d1a7feccbbfced69b6d3bf9ca84d10cb3cda24b1a3608589efe2b93ee37e1bab

Sharing

Copy URL

Twitter E-mail

General

Target

d1a7feccbbfced69b6d3bf9ca84d10cb3cda24b1a3608589efe2b93ee37e1bab
Size

1.8MB
MD5

46164f39f2e5aab1db617a40af444806
SHA1

15e4e673a0608a3657788d5776eae86a4d2189fa
SHA256

d1a7feccbbfced69b6d3bf9ca84d10cb3cda24b1a3608589efe2b93ee37e1bab
SHA512

0434cc71f5a1d5c6acc83e0ae36baff7dac638a10ad013822b4735071757d25de44cd4e5d4d90fe7cf45dc1bd2e1e051dd5241a11436409900e40a8f15f6f72f
SSDEEP

49152:IEN5UdaKqJg5Q+P56Gm12PjqAFqy0+9B7SEvRq0:IEE2AQ+P56GmAjlEs9Bp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1a7feccbbfced69b6d3bf9ca84d10cb3cda24b1a3608589efe2b93ee37e1bab

Files

d1a7feccbbfced69b6d3bf9ca84d10cb3cda24b1a3608589efe2b93ee37e1bab
.dll regsvr32 windows:5 windows x86 arch:x86

ed0fb11f867bf61599e1ac6f74f68997

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Project\SAFE\Secdoc\PLD-Build\Src\Client\pdb\LckTrsfPlug.pdb

Imports

kernel32

SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
GetStringTypeW
GetStringTypeA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
ExitThread
ExitProcess
HeapReAlloc
GetCommandLineA
MoveFileA
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
VirtualProtect
SearchPathW
GetTempFileNameW
GetProfileIntW
GetFileTime
GetFileSizeEx
GetVersion
GetCurrentDirectoryW
WritePrivateProfileStringW
GlobalFlags
lstrlenA
GlobalGetAtomNameW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetShortPathNameW
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
FileTimeToLocalFileTime
GetModuleHandleA
IsDBCSLeadByte
FreeResource
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GetUserDefaultLCID
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
FindActCtxSectionStringW
CompareStringA
InterlockedExchange
lstrcmpW
InterlockedDecrement
CompareStringW
InterlockedIncrement
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetFileAttributesExW
WriteFile
SetFilePointer
GetLocalTime
GetTickCount
FileTimeToSystemTime
GetSystemTime
SystemTimeToFileTime
MoveFileW
OutputDebugStringA
GetDiskFreeSpaceW
Process32FirstW
Process32NextW
GetExitCodeProcess
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenEventW
ResetEvent
SetEvent
CreateEventW
ReadFile
CreateFileW
GetFileSize
GetSystemDirectoryW
GetTempPathW
GetPrivateProfileIntW
LoadLibraryExW
LoadLibraryW
GetWindowsDirectoryW
GetModuleFileNameW
WaitForSingleObject
lstrcpyW
SetPriorityClass
CreateFileA
DeviceIoControl
GetVersionExW
WideCharToMultiByte
FindResourceExW
GetCurrentThread
LocalAlloc
LocalFree
GetVolumeInformationW
GetLogicalDriveStringsW
QueryDosDeviceW
OpenProcess
TerminateProcess
DeleteFileW
SetFileAttributesW
SleepEx
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
MultiByteToWideChar
lstrlenW
GetFileAttributesW
CreateDirectoryW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateToolhelp32Snapshot
MoveFileExW
GetModuleHandleW
GetCurrentProcess
GetProcessId
OpenMutexW
SetLastError
CreateProcessW
OutputDebugStringW
GetCurrentProcessId
CreateThread
CloseHandle
Sleep
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
FreeLibrary
GlobalAddAtomW
GetProcessHeap

