39394e1b538f47ca4759f4ba706a440b48626c2a7c897b5374c63f9bc20efad6

Sharing

Copy URL

Twitter E-mail

General

Target

39394e1b538f47ca4759f4ba706a440b48626c2a7c897b5374c63f9bc20efad6
Size

553KB
MD5

2e617d591af58deefbd8a8012c143c25
SHA1

b3f61feed13617088400117794af132ce2e42bb8
SHA256

39394e1b538f47ca4759f4ba706a440b48626c2a7c897b5374c63f9bc20efad6
SHA512

9cf77bca17ec4dba94c8d9d6db94dde6c19ee01aa4549e051817f02f78e550135892ed21d63e392dc95f1a5cabf1230dfc972a45844c0a9dc2a56fedce60fca6
SSDEEP

12288:YHfy5PsvRyi8jiP42ZFTjYaD3lRwLOvz1Dc:Ya5PsEZK4aBYs+6hD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39394e1b538f47ca4759f4ba706a440b48626c2a7c897b5374c63f9bc20efad6

Files

39394e1b538f47ca4759f4ba706a440b48626c2a7c897b5374c63f9bc20efad6
.dll regsvr32 windows:5 windows x86 arch:x86

28099ab0d02789a19bd57f9c298b1c7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\forTest\ls\20160307_shellext_base_1.0.6.9010_mDisp_mShellext\Bin\Product_Release\pdb\KwShellExtDll.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FindResourceExW
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
GetTickCount
GetCurrentThreadId
lstrlenW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetVersionExW
FreeLibrary
TerminateProcess
GetExitCodeProcess
SetLastError
WaitForSingleObject
Sleep
WriteFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
CreateProcessW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
CreateFileW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
SetUnhandledExceptionFilter
TerminateThread
GetCurrentProcess
GetCurrentProcessId
OutputDebugStringA
InterlockedExchangeAdd
CreateThread
IsDebuggerPresent
GetSystemTimeAsFileTime
FindResourceW
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
CreateEventA
GetNativeSystemInfo
GetVersionExA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
CloseHandle
CreateMutexW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetLastError
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
SetStdHandle
WriteConsoleW
LoadLibraryExW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetFileType
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
EnumSystemLocalesW
GetModuleHandleA
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
EncodePointer
GetCommandLineA
RtlUnwind
IsProcessorFeaturePresent

user32

GetForegroundWindow
GetWindowTextW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CLSIDFromString

shlwapi

PathFindFileNameW
PathFileExistsW
PathIsURLW

urlmon

URLOpenStreamW

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28099ab0d02789a19bd57f9c298b1c7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

shlwapi

urlmon

iphlpapi

wininet

winmm

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 217KB - Virtual size: 216KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 217KB - Virtual size: 216KB

.reloc
Size: 15KB - Virtual size: 15KB