3ce205b17ce75cd75afeadaa5b4c8bb7c49b5027877def636577e415ecab765bN

Sharing

Copy URL Twitter E-mail

General

Target

3ce205b17ce75cd75afeadaa5b4c8bb7c49b5027877def636577e415ecab765bN
Size

36KB
MD5

b18e774f960948f59e78f4b55cd3c080
SHA1

0f6c7af841858451aced7a76a41f3bd62b59a241
SHA256

3ce205b17ce75cd75afeadaa5b4c8bb7c49b5027877def636577e415ecab765b
SHA512

205c4f5150ab3858506a0df0f86cbc7130e5bc50b4d22a8963d07acefbb9ce92f45a046e4f09fc750f6b33bd4c0df681f16e35e708ebbcc4dfbf39f80540638f
SSDEEP

768:p8XZ1kCKt4VBYlsmMtrPerhAbtNOJ1ISPiWRBz2VAX6V6PgxmYY:uXZ/hVIpsPeqtNOJLR4OXHPp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/capesnpn.dll

Files

3ce205b17ce75cd75afeadaa5b4c8bb7c49b5027877def636577e415ecab765bN
.cab
capesnpn.dll
.dll regsvr32 windows:5 windows x86 arch:x86

a5e9658382fe93db39c396be73c0caee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

capesnpn.pdb

Imports

msvcrt

free
??2@YAPAXI@Z
wcslen
wcscmp
?terminate@@YAXXZ
??3@YAXPAX@Z
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
memmove
_wcsicmp
wcscpy
wcscat
malloc
_purecall
_except_handler3
__RTDynamicCast
_vsnwprintf
wcschr
wcsrchr

atl

ord16
ord21
ord18
ord22
ord15
ord32

certcli

CAEnumCertTypes
CAGetCertTypePropertyEx
CAEnumNextCertType
CAGetCertTypeFlags
ord207
CACloseCertType
CAFindCertTypeByName
CAGetCertTypeProperty
CAFreeCertTypeProperty
CAFindByName
CACloseCA
CARemoveCACertificateType
CAAddCACertificateType
CAEnumCertTypesForCA
CAGetCAProperty
CAFreeCAProperty
CAUpdateCA
ord252
ord205
ord206
ord215
ord203
CAGetCertTypeExtensionsEx
CAFreeCertTypeExtensions

advapi32

AccessCheck
DuplicateToken
RegDeleteValueW
OpenThreadToken
IsValidSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
OpenProcessToken
RegDeleteKeyW
RegEnumKeyExW

wldap32

ord12
ord41
ord203
ord147
ord18
ord16
ord224
ord140
ord26
ord142
ord79
ord210
ord127
ord167
ord13

ole32

CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString

shell32

ShellExecuteExW

kernel32

GetVersion
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetACP
CompareStringW
FormatMessageW
DisableThreadLibraryCalls
GetComputerNameW
LocalReAlloc
GetCurrentThread
lstrcmpiW
GlobalLock
GlobalUnlock
LocalAlloc
GetCurrentProcess
CloseHandle
GetVersionExW
lstrlenW
GetCurrentThreadId
MultiByteToWideChar
OutputDebugStringW
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GlobalFree
GlobalAlloc
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LocalFree
GetSystemWindowsDirectoryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA

user32

DialogBoxParamW
RegisterClipboardFormatW
LoadStringW
LoadIconW
LoadBitmapW
SetCursor
LoadCursorW
GetDlgItem
PostMessageW
GetParent
SendMessageW
WinHelpW
GetDlgCtrlID
SetWindowLongW
GetWindowLongW
EndDialog
wsprintfW
LoadImageW
MessageBoxW

crypt32

CryptDecodeObject
CryptFindOIDInfo

gdi32

DeleteObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5e9658382fe93db39c396be73c0caee

Headers

File Characteristics

PDB Paths

Imports

msvcrt

atl

certcli

advapi32

wldap32

ole32

oleaut32

shell32

kernel32

user32

crypt32

gdi32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 67KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 67KB - Virtual size: 67KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 10KB - Virtual size: 10KB