a166b55952e3aa1161e6539b6876b6dcb38f57f0ce6e5616b22279d37ccb5118N

Sharing

Copy URL

Twitter E-mail

General

Target

a166b55952e3aa1161e6539b6876b6dcb38f57f0ce6e5616b22279d37ccb5118N
Size

753KB
MD5

8b26b62cdceb00bcad37bf1e90407940
SHA1

07a1ac638bdea274c539680318a1bee0e1dfc335
SHA256

a166b55952e3aa1161e6539b6876b6dcb38f57f0ce6e5616b22279d37ccb5118
SHA512

166b73f046d87e370398f64425556a95cc8d87923e1edd71f1072fd09048318c17345d2fe76aec23d473875ae31e166ec2d9a2f7cc4ddd8bd21e4c1f072e70ac
SSDEEP

12288:qKR3iFIjqwX+F/XiGp2NXs+VRIZJaBWwRzk8SyUTAcbNDoo+iVn2:qKRUMhk/XiGp2N8+VRgJawwqTPdn2

Score

1^/10

Malware Config

Signatures

Files

a166b55952e3aa1161e6539b6876b6dcb38f57f0ce6e5616b22279d37ccb5118N
.dll regsvr32 windows:6 windows x64 arch:x64

9be5f205e9c1fad612b8241456afd44f

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:b3:51:6e:75:c8:e0:62:2c:f7:dd:af:31:c6:a2:51:96:35:87:20:db:4f:52:d4:84:cf:2c:55:57:59:06:aa
Signer

Actual PE Digest

2c:b3:51:6e:75:c8:e0:62:2c:f7:dd:af:31:c6:a2:51:96:35:87:20:db:4f:52:d4:84:cf:2c:55:57:59:06:aa

Digest Algorithm

sha256

PE Digest Matches

true

2c:b3:51:6e:75:c8:e0:62:2c:f7:dd:af:31:c6:a2:51:96:35:87:20:db:4f:52:d4:84:cf:2c:55:57:59:06:aa
Signer

Actual PE Digest

2c:b3:51:6e:75:c8:e0:62:2c:f7:dd:af:31:c6:a2:51:96:35:87:20:db:4f:52:d4:84:cf:2c:55:57:59:06:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\dbs\el\omr\target\x64\ship\oneaddins\x-none\ONWordAddin.pdb

Imports

kernel32

SetLastError
GetModuleHandleExW
OutputDebugStringA
GetModuleFileNameW
FindActCtxSectionStringW
InitializeCriticalSectionEx
DeactivateActCtx
QueryActCtxW
GetLastError
LoadLibraryW
DecodePointer
DeleteCriticalSection
FindResourceW
SizeofResource
LoadResource
LockResource
GetThreadLocale
CloseHandle
CreateEventW
CreateThread
WaitForSingleObject
ResetEvent
SetEvent
RaiseException
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
SetThreadLocale
EncodePointer
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetUserDefaultLocaleName
IsValidCodePage
WideCharToMultiByte
FileTimeToSystemTime
GetStringTypeExW
GetSystemDirectoryW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
CompareStringEx
GetVersionExW
CreateFileW
LocalFree
HeapFree
HeapAlloc
GetProcessHeap
ActivateActCtx
TlsAlloc
FlsFree
TlsFree
GetLocaleInfoEx
LCIDToLocaleName
LocaleNameToLCID
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
GetUserDefaultLCID
UnmapViewOfFile
EnumSystemLocalesEx
GetSystemDefaultLocaleName
LoadLibraryExA
GetLongPathNameW
GetFinalPathNameByHandleW
IsDebuggerPresent
OutputDebugStringW
VirtualQuery
VirtualProtect
GetSystemInfo
InitOnceComplete
InitOnceBeginInitialize
CreateActCtxW
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable

ole32

CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
GetRunningObjectTable
CreateItemMoniker
CoCreateInstance
StringFromGUID2
CoCreateFreeThreadedMarshaler

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
wcsstr
memmove
__current_exception
memcmp
__C_specific_handler_noexcept
__current_exception_context
memcpy
_CxxThrowException
wcsrchr
wcschr
__std_exception_copy
__C_specific_handler
__std_terminate
_purecall
memset
__std_exception_destroy

msvcp140

?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?good@ios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
_Thrd_id
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Query_perf_counter
_Query_perf_frequency
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_recalloc

api-ms-win-crt-runtime-l1-1-0

abort
_invalid_parameter_noinfo
_errno
terminate
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_cexit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-string-l1-1-0

wcsncpy_s
_towupper_l
strncpy_s
wcstok_s
wcscpy_s
isdigit
wcsncat_s
strnlen
_stricmp
_wcsicmp
wcsnlen
wcscmp
isspace
strcmp
wcscat_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-convert-l1-1-0

_wtoi
_i64tow_s

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char
_create_locale

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9be5f205e9c1fad612b8241456afd44f

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

2c:b3:51:6e:75:c8:e0:62:2c:f7:dd:af:31:c6:a2:51:96:35:87:20:db:4f:52:d4:84:cf:2c:55:57:59:06:aaSigner

2c:b3:51:6e:75:c8:e0:62:2c:f7:dd:af:31:c6:a2:51:96:35:87:20:db:4f:52:d4:84:cf:2c:55:57:59:06:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

vcruntime140_1

vcruntime140

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 470KB - Virtual size: 470KB

.rdata Size: 209KB - Virtual size: 208KB

.data Size: 17KB - Virtual size: 40KB

.pdata Size: 20KB - Virtual size: 19KB

.didat Size: 1024B - Virtual size: 656B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 11KB - Virtual size: 10KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

2c:b3:51:6e:75:c8:e0:62:2c:f7:dd:af:31:c6:a2:51:96:35:87:20:db:4f:52:d4:84:cf:2c:55:57:59:06:aa
Signer

2c:b3:51:6e:75:c8:e0:62:2c:f7:dd:af:31:c6:a2:51:96:35:87:20:db:4f:52:d4:84:cf:2c:55:57:59:06:aa
Signer

.text
Size: 470KB - Virtual size: 470KB

.rdata
Size: 209KB - Virtual size: 208KB

.data
Size: 17KB - Virtual size: 40KB

.pdata
Size: 20KB - Virtual size: 19KB

.didat
Size: 1024B - Virtual size: 656B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 10KB