830c252100ce07cc8e68d2d4cad1a4d76d36af523aea91c31939edc689d26366N

Sharing

Copy URL

Twitter E-mail

General

Target

830c252100ce07cc8e68d2d4cad1a4d76d36af523aea91c31939edc689d26366N
Size

127KB
MD5

907c5a86298fb2b53baf49a0bb5d44f0
SHA1

0ac826f9f8abfd89e13a77190ced64cffd952e69
SHA256

830c252100ce07cc8e68d2d4cad1a4d76d36af523aea91c31939edc689d26366
SHA512

a109a92346f7e01154ec52090dbb5fc41596f20ea9427a8a8afd94698b05dcac31cc4bd2346a98904a45a8dacd498211bc1ef4c0e0c94c311f8947eeb2823886
SSDEEP

3072:SH9BZtiKUdVc8+ECiuf19Y3xXKhLsOexAu1kd8uj4cJwu+fcEYlk7PQ:g9BaKUdV+EsYBXsIzjkd8u8buqfM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ipsmsnap.dll

Files

830c252100ce07cc8e68d2d4cad1a4d76d36af523aea91c31939edc689d26366N
.cab
ipsmsnap.dll
.dll regsvr32 windows:5 windows x86 arch:x86

ccb5aaeac56ae15b75f415fb8b7418fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

IpsmSnap.pdb

Imports

mfc42u

ord1128
ord1226
ord2248
ord538
ord2859
ord6303
ord3579
ord543
ord803
ord4162
ord521
ord860
ord1105
ord793
ord609
ord2567
ord4390
ord3569
ord3714
ord3871
ord925
ord5706
ord4124
ord2756
ord940
ord2809
ord3133
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord3090
ord3312
ord4118
ord600
ord1240
ord1173
ord1571
ord1250
ord1248
ord1563
ord1194
ord342
ord1179
ord1570
ord1568
ord1115
ord269
ord826
ord3948
ord815
ord1767
ord561
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6048
ord2506
ord4992
ord4370
ord5261
ord656
ord825
ord567
ord3605
ord4418
ord3736
ord3348
ord2078
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord641
ord4401
ord1768
ord4073
ord6051
ord3867
ord1196
ord2910
ord3870
ord6371
ord4269
ord4669
ord4678
ord4667
ord4445
ord4674
ord2914
ord541
ord341
ord6139
ord6136
ord654
ord801
ord942
ord1197
ord2099
ord2836
ord6379
ord5436
ord6390
ord5446
ord3991
ord6898
ord2810
ord6896
ord6211
ord6024
ord3993
ord6003
ord3635
ord3365
ord4396
ord2574
ord3658
ord6330
ord693
ord4829
ord5283
ord4848
ord4371
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord5293
ord823
ord2606
ord858
ord1144
ord6466
ord4155
ord2644
ord1662
ord1165
ord861
ord535
ord6195
ord4704
ord1771
ord5977
ord2294
ord800
ord540
ord4419
ord2717
ord817
ord565
ord5711
ord4693
ord2718
ord5299
ord4221
ord1940
ord1941
ord4282
ord491
ord2371
ord6451
ord489
ord768
ord4253
ord1899
ord859
ord4199
ord4229
ord324
ord326
ord1808
ord818
ord3737
ord941
ord1145
ord1230
ord2144
ord2755
ord4270
ord5568
ord4847
ord4050
ord2634
ord3087
ord5276

msvcrt

_wcsdup
malloc
free
_except_handler3
wcscmp
_wcsicmp
_purecall
__CxxFrameHandler
_itow
_wtoi
wcslen
time
wcstoul
iswdigit
wcscpy
wcscat
_initterm
??1type_info@@UAE@XZ
_adjust_fdiv
__dllonexit
qsort
_onexit
?terminate@@YAXXZ

atl

ord32
ord16
ord15
ord22
ord18
ord21

winipsec

ord40
ord55
ord51
ord65
ord25
ord62
ord43
ord56
ord61
ord46
ord45
ord30
ord22
ord49
ord44
ord80
ord35

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegConnectRegistryW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExA

gdi32

CreateFontIndirectW
GetCharWidthW
CreateSolidBrush
Rectangle
SetTextColor
SetBkColor
TextOutW
GetDeviceCaps
DeleteObject
SelectObject

kernel32

VirtualFree
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
lstrcmpW
HeapAlloc
WideCharToMultiByte
LocalAlloc
LocalFree
Sleep
GlobalAlloc
lstrcpyW
WaitForSingleObject
CreateEventW
GetWindowsDirectoryW
lstrcatW
FormatMessageW
FreeLibrary
GetCurrentThread
lstrcmpiW
OutputDebugStringA
GetModuleFileNameW
QueryPerformanceCounter
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
VirtualAlloc
GetCurrentProcess
CloseHandle
GetLastError
lstrlenW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GlobalFree
GetComputerNameW
GetTickCount
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
LoadLibraryA
SetLastError
GlobalUnlock
GlobalLock
WaitForSingleObjectEx
ResumeThread
DuplicateHandle
ResetEvent
SetEvent
lstrcpynW
GetThreadLocale

oleaut32

SysAllocString
SysStringLen
SysFreeString

ole32

StringFromGUID2
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize
ReleaseStgMedium

user32

GetActiveWindow
SystemParametersInfoW
IsWindow
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
LoadCursorW
InvalidateRect
GetFocus
BeginPaint
GetSysColor
GetWindowRect
MessageBeep
SetTimer
KillTimer
GetClientRect
FillRect
EndPaint
EnumThreadWindows
CallWindowProcW
GetKeyState
SetFocus
GetDC
ReleaseDC
SetActiveWindow
PostMessageW
LoadStringW
LoadIconW
SendMessageW
wsprintfW
EnableWindow
TranslateMessage
DispatchMessageW
RegisterClipboardFormatW
SendNotifyMessageW
RegisterClassW
GetDesktopWindow
IsWindowVisible
GetDlgCtrlID
WinHelpW
GetParent
GetClassNameW
DestroyWindow
MessageBoxW
PeekMessageW
GetWindowLongW
LoadBitmapW
ScreenToClient
SetWindowLongW
SetWindowPos
DefWindowProcW
CreateWindowExW

wsock32

ntohl
inet_addr
WSAGetLastError
htonl
WSAStartup
ioctlsocket
gethostbyaddr
WSACleanup

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertGetNameStringW
CertNameToStrW

iphlpapi

GetIpAddrTable

wldap32

ord224
ord122

userenv

GetAppliedGPOListW
FreeGPOListW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccb5aaeac56ae15b75f415fb8b7418fe

Headers

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

winipsec

advapi32

gdi32

kernel32

oleaut32

ole32

user32

wsock32

crypt32

iphlpapi

wldap32

userenv

Exports

Exports

Sections

.text Size: 291KB - Virtual size: 291KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 291KB - Virtual size: 291KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 31KB - Virtual size: 31KB