c0f424cfec1f4007f6ab6a97e84a75fe104c49166609b8e50d51a79007d9316d

Sharing

Copy URL

Twitter E-mail

General

Target

c0f424cfec1f4007f6ab6a97e84a75fe104c49166609b8e50d51a79007d9316d
Size

198KB
MD5

f7d8aa44dcc245acc75c4cef8254ce6e
SHA1

e6671029db7aee1869a9af893736b518cec01592
SHA256

c0f424cfec1f4007f6ab6a97e84a75fe104c49166609b8e50d51a79007d9316d
SHA512

b8b1fb0d7672278cf89205a5d1e18d8455bde5831eccdecd47ce4d2c2877b6ddffe6dae76d09df264bad29353a06c6c20393073bb39682ea75bc384c213d0076
SSDEEP

3072:6/X3y7IyNulaMf9GOGFSK1GFdof8HGOoK3kjh2lQBV+UdE+rECWp7hK4Yh5:6/X3blaMf+cJvoK3SBV+UdvrEFp7hKr5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0f424cfec1f4007f6ab6a97e84a75fe104c49166609b8e50d51a79007d9316d

Files

c0f424cfec1f4007f6ab6a97e84a75fe104c49166609b8e50d51a79007d9316d
.dll windows:6 windows x86 arch:x86

22d854c753b91ff832cc76d8016fa7ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\用户数据\Documents\Visual Studio 2015\Projects\Dism++\Release\Config\x86\CBSHost.pdb

Imports

kernel32

DeleteFileW
FindNextFileW
FindClose
LoadLibraryW
CreateProcessW
WaitForMultipleObjects
VirtualProtect
ExitProcess
OpenProcess
GetCurrentProcessId
CreateThread
OpenEventW
DuplicateHandle
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetDllDirectoryW
GetLocalTime
CopyFileW
GetModuleHandleExW
InitializeCriticalSectionEx
GetModuleFileNameW
MultiByteToWideChar
CreateHardLinkTransactedW
DeleteFileTransactedW
MoveFileExW
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
AreFileApisANSI
VirtualFree
InitializeSListHead
GetTickCount64
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
CreateDirectoryW
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetTickCount
GetCurrentProcess
LocalFree
GetProcessHeap
HeapSize
HeapDestroy
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
IsWow64Process
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
InitOnceExecuteOnce
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
CloseHandle
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
FindFirstFileW
WriteFile
VirtualAlloc
ReadFile
GetFileSize
InterlockedFlushSList
GlobalMemoryStatusEx
UnmapViewOfFile
CreateFileW
VirtualQuery

user32

TranslateMessage
DispatchMessageW
PostThreadMessageW
GetMessageW

advapi32

OpenProcessToken
InitializeSid
RegGetValueW
RegDeleteValueW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegUnLoadKeyW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetSidLengthRequired
GetTokenInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
ConvertSidToStringSidW
CopySid
GetSidSubAuthority

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ord680

ole32

CoCreateInstance
CoGetMalloc
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

shlwapi

PathSkipRootW
StrStrW
PathFindExtensionW
StrCmpW
StrCpyW
PathIsDirectoryEmptyW
PathFindFileNameW
ord437
StrStrIA
SHCreateStreamOnFileW
StrCatW
StrChrW
StrCmpNW
StrStrA
StrCmpIW
StrRChrW
StrCmpNIW
StrStrIW

ntdll

ZwQueryDirectoryFile
RtlImageNtHeader
NtClose
RtlAdjustPrivilege
RtlGetLastNtStatus
NtQueryInformationFile
NtCreateFile
NtOpenFile
NtReadFile
RtlNtStatusToDosError
NtSetInformationFile
NtQueryInformationProcess
RtlFreeUnicodeString
NtWriteFile
NtDeleteKey
RtlDosPathNameToNtPathName_U

cfgmgr32

CM_Locate_DevNodeW
CM_Reenumerate_DevNode

setupapi

SetupDiGetClassDescriptionW
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupUninstallOEMInfW

version

VerQueryValueW

msvcrt

swscanf
sscanf
_vscwprintf
vswprintf_s
realloc
?terminate@@YAXXZ
__CppXcptFilter
_msize
__CxxFrameHandler3
__DestructExceptionObject
memset
??3@YAXPAX@Z
memcpy
_errno
memmove
wcslen
wcsnlen
free
malloc
??2@YAPAXI@Z
memcmp
_wcsicmp
strlen
wcstoul
wcscpy
wcsrchr
calloc
??0exception@@QAE@ABV0@@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
wcscmp
_purecall
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_initterm
_initterm_e
_amsg_exit
_except_handler4_common
__getmainargs
bsearch
_invalid_parameter

Exports

Exports

CbsCreateTempDirectory2
CreateCbsHostHelper
DismGetScratchDir
DismWriteLog
GetConfig
RunCbsHostW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22d854c753b91ff832cc76d8016fa7ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ntdll

cfgmgr32

setupapi

version

msvcrt

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 5KB - Virtual size: 4KB