user32

DeleteMenu
DestroyIcon
GetSysColorBrush
UnregisterClassW
CharUpperW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
LockWindowUpdate
EnumChildWindows
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
RegisterClipboardFormatW
SetRect
SetWindowRgn
IsRectEmpty
CreateMenu
DestroyMenu
SetRectEmpty
LoadCursorW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetCapture
ReleaseDC
GetDC
ReleaseCapture
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
CreateWindowExW
GetClassInfoExW
LoadMenuW
ReuseDDElParam
GetClassInfoW
RegisterClassW
GetMenuItemInfoW
MessageBoxW
FillRect
EnableWindow
wsprintfW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
PtInRect
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
CallWindowProcW
SetWindowPos
DestroyWindow
GetDesktopWindow
SetWindowLongW
InvalidateRect
UpdateWindow
GetWindowRect
OffsetRect
InflateRect
DefWindowProcW
CopyRect
ShowWindow
DrawEdge
SetParent
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
PostMessageW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
UnpackDDElParam
SetTimer
KillTimer
WindowFromPoint
GetKeyNameTextW
MapVirtualKeyW
GetSystemMenu
UnionRect
IsZoomed
RedrawWindow
DestroyAcceleratorTable
NotifyWinEvent
GetAsyncKeyState
SetClassLongW
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
SystemParametersInfoW
GetTabbedTextExtentA
GetDialogBaseUnits
GetDCEx
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
MessageBoxA
LoadAcceleratorsW
RemoveMenu
GetDoubleClickTime
GetIconInfo
IsCharLowerW
MapVirtualKeyExW
SubtractRect
CharUpperBuffW
MapDialogRect
DestroyCursor
DrawIcon
GetWindowRgn
GetNextDlgGroupItem
CopyIcon
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageW
CopyImage
OpenClipboard
GetMenuDefaultItem
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
IsMenu
UpdateLayeredWindow
EnableScrollBar
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawStateW
MessageBeep

gdi32

CreatePatternBrush
CreateCompatibleDC
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
GetTextAlign
GetTextMetricsW
SetRectRgn
PatBlt
DPtoLP
EnumFontFamiliesExW
CreateCompatibleBitmap
Rectangle
UnrealizeObject
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
ExtSelectClipRgn
CreateEllipticRgn
Polyline
Polygon
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
RoundRect
CreatePalette
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
GetTextFaceW
SetPixelV
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetViewportOrgEx
OffsetRgn
CombineRgn
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
DeleteDC
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
LPtoDP
CreateBitmap
CreateDCW
CopyMetaFileW
Ellipse
CreateDIBSection
GetDeviceCaps
GetStockObject

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

CryptGetHashParam
LookupPrivilegeValueW
OpenProcessToken
FreeSid
RevertToSelf
ImpersonateSelf
GetNamedSecurityInfoW
AccessCheck
IsValidSecurityDescriptor
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyW
RegSetValueW
ChangeServiceConfig2W
DeleteService
ControlService
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
EnumServicesStatusW
OpenServiceW
CreateServiceW
GetUserNameW
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
AdjustTokenPrivileges
CryptReleaseContext
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptCreateHash
RegEnumKeyW
GetLengthSid
AddAccessAllowedAce
RegOpenKeyExW
RegSetKeySecurity
RegCloseKey
SetNamedSecurityInfoW
InitializeAcl
AddAccessAllowedAceEx
GetAce
IsValidSid
EqualSid
AddAce
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

shell32

SHAppBarMessage
DragQueryFileW
DragFinish
ExtractIconW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
FindExecutableW
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

ImageList_GetIconSize

shlwapi

PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW

ole32

ReadFmtUserTypeStg
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
StringFromCLSID
OleDuplicateData
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CreateDataCache
CreateOleAdviseHolder
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleSaveToStream
CreateDataAdviseHolder
CoDisconnectObject
CreateStreamOnHGlobal
ReadClassStm
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoUninitialize
CoInitializeEx
OleTranslateAccelerator
IsAccelerator
OleLockRunning
DoDragDrop
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard

oleaut32

SysAllocString
OleLoadPicture
VariantCopy
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
OleCreatePropertyFrame
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
LoadRegTypeLi
OleCreatePictureIndirect

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

wininet

InternetWriteFile
InternetCloseHandle
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetQueryDataAvailable
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetOpenUrlW
InternetConnectW
HttpSendRequestExW
HttpEndRequestW
HttpSendRequestW
InternetReadFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW

gdiplus

GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImageWidth
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipCreateBitmapFromStream
GdipFree
GdipGetImageGraphicsContext
GdipCloneImage
GdipDrawImageI

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed0fb11f867bf61599e1ac6f74f68997

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

iphlpapi

wininet

gdiplus

imm32

winmm

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 325KB - Virtual size: 325KB

.data Size: 26KB - Virtual size: 57KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 150KB - Virtual size: 149KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 325KB - Virtual size: 325KB

.data
Size: 26KB - Virtual size: 57KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 150KB - Virtual size: 149KB