43fce33addb1db282a8dd3d2927b0c4da87fd816df616e1c57b1491aac6ee1c5

Sharing

Copy URL

Twitter E-mail

General

Target

43fce33addb1db282a8dd3d2927b0c4da87fd816df616e1c57b1491aac6ee1c5
Size

1.8MB
MD5

e451a944db2bd1c5979bf44614147644
SHA1

aa75a5bbb8cb4b418a51d26e7a5f827a4d0745cf
SHA256

43fce33addb1db282a8dd3d2927b0c4da87fd816df616e1c57b1491aac6ee1c5
SHA512

3df4d4265216d3cee6c0a839088ca82f35a3729aad9b85cb2dcff49e1e76b509a4bce0acb7c4b8cbdc7f842c936c065b1f939c1c369612318ad9d2abdeda5d35
SSDEEP

24576:KMh1DCxZmjNQM9W/JehMglovMsndS064utveDwz4gG7naXN6hUA1XNtO8lGCwfPU:pzjNQMAKMKovld6+gG7nUA166GCwf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43fce33addb1db282a8dd3d2927b0c4da87fd816df616e1c57b1491aac6ee1c5

Files

43fce33addb1db282a8dd3d2927b0c4da87fd816df616e1c57b1491aac6ee1c5
.dll regsvr32 windows:6 windows x86 arch:x86

e894afb65125ee0ec16f1b39af81cc7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\cbs\build\47f02316-35d6-1015-9165-e0dbd295579b\in\APO\APOContainer\binfre_win7_x86\VMAPO232.pdb

Imports

kernel32

SetEvent
GetCurrentProcess
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpW
LeaveCriticalSection
FindResourceW
MultiByteToWideChar
EncodePointer
GetThreadLocale
DeviceIoControl
IsBadWritePtr
QueryPerformanceCounter
GetLocalTime
EnterCriticalSection
lstrcmpiW
DuplicateHandle
CloseHandle
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CreateFileW
LocalFree
LocalAlloc
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
SetThreadLocale
DecodePointer
CompareStringW
GetTimeFormatW
GetDateFormatW
InterlockedExchange
FatalAppExitA
ReadConsoleW
GetConsoleMode
ReadFile
SetConsoleCtrlHandler
GetCPInfo
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentThreadId
QueryPerformanceFrequency
Sleep
InterlockedIncrement
InterlockedDecrement
FindClose
FindFirstFileA
OutputDebugStringA
OutputDebugStringW
GetSystemTime
LoadLibraryW
GetVolumeInformationA
CreateFileA
GetCommandLineA
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
SetLastError
GetCurrentThread
ExitProcess
AreFileApisANSI
WideCharToMultiByte
GetStartupInfoW
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateSemaphoreW
HeapSize
WriteFile
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP

ole32

CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
PropVariantClear
CoCreateInstance
StringFromCLSID

oleaut32

SysStringLen
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
LoadTypeLi

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteKeyExW
RegSetValueExW

user32

CharNextW
UnregisterClassW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces

shell32

SHGetFolderPathW
SHGetFolderPathA

iphlpapi

GetAdaptersInfo

shlwapi

PathGetDriveNumberA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e894afb65125ee0ec16f1b39af81cc7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

advapi32

user32

setupapi

shell32

iphlpapi

shlwapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

RT_CODE Size: 2KB - Virtual size: 1KB

RT_BSS Size: - Virtual size: 8B

.rdata Size: 307KB - Virtual size: 307KB

.data Size: 97KB - Virtual size: 131KB

RT_DATA Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 240B

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 62KB - Virtual size: 62KB

.text
Size: 1.1MB - Virtual size: 1.1MB

RT_CODE
Size: 2KB - Virtual size: 1KB

RT_BSS
Size: - Virtual size: 8B

.rdata
Size: 307KB - Virtual size: 307KB

.data
Size: 97KB - Virtual size: 131KB

RT_DATA
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 240B

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 62KB - Virtual size: 62KB