70ca289df1e448039a3254352b2e9831ac416227b9d2ab5ec6eb9bb840d8688cN

Sharing

Copy URL Twitter E-mail

General

Target

70ca289df1e448039a3254352b2e9831ac416227b9d2ab5ec6eb9bb840d8688cN
Size

358KB
MD5

138d050e64738e15d9416dc7130cdc00
SHA1

988bcd6348fd6b686fe940a89f377b0b472738f2
SHA256

70ca289df1e448039a3254352b2e9831ac416227b9d2ab5ec6eb9bb840d8688c
SHA512

59221b66cd90d6a0b50afdf9de22c960d337ab3dbbd4c3bbd42174d93e8b35f930d55c110d80f59b14c29f42fa39ae78bfd9b81307b4d03ef51f90d1adc9dcf9
SSDEEP

6144:Memgxy5wVprpNa61cX00N7QRUtP0+BYMUXVjWd62XPWXzroIyI:MxTSJa00pQReP0+BYHguXzr4I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/syssbck.dll

Files

70ca289df1e448039a3254352b2e9831ac416227b9d2ab5ec6eb9bb840d8688cN
.cab
syssbck.dll
.dll windows:5 windows x86 arch:x86

a496188dd6abe00db128fa4df17e90e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

syssetup.pdb

Imports

setupapi

pSetupAppendStringToMultiSz
pSetupSetNoDriverPrompts
SetupDiBuildClassInfoList
SetupDiGetClassDescriptionW
pSetupDiGetDeviceInfoContext
SetupGetFileQueueFlags
pSetupVerifyQueuedCatalogs
pSetupInfIsFromOemLocation
pSetupDiSetDeviceInfoContext
CMP_WaitNoPendingInstallEvents
SetupDiGetClassDevsExW
pSetupInfCacheBuild
CM_Open_Class_KeyW
SetupDiGetINFClassW
pSetupIsGuidNull
SetupDiClassGuidsFromNameW
pSetupQueryMultiSzValueToArray
pSetupSetArrayToMultiSzValue
pSetupFreeStringArray
SetupAddToSourceListW
SetupRemoveFromSourceListW
pSetupOutOfMemory
SetupGetLineTextW
pSetupUnicodeToMultiByte
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW
pSetupStringFromGuid
pSetupRegistryDelnode
SetupInstallServicesFromInfSectionExW
pSetupInstallStopEx
SetupIterateCabinetW
SetupPromptForDiskW
pSetupGetRealSystemTime
pSetupOpenAndMapFileForRead
pSetupUnmapAndCloseFile
SetupScanFileQueueW
pSetupSetSystemSourcePath
SetupOpenAppendInfFileW
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupGetInfInformationW
SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupDecompressOrCopyFileW
SetupQueryInfFileInformationW
pSetupVerifyFile
pSetupGetCurrentDriverSigningPolicy
pSetupHandleFailedVerification
SetupQueueCopyW
SetupOpenFileQueue
SetupInstallFilesFromInfSectionW
SetupCommitFileQueueW
SetupCloseFileQueue
pSetupVerifyCatalogFile
pSetupInstallCatalog
pSetupGetField
SetupGetFieldCount
SetupInstallFromInfSectionW
SetupDiSelectBestCompatDrv
SetupFindNextMatchLineW
SetupOpenLog
pSetupGetFileTitle
SetupLogErrorW
SetupCloseLog
SetupDiCreateDevRegKeyW
SetupGetMultiSzFieldW
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
CM_Get_DevNode_Status
SetupDiCreateDeviceInfoW
SetupDiRegisterDeviceInfo
SetupDiSetSelectedDriverW
SetupDiDeleteDeviceInfo
SetupDiInstallDevice
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
pSetupAcquireSCMLock
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInfoW
pSetupRetrieveServiceConfig
pSetupAddTagToGroupOrderListEntry
SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDriverInfoW
SetupDiGetDriverInstallParamsW
SetupDiSetDriverInstallParamsW
pSetupCenterWindowRelativeToParent
SetupGetIntField
SetupGetLineByIndexW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
SetupDiDestroyDeviceInfoList
pSetupEnablePrivilege
pSetupStringTableInitialize
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupDiGetSelectedDriverW
pSetupGuidFromString
SetupDiOpenDevRegKey
SetupCopyOEMInfW
SetupDiBuildDriverInfoList
SetupDiOpenClassRegKey
SetupDiInstallClassW
SetupDiGetDriverInfoDetailW
pSetupStringTableAddString
pSetupStringTableInitializeEx
SetupCloseInfFile
pSetupStringTableLookUpString
pSetupStringTableGetExtraData
pSetupDuplicateString
pSetupStringTableAddStringEx
pSetupStringTableDestroy
SetupOpenInfFileW
pSetupRealloc
SetupDiGetClassInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInfoListDetailW
SetupDiLoadClassIcon
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupFindFirstLineW
SetupGetStringFieldW
pSetupConcatenatePaths
SetupFindNextLine
pSetupMalloc
pSetupFree
pSetupMultiByteToUnicode

