b92b072f781305165bcf752b835edb66dda25fd4cf223fe1489ed9e1ee0ba8a4N

Sharing

Copy URL

Twitter E-mail

General

Target

b92b072f781305165bcf752b835edb66dda25fd4cf223fe1489ed9e1ee0ba8a4N
Size

164KB
MD5

f2b4dd819faa93a1586bb6ffdc7be720
SHA1

942c1028204744c7bd9fc545993716998797d52b
SHA256

b92b072f781305165bcf752b835edb66dda25fd4cf223fe1489ed9e1ee0ba8a4
SHA512

25271c1f9a0531a61359fb999f8c1e142ee0a1598d7baa42b4b69e2715fcd12bcedb18817c4bd9f73207bdae3505320e1cd6e4d121279c11bb1a9577e04e5c6a
SSDEEP

3072:JXNIkXqvCLtpN5i+cEaXww3D+isRoUo6dzVxIzbhIoBXqVpITFo6zUz2EqdH:Je9vCLi+huF3KiooUo6dEPhIoBXqDCFt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cryptui.dll

Files

b92b072f781305165bcf752b835edb66dda25fd4cf223fe1489ed9e1ee0ba8a4N
.cab
cryptui.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d024409ee8e3e1ed9f8d2661df2161e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cryptui.pdb

Imports

msvcrt

wcslen
malloc
_adjust_fdiv
_initterm
_snprintf
free
wcschr
wcsrchr
_vsnwprintf
_purecall
memmove
strtoul
_wcsnicmp
_ltow
_wtol
swprintf
iswspace
iswprint
strtok
_stricmp
wcsncpy
_wcsicmp
_itow
wcscat
wcscmp
wcscpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3

kernel32

CreateFileMappingA
MapViewOfFile
DeleteFileW
GetCurrentDirectoryW
GetComputerNameW
SystemTimeToFileTime
WriteFile
LoadLibraryExA
lstrcatA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
WideCharToMultiByte
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
LocalReAlloc
lstrlenA
lstrcpyA
FormatMessageW
lstrcmpA
LoadLibraryA
FindResourceA
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrlenW
GetVersionExA
DisableThreadLibraryCalls
FindResourceExW
LoadResource
LockResource
FreeLibrary
LoadLibraryExW
OutputDebugStringA
LoadLibraryW
GetFileSize
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetCurrentThread
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
SetEndOfFile
SetFilePointer
GetLocalTime
CreateFileA
ExpandEnvironmentStringsA
DelayLoadFailureHook
UnmapViewOfFile
GetComputerNameExW
ExpandEnvironmentStringsW
CreateFileW
GetACP
MulDiv
Sleep
CompareStringA
CompareStringW
GetDateFormatA
GetTimeFormatA
CompareFileTime

advapi32

CryptSetProvParam
CryptReleaseContext
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken
GetTokenInformation
A_SHAInit
A_SHAUpdate
A_SHAFinal
CryptAcquireContextW
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptGetKeyParam
RegOpenKeyExA
CryptGetDefaultProviderW
DuplicateToken
GetUserNameW
RegCreateKeyExA
RegEnumKeyExA
QueryServiceStatus
StartServiceA
ControlService
OpenSCManagerW
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegQueryInfoKeyA
FreeSid
LookupAccountSidA
AllocateAndInitializeSid
OpenServiceW
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
StartServiceW
CloseServiceHandle
EqualSid
CryptGetProvParam

wintrust

WinVerifyTrustEx
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WintrustGetDefaultForUsage
WTHelperGetKnownUsages
TrustIsCertificateSelfSigned
WTHelperProvDataFromStateData

crypt32

CertGetValidUsages
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertSetCertificateContextProperty
CertFindExtension
CryptDecodeObject
CryptEncodeObject
CertGetSubjectCertificateFromStore
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CryptFreeOIDFunctionAddress
CryptGetDefaultOIDFunctionAddress
CryptGetDefaultOIDDllList
CryptInitOIDFunctionSet
CertSetEnhancedKeyUsage
CertFindCertificateInStore
CryptFindOIDInfo
CertGetPublicKeyLength
CertGetCTLContextProperty
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CertFindAttribute
CryptMsgControl
CryptFormatObject
CertGetNameStringW
CertGetStoreProperty
CryptMsgDuplicate
CertFreeCTLContext
CryptQueryObject
CryptFindLocalizedName
CertEnumSystemStore
CertEnumPhysicalStore
CertCompareCertificate
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertSaveStore
CryptBinaryToStringA
CertDeleteCertificateFromStore
CryptEnumOIDInfo
CryptMsgEncodeAndSignCTL
CertAddCTLContextToStore
CertSetCTLContextProperty
CertCreateCTLContext
CryptSIPRetrieveSubjectGuid
CryptDecodeObjectEx
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateChainEngine
CertVerifyTimeValidity
PFXExportCertStore
PFXExportCertStoreEx
CryptAcquireCertificatePrivateKey
CertFreeCRLContext
CertGetCRLFromStore
CertEnumCTLsInStore
PFXVerifyPassword
CertAddCRLContextToStore
CertFindCTLInStore
CertFindCRLInStore
CryptFindCertificateKeyProvInfo
PFXImportCertStore
CertCreateCertificateContext
CertNameToStrW
CertGetEnhancedKeyUsage

