual size: 32KB

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 63KB - Virtual size: 62KB

.text
Size: 594KB - Virtual size: 594KB

.data
Size: 17KB - Virtual size: 32KB

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 63KB - Virtual size: 62KB