ntdll

NtOpenSymbolicLinkObject
RtlUnhandledExceptionFilter
NtCreateEvent
NtOpenEvent
NtPowerInformation
NtOpenFile
NtSetSystemInformation
RtlCopyUnicodeString
RtlCopySid
RtlSubAuthoritySid
RtlImageNtHeader
RtlLockBootStatusData
NtQuerySymbolicLinkObject
RtlCreateBootStatusDataFile
RtlUnlockBootStatusData
NtDeviceIoControlFile
NtQuerySystemInformation
NtCreateFile
DbgPrintEx
NtOpenKey
NtQueryValueKey
RtlIntegerToUnicodeString
VerSetConditionMask
NtQuerySystemEnvironmentValue
NtSetSystemEnvironmentValue
NtOpenDirectoryObject
RtlInitUnicodeString
RtlInitializeSid
NtQueryDirectoryObject
RtlAppendUnicodeStringToString
NtClose
RtlUnwind
DbgBreakPoint
RtlEqualUnicodeString
RtlSubAuthorityCountSid
RtlGetSetBootStatusData
RtlLengthRequiredSid
RtlNtStatusToDosError
RtlEqualSid

advapi32

RegCreateKeyW
SystemFunction040
RegFlushKey
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyW
RegConnectRegistryW
FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
GetAclInformation
AddAce
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyKey
CryptDestroyHash
AddAccessAllowedAceEx
RegRestoreKeyW
RegDeleteKeyW
OpenEventLogW
ClearEventLogW
CloseEventLog
LookupAccountNameW
DeleteService
CreateServiceW
LsaSetInformationPolicy
LsaNtStatusToWinError
LsaStorePrivateData
AdjustTokenPrivileges
RegSaveKeyW
RegLoadKeyW
RegUnLoadKeyW
RegReplaceKeyW
RegSaveKeyExW
QueryServiceLockStatusW
RegCreateKeyExA
RegOpenKeyExA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LookupAccountSidW
LsaOpenPolicy
LsaClose
LsaQueryInformationPolicy
LsaFreeMemory
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidSubAuthority
RegEnumKeyExW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
EnumDependentServicesW
ControlService
StartServiceW
LockServiceDatabase
QueryServiceConfigW
QueryServiceStatus
RegDeleteValueW
EnumServicesStatusW
ChangeServiceConfigW
UnlockServiceDatabase
OpenSCManagerW
OpenServiceW
CloseServiceHandle
LookupPrivilegeValueW
OpenProcessToken
PrivilegeCheck
RegQueryInfoKeyW
RegEnumValueW
GetSecurityDescriptorDacl
SetEntriesInAclW
GetLengthSid
CopySid

gdi32

SetBkColor
GetObjectW
CreateCompatibleDC
SetBkMode
SelectObject
GetTextExtentPointW
GetStockObject
AddFontResourceW
GetDeviceCaps
SetTextColor
StretchDIBits
BitBlt
DeleteDC
CreateFontIndirectW
SetStretchBltMode
CreateDIBSection
DeleteObject

