134b024b88b4a35ce04596660dd009fd111f7037e93cdc21c069f3931c0051e8

Sharing

Copy URL Twitter E-mail

General

Target

134b024b88b4a35ce04596660dd009fd111f7037e93cdc21c069f3931c0051e8
Size

615KB
MD5

9acc641cf63adcfea7c00996b8bfff60
SHA1

d385dd679dbe51764d70885bad8030145c377ace
SHA256

134b024b88b4a35ce04596660dd009fd111f7037e93cdc21c069f3931c0051e8
SHA512

b857379aedb50a3df95c84911038004163a9ea361e40da1e08a10ecca4f3ae845762084ab40a3a3fb78ba7b03da2a8f695b53c8f0304a6b2ad7f36688782a60a
SSDEEP

12288:SXQDaF1yq9EYXgOt542BbYdcqmAJTsNwJTh6rRi:CyqJXNt2CdqmAVsNwb6rRi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
134b024b88b4a35ce04596660dd009fd111f7037e93cdc21c069f3931c0051e8

Files

134b024b88b4a35ce04596660dd009fd111f7037e93cdc21c069f3931c0051e8
.exe windows x86

66a642d4c2f73c3104125ef3bead61c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

basicsqlite

??0RCSQLiteConnection@RC@@QAE@XZ
??1RCSQLiteConnection@RC@@QAE@XZ

gdiplus

GdiplusStartup
GdiplusShutdown

imm32

ImmDisableIME

kernel32

CreateSemaphoreW
CreateThread
TerminateThread
GetProcessId
ReleaseSemaphore
RtlCaptureContext
lstrcmpW
CreateEventA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
CreateFileW
LocalAlloc
GetCurrentProcess
InterlockedIncrement
GetProcessHeap
UnhandledExceptionFilter
InitializeSListHead
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
lstrlenW
GetFullPathNameW
CreateDirectoryW
GetFileSize
ReadFile
WaitForSingleObject
FindClose
LoadLibraryA
GetFileAttributesW
GetFileAttributesExW
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
FreeLibrary
LoadLibraryW
CreateProcessW
WaitForMultipleObjects
lstrcmpiW
FindResourceW
LoadResource
LockResource
HeapAlloc
GetVersionExW
GetEnvironmentVariableW
ResetEvent
SetEvent
Sleep
CreateEventW
GetWindowsDirectoryW
GetModuleHandleExW
SetFilePointer
WriteFile
LocalFree
GetLocalTime
InterlockedDecrement
HeapFree
GetCurrentProcessId
GetLastError
CreateMutexW
OpenMutexW
CloseHandle
GetModuleHandleW
GetProcAddress
ReleaseMutex
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
OpenProcess
SetThreadPriority
GetExitCodeThread
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc

user32

SetForegroundWindow
IsWindow
ShowWindow
SendMessageW
GetWindowLongW
wsprintfW

advapi32

FreeSid
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
StartServiceW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
OpenServiceW
QueryServiceStatusEx
AllocateAndInitializeSid
EqualSid
GetTokenInformation

msvcp140

?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Mtx_destroy_in_situ
?classic@locale@std@@SAABV12@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

shlwapi

PathFileExistsW

vcruntime140

__std_exception_destroy
__RTDynamicCast
_set_purecall_handler
__RTtypeid
memchr
memmove
memcpy
__std_type_info_compare
memset
_CxxThrowException
_except_handler4_common
wcschr
__std_terminate
__std_type_info_name
__CxxFrameHandler3
strchr
_purecall
strstr
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
strerror_s
_controlfp_s
terminate
_set_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

_itow_s
atoi

api-ms-win-crt-string-l1-1-0

isspace
wcscpy_s
towupper
towlower
_stricmp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__p__commode
__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vsprintf_s
_set_fmode

api-ms-win-crt-time-l1-1-0

_mktime64
_localtime64

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

floor
_except1
_isnan
ceil
_dtest
__setusermatherr
_finite

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

?__autoclassinit2@RCSQLiteConnection@RC@@QAEXI@Z
?__autoclassinit2@RCSQLiteRecordSet@RC@@QAEXI@Z

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66a642d4c2f73c3104125ef3bead61c5

Headers

DLL Characteristics

File Characteristics

Imports

basicsqlite

gdiplus

imm32

kernel32

user32

advapi32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 314KB - Virtual size: 313KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 314KB - Virtual size: 313KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 21KB - Virtual size: 21KB