declaration | Triage

Resubmissions

10/10/2024, 00:09

241010-afmgsssakh 3

09/10/2024, 23:25

241009-3efl3s1cqc 3

Sharing

Copy URL Twitter E-mail

General

Target

declaration
Size

430KB
MD5

98aec28b4a175991b8fc4cd056fe9847
SHA1

45aa6edd960626e81dc2aab5143f383d75796055
SHA256

5f1151cc9344661fa55f96ff25c5dda7891610600bda36b9ca90d95752ca42c2
SHA512

6f57558744656c0f714839fd524c6c48701dd9a166998e3f4ce67a44f8a62c1904f328e308becc977136d755e6d819dd0088c298f5ed115569232e49c19e6c44
SSDEEP

6144:FqnVO3Dm6RbPhHjhIm4xQ7qnVO3Dm6RbPhHjhIm4xQ0qnVO3Dm6RbPhHjhIm4xQe:InV2agOnV2agnnV2ag8nV2agFnV2ag

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
declaration

Files

declaration
.exe windows:10 windows x86 arch:x86

f18bf641045d05fc3844480267d2e273

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dccw.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
EventWrite
RegQueryValueExW

kernel32

WaitForSingleObject
CreateMutexW
HeapSetInformation
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
ReleaseMutex
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
CloseHandle
CreateFileW
GetCurrentProcessId
LockResource
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
FormatMessageW
GetSystemDirectoryW
WriteFile
lstrlenW
WideCharToMultiByte
GetSystemTime
CopyFileW
SizeofResource
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
HeapFree
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
IsProcessorFeaturePresent
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
GetStartupInfoW
UnhandledExceptionFilter
QueryPerformanceCounter

gdi32

StretchBlt
CreateCompatibleBitmap
SetStretchBltMode
SelectObject
CreateCompatibleDC
GetObjectW
GetTextExtentPoint32W
SetDeviceGammaRamp
GetDeviceGammaRamp
GetStockObject
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateDCW
DeleteDC
DeleteObject

user32

LoadStringW
GetWindow
ShowWindow
MessageBoxW
ReleaseDC
GetWindowTextW
GetWindowTextLengthW
GetDC
KillTimer
SetTimer
SetWindowTextW
PostMessageW
MapDialogRect
EnumChildWindows
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
EnumDisplayDevicesW
ShowCursor
LoadCursorW
SetCursor
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
GetParent
InvalidateRect
MapWindowPoints
GetWindowRect
GetDlgItem
DefWindowProcW
SendMessageW
CallWindowProcW
SetWindowPos
SetForegroundWindow
OpenIcon
SetWindowLongW
GetWindowLongW
MonitorFromRect
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowW
RegisterWindowMessageW
GetActiveWindow
GetSystemMetrics
CharNextW
DestroyWindow
UnregisterClassA
MoveWindow

msvcrt

_ftol2
memcpy
_controlfp
?terminate@@YAXXZ
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
swscanf_s
wcsstr
_wcsupr
_purecall
memcpy_s
malloc
wcsncpy_s
free
_ftol2_sse
_vsnwprintf
towlower
iswupper
_CIpow
memset

ntdll

WinSqmAddToStream

dxva2

GetNumberOfPhysicalMonitorsFromHMONITOR
GetPhysicalMonitorsFromHMONITOR
DestroyPhysicalMonitors
GetMonitorBrightness
SetMonitorBrightness
GetMonitorContrast
SetMonitorContrast
GetVCPFeatureAndVCPFeatureReply
SetVCPFeature

mscms

GetColorProfileFromHandle
UninstallColorProfileW
WcsCreateIccProfile
GetColorDirectoryW
InstallColorProfileW
CloseColorProfile
DccwSetDisplayProfileAssociationList
WcsGetUsePerUserProfiles
WcsGetDefaultColorProfile
WcsOpenColorProfileW
DccwGetGamutSize
DccwCreateDisplayProfileAssociationList
DccwGetDisplayProfileAssociationList
WcsGetCalibrationManagementState
SetColorProfileElement
SetColorProfileElementSize
DccwReleaseDisplayProfileAssociationList
WcsDisassociateColorProfileFromDevice
WcsSetCalibrationManagementState
WcsSetDefaultColorProfile

shell32

ShellExecuteW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipFree
GdipCreateLineBrushI
GdipFillRectangleI
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream

comctl32

TaskDialogIndirect
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f18bf641045d05fc3844480267d2e273

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

dxva2

mscms

shell32

gdiplus

comctl32

oleaut32

api-ms-win-core-com-l1-1-0

Sections

.text Size: 62KB - Virtual size: 62KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 62KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB