88d644921f41fd6642dd11016b3e2f9b8c3d254451bfd244fffaf087140d91b0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

88d644921f41fd6642dd11016b3e2f9b8c3d254451bfd244fffaf087140d91b0N.exe
Size

416KB
MD5

3b10c26c9683a3d4b0f6e0864a1f7440
SHA1

39ad0b794689cbf8d9a3cc2145d34fab80e8d6a2
SHA256

88d644921f41fd6642dd11016b3e2f9b8c3d254451bfd244fffaf087140d91b0
SHA512

a9bcade25bbd96d67d50c2df9b536f4341b183e968ece563723a55b60204da359d3988068a2f9b2f636fc8649801f7379702d74a9afdbe6ab9ea9de4260595c6
SSDEEP

6144:DOQaXJ41vB1YLzRndxB5YPTmM76zHu0vJd1sfFv1pg5dC/49uBV+UdvrEFp7hKw/:DOQMGcNnLXymc678qC/4gBjvrEH7P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88d644921f41fd6642dd11016b3e2f9b8c3d254451bfd244fffaf087140d91b0N.exe

Files

88d644921f41fd6642dd11016b3e2f9b8c3d254451bfd244fffaf087140d91b0N.exe
.dll regsvr32 windows:6 windows x86 arch:x86

fb0cf59ad2257177839380b582cd5599

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

tiptsf.pdb

Imports

msvcrt

_CxxThrowException
swprintf_s
wcsncpy_s
memcpy_s
__CxxFrameHandler3
_resetstkoflw
calloc
_beginthreadex
wcsstr
wcschr
memcpy
_vsnwprintf
wcsrchr
_callnewh
memmove_s
_XcptFilter
_initterm
_amsg_exit
??1type_info@@UAE@XZ
_except_handler4_common
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
free
malloc
_wcsicmp
memset
?terminate@@YAXXZ

ntdll

RtlDllShutdownInProgress
RtlInitUnicodeString
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
NtClose
RtlFreeSid

user32

GetWindowThreadProcessId
GetKeyboardLayout
SetWindowsHookExW
EndMenu
GetFocus
GetParent
PostMessageW
ActivateKeyboardLayout
CharNextW
RegisterWindowMessageW
CallNextHookEx
UnhookWindowsHookEx
GetWindowLongW
GetForegroundWindow
GetAncestor
GetGUIThreadInfo
IntersectRect
EqualRect
SetRectEmpty
UnregisterClassA
SetWinEventHook
ScreenToClient
GetDC
GetPropW
OffsetRect
ReleaseDC
IsChild
PtInRect
GetWindowRect
GetClassNameW
GetGestureInfo
NotifyWinEvent
SetTimer
KillTimer
RealGetWindowClassW
GetComboBoxInfo
IsWindowVisible
GetThreadDesktop
UnhookWinEvent
GetUserObjectInformationW
GetSystemMetrics
SetWindowLongW
DestroyWindow
UnregisterClassW
IsWindow
DefWindowProcW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SystemParametersInfoW
SendMessageW
SendInput
MapVirtualKeyW
MapVirtualKeyExW
SetPropW
RemovePropW
GetMonitorInfoW
MonitorFromRect
IsRectEmpty
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassW
LoadCursorW
CallWindowProcW
InSendMessageEx
IsIconic
GetMessagePos

gdi32

GetDeviceCaps
DeleteEnhMetaFile
GetStockObject
LPtoDP
GetDCOrgEx
EnumFontFamiliesW

ole32

StringFromCLSID
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoCreateInstanceEx
StringFromGUID2
CoDisableCallCancellation
CoCancelCall
CoEnableCallCancellation
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitialize
HWND_UserSize

oleaut32

LPSAFEARRAY_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
VariantClear
SysAllocString
SysAllocStringLen
VarBstrCat
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
LPSAFEARRAY_UserFree
SafeArrayCreateEx
SafeArrayGetElement
SafeArrayCreateVector
VARIANT_UserSize
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantInit

rpcrt4

NdrOleFree
NdrOleAllocate
NdrStubCall2
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy

kernel32

HeapFree
GetProcessHeap
GetVersionExW
OpenMutexW
CreateMutexW
CreateTimerQueueTimer
DeleteTimerQueueTimer
GlobalFree
FlushInstructionCache
CreateEventW
ResetEvent
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapAlloc
MulDiv
GlobalLock
GlobalUnlock
lstrcmpW
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
Sleep
GetVersionExA
OpenFileMappingW
MapViewOfFile
InterlockedExchange
GetTickCount
UnmapViewOfFile
CloseHandle
GetCurrentThreadId
ProcessIdToSessionId
LoadLibraryExW
FindResourceW
LoadLibraryA
GlobalAlloc
InterlockedCompareExchange
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GetLastError
TlsAlloc
TlsFree
lstrlenW
TlsGetValue
TlsSetValue
RaiseException
EnterCriticalSection
LoadLibraryW
LeaveCriticalSection
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection

advapi32

RegCloseKey
RegCreateKeyExW
EventRegister
EventUnregister
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
EventWrite

Exports

Exports

AdviseHook
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EndCaretTracking
ProcessCaretEvents
ProcessCiceroCaretEvent
StartCaretTracking
UnadviseHook

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb0cf59ad2257177839380b582cd5599

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

user32

gdi32

ole32

oleaut32

rpcrt4

kernel32

advapi32

Exports

Exports

Sections

.text Size: 237KB - Virtual size: 236KB

.orpc Size: 2KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 237KB - Virtual size: 236KB

.orpc
Size: 2KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 13KB - Virtual size: 13KB