kernel32

lstrlenA
GetPrivateProfileIntW
GetGeoInfoW
GetOEMCP
WaitForSingleObjectEx
GetStartupInfoW
GetTempPathW
CopyFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetModuleFileNameW
GetLocalTime
WideCharToMultiByte
OutputDebugStringW
CreateMutexW
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateActCtxW
SetEnvironmentVariableW
RemoveDirectoryW
GetTempFileNameW
CreateDirectoryW
FindNextFileW
WritePrivateProfileStringW
GetSystemInfo
FormatMessageW
FreeLibraryAndExitThread
GetVersion
GetStringTypeW
GetModuleHandleW
SetUnhandledExceptionFilter
ReleaseMutex
GetFileAttributesW
lstrcmpW
LocalAlloc
GetCurrentThreadId
CreateThread
SetTimeZoneInformation
Sleep
GetDriveTypeW
SetErrorMode
GetFileSize
SetFilePointer
ReadFile
MultiByteToWideChar
IsWow64Process
FlushFileBuffers
DnsHostnameToComputerNameW
IsValidLocale
GetLocaleInfoW
VerifyVersionInfoW
DuplicateHandle
DelayLoadFailureHook
SetEndOfFile
SetStdHandle
IsValidCodePage
EnumSystemLocalesA
GetLocaleInfoA
EnumSystemLocalesW
GetUserDefaultLCID
EnumSystemGeoID
GetUserGeoID
SetUserGeoID
CompareStringW
GlobalFree
GlobalAlloc
LoadLibraryA
LoadLibraryExW
GetTickCount
GetSystemTimeAsFileTime
DeleteFileA
CopyFileA
OpenEventW
GetSystemTime
SearchPathW
GetExitCodeThread
DisconnectNamedPipe
ConnectNamedPipe
SetEvent
CreateNamedPipeW
CreateEventW
ExitProcess
ExitThread
GetLogicalDrives
SetComputerNameExW
SetThreadExecutionState
GetThreadLocale
TerminateThread
SetThreadLocale
IsDebuggerPresent
lstrcmpiA
lstrcpyA
MoveFileW
GlobalMemoryStatusEx
GetLogicalDriveStringsW
LockResource
LoadResource
FindResourceW
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
LocalReAlloc
lstrcpynA
HeapReAlloc
lstrcmpA
CreateFileA
GetFullPathNameA
HeapDestroy
GetModuleHandleA
HeapCreate
GetACP
CreateEventA
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
IsDBCSLeadByte
FormatMessageA
GetWindowsDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetTimeZoneInformation
GetCommandLineA
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
VirtualFree
VirtualAlloc
InterlockedExchange
VirtualQuery
LCMapStringA
LCMapStringW
GetStringTypeA
LocalSize
_lwrite
_lcreat
SetFileAttributesA
_lclose
_lread
_llseek
_lopen
GetCurrentThread
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentProcess
InterlockedIncrement
GetProcAddress
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
DeleteFileW
SetFileAttributesW
GetWindowsDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
FindClose
FindFirstFileW
QueryDosDeviceW
CloseHandle
GetLastError
DeviceIoControl
CreateFileW
lstrlenW
GetVolumeInformationW
GetSystemDirectoryW
lstrcpyW
lstrcpynW
GetSystemWindowsDirectoryW
lstrcmpiW
lstrcatW
LocalFree
SetLastError
GetDiskFreeSpaceW
ExpandEnvironmentStringsW
GetVersionExW
GetEnvironmentVariableW
GetComputerNameW
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
CreateProcessW
VirtualProtect

powrprof

SetActivePwrScheme

user32

UpdateWindow
CharToOemA
wsprintfA
IsDlgButtonChecked
SendMessageW
SetWindowLongW
CheckRadioButton
PostMessageW
GetParent
EnableWindow
GetDlgItem
CheckDlgButton
LoadStringW
SetDlgItemTextW
DestroyIcon
SendDlgItemMessageW
WinHelpW
wsprintfW
CharLowerW
EndDialog
LoadBitmapW
LoadCursorW
PostThreadMessageW
ShowCursor
SetCursor
DialogBoxParamW
IsWindow
SetFocus
SetTimer
KillTimer
DispatchMessageW
GetMessageW
CharUpperBuffW
LoadIconW
GetWindowLongW
MessageBoxW
CharUpperW
EndPaint
GetClientRect
GetSysColor
DrawTextW
GetSystemMetrics
BeginPaint
DefWindowProcW
UnregisterClassW
RegisterClassW
MsgWaitForMultipleObjects
SetForegroundWindow
SetWindowTextW
ReleaseDC
GetDC
LoadImageW
PostQuitMessage
DestroyWindow
RegisterHotKey
SetShellWindow
ShowWindow
CreateWindowExW
PeekMessageW
WaitMessage
GetKeyboardLayout
GetDlgItemTextW
ChangeDisplaySettingsW
EnumDisplaySettingsW
CallWindowProcW
GetDlgCtrlID
CharUpperA
InvalidateRect
GetSysColorBrush
SendMessageTimeoutW
wvsprintfA
MoveWindow
ClientToScreen
GetWindowRect
GetDesktopWindow
GetAsyncKeyState
GetActiveWindow
wvsprintfW
FillRect
SetActiveWindow
SetWindowPos
EnableMenuItem
GetSystemMenu
MessageBoxA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

sfc

ord1

sfcfiles

SfcGetFiles

shlwapi

StrTrimW
SHRegGetValueW
StrCmpNIW
wvnsprintfW
StrStrIW
SHDeleteKeyW

cryptui

I_CryptUIProtect

netapi32

NetpNtStatusToApiStatus
NetUserGetInfo
NetApiBufferFree
NetGetJoinInformation
NetUserSetInfo