user32

MessageBoxExW
SystemParametersInfoA
DestroyWindow
LoadCursorW
CopyRect
GetWindow
GetMonitorInfoW
MonitorFromWindow
LoadBitmapW
MapDialogRect
SetRect
CreateWindowExW
PostMessageW
DestroyIcon
CheckRadioButton
IsDlgButtonChecked
GetSysColor
IsWindowVisible
GetDialogBaseUnits
PostMessageA
RegisterClipboardFormatA
CreateWindowExA
MoveWindow
SetCapture
ReleaseCapture
GetFocus
UpdateWindow
GetNextDlgTabItem
SetDlgItemTextW
SendMessageA
SetWindowTextA
GetDC
ReleaseDC
WinHelpW
LoadImageW
ShowWindow
GetDlgItem
GetWindowTextW
EnableWindow
SetFocus
DialogBoxIndirectParamW
DialogBoxParamW
GetWindowLongW
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
SendMessageW
LoadStringW
GetClientRect
DrawFocusRect
LoadCursorA
SetCursor
PeekMessageA
IsWindowEnabled
LoadIconA
GetUpdateRect
BeginPaint
EndPaint
DrawIcon
wsprintfA
SetWindowPos
GetParent
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
GetDlgItemTextA
SetClassLongA
GetWindowLongA
CallWindowProcA
GetWindowRect
MapWindowPoints
FillRect
InvalidateRect
GetSysColorBrush
SetWindowLongA
GetDesktopWindow
LoadStringA
MessageBoxW
SendDlgItemMessageA
GetWindowDC
DrawTextExW

oleaut32

SysAllocString
VariantInit
SysStringByteLen
SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysFreeString

gdi32

CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetBkColor
CreateBitmap
GetObjectA
GetTextExtentPoint32W
GetBkColor
CreateFontIndirectA
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetPixel
DeleteObject

rpcrt4

I_RpcExceptionFilter
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoExA
UuidCreate
RpcStringFreeA
UuidToStringA
RpcBindingFree
NdrClientCall2
RpcNetworkIsProtseqValidA
RpcStringBindingComposeA

netapi32

NetApiBufferFree
DsGetDcNameW
NetGetDCName

wldap32

ord16
ord14
ord73
ord13
ord145
ord18

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathUndecorateW
PathFindFileNameW
StrCmpNIW

Exports

Exports

ACUIProviderInvokeUI
CryptUIDlgCertMgr
CryptUIDlgFreeCAContext
CryptUIDlgSelectCA
CryptUIDlgSelectCertificateA
CryptUIDlgSelectCertificateFromStore
CryptUIDlgSelectCertificateW
CryptUIDlgSelectStoreA
CryptUIDlgSelectStoreW
CryptUIDlgViewCRLA
CryptUIDlgViewCRLW
CryptUIDlgViewCTLA
CryptUIDlgViewCTLW
CryptUIDlgViewCertificateA
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgViewCertificateW
CryptUIDlgViewContext
CryptUIDlgViewSignerInfoA
CryptUIDlgViewSignerInfoW
CryptUIFreeCertificatePropertiesPagesA
CryptUIFreeCertificatePropertiesPagesW
CryptUIFreeViewSignaturesPagesA
CryptUIFreeViewSignaturesPagesW
CryptUIGetCertificatePropertiesPagesA
CryptUIGetCertificatePropertiesPagesW
CryptUIGetViewSignaturesPagesA
CryptUIGetViewSignaturesPagesW
CryptUIStartCertMgr
CryptUIWizBuildCTL
CryptUIWizCertRequest
CryptUIWizCreateCertRequestNoDS
CryptUIWizDigitalSign
CryptUIWizExport
CryptUIWizFreeCertRequestNoDS
CryptUIWizFreeDigitalSignContext
CryptUIWizImport
CryptUIWizQueryCertRequestNoDS
CryptUIWizSubmitCertRequestNoDS
DllRegisterServer
DllUnregisterServer
EnrollmentCOMObjectFactory_getInstance
I_CryptUIProtect
I_CryptUIProtectFailure
LocalEnroll
LocalEnrollNoDS
RetrievePKCS7FromCA
WizardFree

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d024409ee8e3e1ed9f8d2661df2161e0

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

wintrust

crypt32

user32

oleaut32

gdi32

rpcrt4

netapi32

wldap32

version

shlwapi

Exports

Exports

Sections

.text Size: 279KB - Virtual size: 278KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 279KB - Virtual size: 278KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 11KB - Virtual size: 10KB