b37efcd46682c47d6b10522dadb58b056a6b01e23ff209ccc81a669413c677b3N

Sharing

Copy URL Twitter E-mail

General

Target

b37efcd46682c47d6b10522dadb58b056a6b01e23ff209ccc81a669413c677b3N
Size

623KB
MD5

98cbea1f5f2e3ffbddf7613cd08dbda0
SHA1

6225e309a21f8aac7a0b7f3bccc1e1a1bbda57ac
SHA256

b37efcd46682c47d6b10522dadb58b056a6b01e23ff209ccc81a669413c677b3
SHA512

d1b1298a6a531fe7a8e9aaadd23cbdb4427deb8e6fb037f394b67d1d682b5ce0002b59476b6f1bfaf692aa49b42dc77214f170546448c9ea99cc18e9c0dc1b74
SSDEEP

12288:1IEyvDUMVQfYllJs97b3xrtlyXWM5/z2cCGM7VxAOBjvrEH7ll:qEyvDUMVQfalJs7bhtlyjL2e4OorEH73

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b37efcd46682c47d6b10522dadb58b056a6b01e23ff209ccc81a669413c677b3N

Files

b37efcd46682c47d6b10522dadb58b056a6b01e23ff209ccc81a669413c677b3N
.dll windows:6 windows x86 arch:x86

78814ba3dca5854d429e851b774dd8aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DEVEL\StartIsBackPlusPlus\Release\StartIsBack32.pdb

Imports

shlwapi

ord487
StrCmpNIW
StrCpyNW
StrNCatW
PathParseIconLocationW
PathAddBackslashW
StrStrIW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
SHOpenRegStream2W
ord12
PathRemoveBlanksW
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathFileExistsW
PathRemoveBackslashW
StrToIntW
ord16
PathRemoveFileSpecW
PathAppendW
SHRegGetValueW
SHSetValueW
StrStrW
PathIsRelativeW
ord172
PathIsDirectoryW
PathIsUNCW
ord174
ord256
PathIsFileSpecW
PathStripToRootW
PathIsRootW
ord168
StrCmpIW
PathIsNetworkPathW
ord388
ord184
ord512
ord212
ord513
ord176
ord215
ord158
StrStrIA
StrCSpnA
SHStrDupW

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

uxtheme

SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
OpenThemeData
GetThemeInt
DrawThemeTextEx
CloseThemeData
GetThemeColor
DrawThemeBackground
DrawThemeParentBackground
BufferedPaintSetAlpha
GetThemeBackgroundContentRect
ord47
GetThemePartSize
GetBufferedPaintTargetDC
GetThemeEnumValue
GetThemeFont
GetThemeBool
GetThemeRect
GetThemeTextExtent
GetThemeMargins
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
GetThemePropertyOrigin
IsThemePartDefined
GetWindowTheme
GetThemeMetric
GetThemeBackgroundExtent

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

msvcrt

wcscpy_s
wcscat_s
malloc
free
_vsnwprintf
isspace
_wcsnicmp
isprint
wcstok_s
wcsstr
vswprintf_s
_wcsicmp
??3@YAXPAX@Z
atoi
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
memmove
_except_handler4_common
wcsncmp
vsprintf_s
??2@YAPAXI@Z
tolower
wcschr
memcpy
memcmp
memset

kernel32

ExitThread
SleepEx
TerminateProcess
IsBadReadPtr
GetUserDefaultLangID
FindResourceW
GlobalLock
GetPrivateProfileStringW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateMutexW
lstrcatW
lstrcpynW
GetApplicationUserModelId
OpenProcess
GetWindowsDirectoryW
LoadLibraryW
DeleteFileW
MoveFileExW
LocalAlloc
LocalFree
TlsAlloc
TlsGetValue
TlsSetValue
QueueUserWorkItem
CompareStringOrdinal
CompareFileTime
GetTempPathW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
GetCurrentProcessId
ProcessIdToSessionId
FindPackagesByPackageFamily
PackageFamilyNameFromFullName
GetModuleFileNameW
OpenMutexW
GetVersionExW
GlobalUnlock
DisableThreadLibraryCalls
GetModuleHandleExW
RtlCaptureContext
GetUserDefaultUILanguage
GetComputerNameExW
OpenEventW
LoadResource
SizeofResource
DebugBreak
lstrcpynA
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetLastError
LoadLibraryA
GetPrivateProfileIntW
GlobalAddAtomW
OutputDebugStringA
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
WaitForSingleObject
CreateThread
SetThreadPriority
Sleep
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetAtomNameW
lstrcmpW
CreateThreadpoolWork
InitializeCriticalSection
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
SubmitThreadpoolWork
ExpandEnvironmentStringsW
GetCurrentProcess
CreateProcessW
CreateFileA
GetSystemFirmwareTable
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryExW
FreeLibrary
QueueUserAPC
SetEvent
RaiseException
CreateEventW
ParseApplicationUserModelId
GetPackagesByPackageFamily
FindFirstFileW
FindNextFileW
FindClose
MoveFileW
InitOnceExecuteOnce
RegisterWaitForSingleObject
UnregisterWaitEx
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
DeleteTimerQueueTimer
CreateTimerQueueTimer

