pmStart[.]exe[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

pmStart.exe.7z
Size

84KB
MD5

a58e0c5e57822ae46d9c950f6ed2986b
SHA1

c162bc8b01a9f195d29af2fae461d00f01ba4445
SHA256

2ec7ffb99801dc2f6a5a8125e6104b8fd167b34a21e4e092e5676387f1796aff
SHA512

0aada73591f02a855cca77604af88a02a72d22e8e3302055ff04d00afb1656b59e67f0a143f0dede1bab75ddf1d3d439eb2644dd95ee51ecac71bb25df947308
SSDEEP

1536:yWzK/ScBaXk5bsGXXJyUBXFZJrdp0BarZw3lErunjnbJEAi:oZB9egXJ9Jswdrunjnb6A

Score

1^/10

Malware Config

Signatures

Files

pmStart.exe.7z
.7z

Password: infected
pmStart.exe
.exe windows x86

Password: infected

2d0f820239e91ea5f7e436ad46a33356

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SelectPalette
SelectObject
RealizePalette
GetObjectW
GetDIBColorTable
CreatePalette
CreateHalftonePalette
CreateCompatibleDC
BitBlt

kernel32

WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualFree
VirtualAlloc
UnmapViewOfFile
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
Sleep
SetUnhandledExceptionFilter
SetFilePointer
SetEvent
SetErrorMode
SetEnvironmentVariableW
ResumeThread
ResetEvent
ReleaseMutex
RaiseException
OutputDebugStringW
OutputDebugStringA
OpenProcess
OpenEventW
OpenEventA
MultiByteToWideChar
MapViewOfFile
LocalHandle
LocalFree
LoadLibraryW
LoadLibraryExA
InterlockedIncrement
InterlockedDecrement
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadContext
GetSystemInfo
GetStdHandle
GetOEMCP
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileType
GetEnvironmentVariableW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleCP
GetCommandLineW
GetCommandLineA
GetCPInfo
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FormatMessageA
ExitThread
ExitProcess
DuplicateHandle
CreateThread
CreateProcessW
CreateMutexA
CreateFileMappingA
CreateEventW
CreateEventA
CloseHandle

lccrt_vc

LCcrt_setlocale
LCcrt_fputs
LCcrt_fgets
LCcrt_fclose
LCcrt__wstat
LCcrt__wfsopen

user32

WaitForInputIdle
TranslateMessage
SetWindowPos
SetWindowLongW
SendMessageW
ReleaseDC
MessageBoxW
LoadImageW
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
GetSystemMetrics
GetMessageW
GetDesktopWindow
GetDC
GetClassNameW
EndPaint
DispatchMessageW
DestroyWindow
CreateWindowExW
BeginPaint

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

2d0f820239e91ea5f7e436ad46a33356

Headers

File Characteristics

Imports

gdi32

kernel32

lccrt_vc

user32

Sections

.text Size: 181KB - Virtual size: 180KB

.data Size: 22KB - Virtual size: 22KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 988B

.data Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 3KB

.text
Size: 181KB - Virtual size: 180KB

.data
Size: 22KB - Virtual size: 22KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 988B

.data
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 3KB