3fe4360f3079e52bb2a8dd5b018ed8fea1f41a04ab6870a73a165cc60809deecN

Sharing

Copy URL Twitter E-mail

General

Target

3fe4360f3079e52bb2a8dd5b018ed8fea1f41a04ab6870a73a165cc60809deecN
Size

118KB
MD5

bcd994ad3d9dd442c815c2e38951ae70
SHA1

0c6f7895e99907d0e28318f296ee859a3a2a303b
SHA256

3fe4360f3079e52bb2a8dd5b018ed8fea1f41a04ab6870a73a165cc60809deec
SHA512

cc84393712f90d5acb59808457de31dd992ef24006fd58675cdd759fd686794a0d84a771159d5bb0be566f83252b13b15f5adb7712e40246f93e606fa1607b6a
SSDEEP

3072:6okwghU9uFbwvPRwmbZ83Ku4lieGOIEwcP/uV5:xkr+Wmt8BZyI8un

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ipsecsnp.dll

Files

3fe4360f3079e52bb2a8dd5b018ed8fea1f41a04ab6870a73a165cc60809deecN
.cab
ipsecsnp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

b6dc2a7c33ea9d2028a7cae79fba56e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ipsecsnp.pdb

Imports

mfc42u

ord3577
ord616
ord2836
ord6211
ord3087
ord2634
ord537
ord2820
ord6330
ord2099
ord4282
ord5446
ord6390
ord5436
ord6379
ord2350
ord3714
ord793
ord3312
ord3090
ord5977
ord4118
ord1808
ord4370
ord5276
ord693
ord4229
ord3688
ord2574
ord4396
ord3365
ord3635
ord324
ord6451
ord4294
ord755
ord4128
ord4292
ord472
ord470
ord6896
ord3281
ord860
ord942
ord3991
ord4704
ord4847
ord6278
ord498
ord771
ord1008
ord6172
ord6303
ord2284
ord2357
ord4162
ord521
ord4078
ord1105
ord5706
ord4124
ord2756
ord3592
ord1145
ord1826
ord4224
ord2371
ord4676
ord6003
ord2809
ord4392
ord2857
ord609
ord2567
ord4390
ord3569
ord2362
ord925
ord5617
ord773
ord998
ord501
ord941
ord2520
ord1771
ord4050
ord6279
ord491
ord3697
ord5426
ord1735
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord1128
ord3948
ord2717
ord2810
ord1899
ord4253
ord5155
ord489
ord768
ord4970
ord6024
ord4352
ord4371
ord5846
ord5154
ord5156
ord711
ord413
ord2385
ord2637
ord5798
ord5856
ord772
ord500
ord600
ord1240
ord1173
ord1571
ord1250
ord1248
ord1563
ord1194
ord342
ord1179
ord1570
ord1568
ord1115
ord269
ord826
ord2570
ord4213
ord2015
ord2403
ord795
ord3716
ord2859
ord3133
ord1197
ord641
ord2293
ord1196
ord4677
ord3871
ord6195
ord4419
ord4829
ord5283
ord1767
ord6048
ord2506
ord4992
ord4848
ord5261
ord4942
ord4736
ord4899
ord2644
ord1662
ord656
ord567
ord3605
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord2294
ord2910
ord5568
ord2606
ord535
ord858
ord803
ord543
ord3579
ord1143
ord1634
ord3566
ord2406
ord3621
ord823
ord3658
ord861
ord538
ord540
ord6466
ord4155
ord940
ord800
ord1165
ord4238
ord825

msvcrt

malloc
free
_except_handler3
_wcsicmp
__CxxFrameHandler
time
wcscat
__RTDynamicCast
_initterm
_adjust_fdiv
?terminate@@YAXXZ
wcscpy
wcsncmp
_wcsnicmp
??1type_info@@UAE@XZ
_onexit
_purecall
wcscmp
_wtol
wcstoul
swprintf
_wcsdup
_wtoi
__dllonexit
wcslen

activeds

ord3

advapi32

LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryValueExW

crypt32

CertCloseStore
CertNameToStrW
CertOpenStore
CertFreeCertificateContext

cryptui

CryptUIDlgSelectCertificateW

gdi32

SelectObject
GetDeviceCaps
CreateFontIndirectW

kernel32

InitializeCriticalSection
LocalAlloc
GetLastError
EnterCriticalSection
LocalFree
lstrcpyW
WideCharToMultiByte
LeaveCriticalSection
InterlockedIncrement
ExpandEnvironmentStringsW
InterlockedDecrement
LoadResource
LockResource
FindResourceW
GlobalAlloc
GlobalFree
lstrlenW
GetComputerNameW
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
GlobalUnlock
OutputDebugStringW
GlobalLock
HeapDestroy
lstrcmpiW
FreeLibrary
FormatMessageW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
MulDiv
lstrcpynW
GetTimeFormatW
DeleteCriticalSection
FileTimeToSystemTime
GetWindowsDirectoryW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetDateFormatW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
ReleaseStgMedium
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoTaskMemAlloc

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
SysFreeString

user32

GetFocus
GetSysColor
SetFocus
SetParent
PostMessageW
AttachThreadInput
GetCursorPos
CharNextW
GetDlgItem
ReleaseDC
GetDC
SystemParametersInfoW
DispatchMessageW
RedrawWindow
PeekMessageW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
TranslateMessage
GetClientRect
wsprintfW
SetWindowTextW
ShowWindow
GetWindowLongW
SetWindowLongW
SetWindowPos
GetParent
ScreenToClient
GetWindowRect
WinHelpW
SendMessageW
EnableWindow
RegisterClipboardFormatW
LoadStringW
LoadBitmapW
LoadIconW
CreateWindowExW

ws2_32

WSACleanup
inet_ntoa
htonl
ntohl
gethostbyname
WSAStartup

secur32

TranslateNameW

polstore

IPSecClosePolicyStore
IPSecSetISAKMPData
IPSecUnassignPolicy
IPSecGetAssignedPolicyData
IPSecDeletePolicyData
IPSecDeleteISAKMPData
IPSecEnumNFAData
IPSecDeleteNegPolData
IPSecDeleteFilterData
IPSecCreateFilterData
IPSecSetFilterData
IPSecAssignPolicy
IPSecGetFilterData
IPSecSetNFAData
IPSecIsDomainPolicyAssigned
IPSecSetPolicyData
IPSecDeleteNFAData
IPSecGetNegPolData
IPSecSetNegPolData
IPSecRestoreDefaultPolicies
IPSecExportPolicies
IPSecImportPolicies
IPSecCreateISAKMPData
IPSecCreateNegPolData
IPSecCreatePolicyData
IPSecCreateNFAData
IPSecEnumPolicyData
IPSecEnumNegPolData
IPSecEnumFilterData
IPSecGetISAKMPData
IPSecOpenPolicyStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6dc2a7c33ea9d2028a7cae79fba56e3

Headers

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

activeds

advapi32

crypt32

cryptui

gdi32

kernel32

ole32

oleaut32

user32

ws2_32

secur32

polstore

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 228KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 228KB - Virtual size: 228KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 23KB - Virtual size: 22KB