user32

EndDeferWindowPos
IsWindowVisible
GetWindow
MapWindowPoints
LockSetForegroundWindow
GetFocus
IsWindow
SetFocus
SetLayeredWindowAttributes
PeekMessageW
SystemParametersInfoW
NotifyWinEvent
ShowWindow
GetParent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuItem
RegisterWindowMessageW
GetClassWord
GetSystemMetrics
BeginDeferWindowPos
PrintWindow
GetAsyncKeyState
SendNotifyMessageW
CallNextHookEx
SetWinEventHook
UnhookWinEvent
SetWindowsHookExW
TrackPopupMenuEx
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetWindowTextW
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetCursor
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
DrawFocusRect
EndDialog
GetSysColorBrush
GetActiveWindow
SetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
SetMenuItemInfoW
TrackPopupMenu
TranslateMessage
GetMenuItemID
GetMenuDefaultItem
GetDC
PtInRect
InvalidateRect
GetMenuState
ExitWindowsEx
GetDoubleClickTime
EnableWindow
WindowFromDC
CallWindowProcW
CharLowerW
SetCapture
ReleaseCapture
DrawTextW
FillRect
IsRectEmpty
EqualRect
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
LoadImageW
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
GetMessageW
GetRawInputDeviceList
EnumThreadWindows
DrawIconEx
UnionRect
UnregisterClassW
MonitorFromRect
SetForegroundWindow
GetWindowRgnBox
GetLayeredWindowAttributes
IsIconic
GetForegroundWindow
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
AllowSetForegroundWindow
SwitchToThisWindow
SetActiveWindow
RegisterClipboardFormatW
GetMessageExtraInfo
ChildWindowFromPointEx
LookupIconIdFromDirectoryEx
PostThreadMessageW
SetRect
GetMonitorInfoW
RegisterClassW
LoadCursorW
DestroyWindow
SetWindowLongW
GetWindowRgn
UpdateLayeredWindow
GetWindowDC
MonitorFromWindow
IsChild
GetGUIThreadInfo
GetAncestor
DefWindowProcW
RemovePropW
GetWindowLongW
SetWindowPos
SetTimer
FindWindowW
KillTimer
GetShellWindow
CreateWindowExW
GetWindowThreadProcessId
FindWindowExW
DialogBoxParamW
EndPaint
OffsetRect
GetWindowRect
GetWindowInfo
BeginPaint
SetPropW
GetPropW
GetDlgItem
GetComboBoxInfo
GetClassNameW
ReleaseDC
GetDCEx
PostMessageW
SendMessageW
RedrawWindow
EnumChildWindows
GetClientRect
SetWindowRgn
GetSysColor
CreateIconIndirect
GetKeyState
wsprintfW
LoadStringW
wsprintfA
DeferWindowPos
InflateRect

gdi32

GetLayout
GetCharWidth32W
CreateFontW
RestoreDC
ExcludeClipRect
SaveDC
GdiFlush
GetRgnBox
CombineRgn
CreateRectRgnIndirect
GetStockObject
ExtTextOutW
CreateSolidBrush
SetBkColor
SetTextColor
BitBlt
SetLayout
CreateRectRgn
DeleteObject
CreateBitmap
DeleteDC
GdiAlphaBlend
GetObjectW
SelectObject
CreateCompatibleDC
CreateDIBSection
GetTextExtentExPointW
OffsetClipRgn
SelectClipRgn
StretchBlt
GetDeviceCaps
StretchDIBits
OffsetRgn
GetBoundsRect
SetBoundsRect
GetClipBox
GetCurrentObject
GetBkMode
SetBkMode
GetBkColor
GetTextColor
TextOutW
GetTextExtentPointW
SetWindowOrgEx
CreateFontIndirectW

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyW
RegCreateKeyW
RegSetKeyValueW
RegGetValueW
RegDeleteKeyValueW
RegOpenKeyExW
RegEnumKeyW
RegNotifyChangeKeyValue
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
InitiateShutdownW
GetUserNameW
RegQueryValueExA
RegDeleteValueA

shell32

ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
Shell_NotifyIconGetRect
ShellExecuteW
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
SHGetIDListFromObject
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
SHGetFileInfoW
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord22
ord134
ord132
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88
ord644
ord645
ord4
ord2
SHGetStockIconInfo
ord62
SHFileOperationW
SHCreateItemWithParent

ole32

CoInitialize
CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
StringFromGUID2
ReleaseStgMedium
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LoadSystemOrb2
PickGlyphDlg
RemoteInit

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78814ba3dca5854d429e851b774dd8aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

dwmapi

uxtheme

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 310KB - Virtual size: 309KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 145KB - Virtual size: 145KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 145KB - Virtual size: 145KB

.reloc
Size: 27KB - Virtual size: 27KB