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
UuidCreate
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
NdrClientCall2

urlmon

CoInternetParseUrl

imm32

ImmAssociateContext

wintrust

CryptCATAdminRemoveCatalog
CryptCATAdminAcquireContext
CryptCATClose
CryptCATEnumerateCatAttr
CryptCATAdminReleaseContext
IsCatalogFile
CryptCATOpen

Exports

Exports

AsrAddSifEntryA
AsrAddSifEntryW
AsrCreateStateFileA
AsrCreateStateFileW
AsrFreeContext
AsrRestorePlugPlayRegistryData
AsrpGetLocalDiskInfo
AsrpGetLocalVolumeInfo
AsrpRestoreNonCriticalDisksW
ComputerClassInstaller
CreateLocalAdminAccount
CreateLocalAdminAccountEx
CreateLocalUserAccount
CriticalDeviceCoInstaller
DevInstallW
DeviceBayClassInstaller
DiskPropPageProvider
DoInstallComponentInfs
EisaUpHalCoInstaller
GenerateName
GetAnswerFileSetting
HdcClassInstaller
InitializeSetupLog
InstallWindowsNt
InvokeExternalApplicationEx
KeyboardClassInstaller
LegacyDriverPropPageProvider
MigrateExceptionPackages
MouseClassInstaller
NtApmClassInstaller
OpkCheckVersion
PS2MousePropPageProvider
PnPInitializationThread
PrepareForAudit
RepairStartMenuItems
ReportError
RunOEMExtraTasks
ScsiClassInstaller
SetAccountsDomainSid
SetupAddOrRemoveTestCertificate
SetupChangeFontSize
SetupChangeLocale
SetupChangeLocaleEx
SetupCreateOptionalComponentsPage
SetupDestroyLanguageList
SetupDestroyPhoneList
SetupEnumerateRegisteredOsComponents
SetupExtendPartition
SetupGetGeoOptions
SetupGetInstallMode
SetupGetKeyboardOptions
SetupGetLocaleOptions
SetupGetProductType
SetupGetSetupInfo
SetupGetValidEula
SetupIEHardeningSettings
SetupInfObjectInstallActionW
SetupInstallCatalog
SetupMapTapiToIso
SetupOobeBnk
SetupOobeCleanup
SetupOobeInitDebugLog
SetupOobeInitPostServices
SetupOobeInitPreServices
SetupPidGen3
SetupQueryRegisteredOsComponent
SetupQueryRegisteredOsComponentsOrder
SetupReadPhoneList
SetupRegisterOsComponent
SetupSetAdminPassword
SetupSetDisplay
SetupSetIntlOptions
SetupSetRegisteredOsComponentsOrder
SetupSetSetupInfo
SetupShellSettings
SetupStartService
SetupUnRegisterOsComponent
StorageCoInstaller
SystemUpdateUserProfileDirectory
TapeClassInstaller
TapePropPageProvider
TerminateSetupLog
UpdatePnpDeviceDrivers
UpgradePrinters
ViewSetupActionLog
VolumeClassInstaller
pSetupDebugPrint
pSetuplogSfcError

Sections

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 860KB - Virtual size: 859KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a496188dd6abe00db128fa4df17e90e7

Headers

File Characteristics

PDB Paths

Imports

setupapi

ntdll

advapi32

gdi32

kernel32

powrprof

user32

version

sfc

sfcfiles

shlwapi

cryptui

netapi32

rpcrt4

urlmon

imm32

wintrust

Exports

Exports

Sections

.text Size: 527KB - Virtual size: 527KB

.data Size: 11KB - Virtual size: 44KB

.rsrc Size: 860KB - Virtual size: 859KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 527KB - Virtual size: 527KB

.data
Size: 11KB - Virtual size: 44KB

.rsrc
Size: 860KB - Virtual size: 859KB

.reloc
Size: 32KB - Virtual size: 32KB