c32aee02b65436c8aa842cf4d9ec081901af86fea465bde8f9401a8ba3b155dd

Sharing

Copy URL

Twitter E-mail

General

Target

c32aee02b65436c8aa842cf4d9ec081901af86fea465bde8f9401a8ba3b155dd
Size

1.6MB
MD5

107f847b0a677283482d04305f52ce42
SHA1

a3f53176bf2d78e752d46ce1c813f54792470d56
SHA256

c32aee02b65436c8aa842cf4d9ec081901af86fea465bde8f9401a8ba3b155dd
SHA512

bc01336ca64c5ff369db6e88e6cd9a3fba72a0b3f1aab1b3abe3693fc6cd6bf085e06e74db5bd8c9e16f6702cdb08ba8b36363b5ab06e83b082126e171517b0c
SSDEEP

24576:NAncoLZto6l4J+WOcpjbWcmHSm85o1KK+aoO2CBW/yO5m+le2qi:NAv8ROcpjTm861KKlBW6OI+ldqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c32aee02b65436c8aa842cf4d9ec081901af86fea465bde8f9401a8ba3b155dd

Files

c32aee02b65436c8aa842cf4d9ec081901af86fea465bde8f9401a8ba3b155dd
.dll windows:4 windows x86 arch:x86

75a2e8854bffa72296e3925caf728c18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\defend\kiswebshield\product\win32\dbginfo\kshmpghlp.pdb

Imports

psapi

GetModuleFileNameExW
GetModuleInformation
GetProcessImageFileNameW

kernel32

WriteProcessMemory
VirtualProtectEx
IsBadReadPtr
CreateProcessW
WTSGetActiveConsoleSessionId
LocalFree
VirtualFree
VirtualAlloc
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
Process32NextW
Process32FirstW
GetModuleHandleExW
InterlockedExchange
GetPrivateProfileIntW
FreeLibrary
LoadLibraryW
LoadLibraryA
GetExitCodeThread
WaitForSingleObject
GetProcessId
CreateFileA
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
SetFilePointer
SetFilePointerEx
GetFileSizeEx
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetFileAttributesExA
GetFileAttributesExW
DeleteFileA
DeleteFileW
CopyFileA
IsBadStringPtrW
RemoveDirectoryW
MoveFileA
MoveFileW
MoveFileExA
CreateDirectoryA
CreateDirectoryW
GetModuleFileNameA
ExpandEnvironmentStringsW
GetSystemTime
GetLongPathNameW
OpenMutexW
CreateMutexW
lstrcatW
lstrcpyW
QueryDosDeviceW
lstrcmpiW
GetLogicalDriveStringsW
GetCurrentProcessId
GetSystemInfo
GetVersionExW
GetTickCount
OutputDebugStringW
GetExitCodeProcess
GetLocalTime
ReleaseMutex
SetEvent
CreateEventA
LocalAlloc
ProcessIdToSessionId
FileTimeToSystemTime
GetFileTime
GetUserDefaultLangID
GetSystemDirectoryW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
SetEndOfFile
SystemTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CopyFileW
MoveFileExW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
OpenFileMappingW
ReadFile
WriteFile
Sleep
WaitNamedPipeW
GetPrivateProfileStringW
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
OpenThread
QueueUserAPC
UnmapViewOfFile
GetFileAttributesW
CreateFileMappingW
MapViewOfFile
lstrlenA
HeapDestroy
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetLastError
GetCurrentProcess
ReadProcessMemory
OpenProcess
InterlockedCompareExchange
GetModuleFileNameW
CreateFileW
GetFileSize
GetProcAddress
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CloseHandle
GetVersionExA
GetThreadLocale
GetLocaleInfoA
RemoveDirectoryA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetFileType
SetHandleCount
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
HeapCreate
IsValidCodePage
GetOEMCP
ExitProcess
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
CreateThread
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
InterlockedDecrement
InterlockedIncrement
RaiseException
GetACP

user32

EnumWindows
GetWindowThreadProcessId
wsprintfW
GetSystemMetrics
ShowWindow
UnregisterClassA

advapi32

RegEnumKeyW
ImpersonateLoggedOnUser
RevertToSelf
QueryServiceStatus
DuplicateTokenEx
SetTokenInformation
EqualSid
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegSetValueW
RegSetValueExW
RegSetValueExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyA
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyA
OpenProcessToken
AdjustTokenPrivileges
IsValidSid
GetLengthSid
CopySid
GetTokenInformation
ConvertSidToStringSidW
GetUserNameW
RegOpenKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathA
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHBindToParent
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoGetMalloc

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathUnquoteSpacesW
SHGetValueW
PathMatchSpecW
SHRegCloseUSKey
StrToIntW
PathIsFileSpecW
SHRegOpenUSKeyW
PathFindExtensionW
StrStrIA
PathAddBackslashW
UrlGetPartW
StrRetToBufW
SHRegGetUSValueW
AssocCreate
PathRemoveArgsW
StrStrIW
SHDeleteValueW
SHDeleteValueA
SHSetValueW
SHSetValueA
StrCmpIW
SHGetValueA
PathFileExistsA
PathIsDirectoryA
PathIsDirectoryW
SHRegOpenUSKeyA

userenv

UnloadUserProfile

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

wininet

InternetCrackUrlA
InternetCrackUrlW
InternetSetOptionW
InternetGetConnectedState
InternetOpenA
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

kshmpghlp1

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75a2e8854bffa72296e3925caf728c18

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

wininet

version

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 62KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 62KB