717b5bad59c6a80ca8487bc2a54851416ec0392edbcfa168a4a3c22e0f84e965

Sharing

Copy URL

Twitter E-mail

General

Target

717b5bad59c6a80ca8487bc2a54851416ec0392edbcfa168a4a3c22e0f84e965
Size

1.1MB
MD5

ef3064635ac44e119c30cde350e9ade2
SHA1

f6515774a5ca1ac2c1db908f4e13dae546316cad
SHA256

717b5bad59c6a80ca8487bc2a54851416ec0392edbcfa168a4a3c22e0f84e965
SHA512

6a21a76069edfa9a829c8840e7f0bde51604cf5889a7ff87efa8f1980376e5e0679ccec8e08d0a0e8407675e5c9c5230a19f07b798c7b06333f45bec61698519
SSDEEP

12288:ZBytyMJgudHnb02jtS+p/GLNdJRMq1eHeQoI8IrTcEyX2SlkEj:FeHMNdJ+eQoUyX2kk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
717b5bad59c6a80ca8487bc2a54851416ec0392edbcfa168a4a3c22e0f84e965

Files

717b5bad59c6a80ca8487bc2a54851416ec0392edbcfa168a4a3c22e0f84e965
.exe windows:4 windows x86

05619851d1291d8f8e3944fe8dbb0d52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bwutils

BwEncryptEx
BwDecryptEx

bwgdiplus

BwGdiplusRectangle
BwGdiplusBox
BwGdiplusPolyline
BwGdiplusDeleteFont
BwGdiplusCreateFontIndirect
BwGdiplusCreatePolyPolygonGradientBrushPresetBlend
BwGdiplusCreatePolygonGradientBrushPresetBlend
BwGdiplusCreateLineGradientBrushPresetBlend
BwGdiplusExtTextOutBrush
BwGdiplusExtTextOut
BwGdipulsStartup
BwGdiGdiplusShutdown
BwGdiplusSetSmoothness
BwGdiplusDeletePath
BwGdiplusGetPath
BwGdiplusWarpPath
BwGdiplusPolygon
BwGdiplusCreatePath
BwGdiplusDisposeImage
BwGdiplusDrawImageStretch
BwGdiplusLoadImageFromFile
BwGdiplusDrawImageRotate
BwGdiplusGetImageHeight
BwGdiplusGetImageWidth
BwGdiplusFlattenPath
BwGdiplusAddPathBeziers
BwGdiplusAddPathCurves
BwGdiplusGetPathLastPoint
BwGdiplusAddPathArc
BwGdiplusDeletePathData
BwGdiplusFlattenPathData
BwGdiplusOutlinePath
BwGdiplusWidenPath
BwGdiplusCreatePen
BwGdiplusLine
BwGdiplusDeletePen
BwGdiplusCreateSolidBrush
BwGdiplusGetGraphics
BwGdiplusPolyPolygon
BwGdiplusReleaseGraphics
BwGdiplusAddPathLine
BwGdiplusDeleteBrush

bwabout

BwGetPrivateProfileStringMutex
BwGetPrivateProfileIntMutex
AbDaqHtmlHelpContext
AbDaqHtmlHelpContents
AbDaqHtmlHelpSearch
AbDaqHtmlHelpIndex
AbDaqLoadStringOEM
BwWritePrivateProfileStringMutex

drawcom

DcDaqSetBwwebvHwnd
DcDaqGetLocalIP
DcDaqGetSecurityCode
DcDaqReleaseBroadWebRPCVersion
DcDaqInitBroadWebRPCVersion
DcDaqFullpath
DcDaqGetShortPathName
DcDaqFindFileData
DcDaqPingDcomServer
DcDaqCopyFileFromRemote
DcDaqAccess
DcDaqCompareFileTimeByName
DcDaqCopyFileToRemote

webdcom

ord41
ord40

webddlg

DgInitDialogDll
DgSetProjectPath
DgExitDialogDll
DgDlgMessageBox
DgAboutDialog
DgMacroDialog
DgRecipeDialog
DgAnimationDialog
DgShowAnimationListDialog
DgTrendDialog
DgBarChartDialog
DgArrayTrendDialog
DgArrayBarChartDialog
DgCirChartDialog
DgArrayCirChartDialog
DgXYPlotDialog
DgArrayXYPlotDialog
DgPushButtonDialog
DgDisplayDialog
DgDragRegionDialog
DgPanelDialog
DgGradientDialog
DgLayerDialog
DgKeyMapDialog
DgGridSnapDialog
DgGetLineType
DgColorPalette
DgLtgFileDialog
DgGetLineWidth
DgPTextDialog
DgVTextDialog
DgAlignDialog
DgDistributionDialog
DgFileInputPreview
DgFileInputBitmap
DgFileInputEditBox
DgFileInputCheckBox
DgSaveFileInputCheckBox
DgFileInputLocal
DgUploadFileToRemoteDir
DgGetLineAttribute
DgReplaceColor
DgReplaceText
DgDoeTransparentBlt
DgLoadPictureEx
DgCodeEditor
DgSystemPathInput2
DgSysDrawInfo
DgTagBlkList
DgToolBarConfiguration
DgColorConfiguration
DgScrFileDialog
DgMcrFileDialog
DgGetLayerNo

kernel32

GetStartupInfoA
GetShortPathNameA
CreateFileA
ReadFile
FindNextFileA
GetFileSize
GlobalSize
_llseek
OpenFile
_lclose
GlobalReAlloc
_lwrite
_lread
GetLastError
OpenEventA
SetEvent
GetModuleHandleA
GetPrivateProfileIntA
TerminateProcess
GetComputerNameA
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateEventA
DeleteCriticalSection
WinExec
GetModuleFileNameA
OpenProcess
GetCurrentProcess
DuplicateHandle
DeleteFileA
CreateMutexA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
CloseHandle
GetPrivateProfileStringA
FindFirstFileA
FindClose
GetTickCount
WaitForSingleObject
ReleaseMutex
CopyFileA
GetSystemDefaultLangID
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
IsDBCSLeadByte
MultiByteToWideChar
Sleep
Beep
lstrlenA

user32

UnregisterClassA
DestroyWindow
RegisterClassA
CreateWindowExA
DefWindowProcA
GetKeyState
SetFocus
GetFocus
MapVirtualKeyA
SendMessageA
FindWindowA
SetWindowLongA
DestroyCursor
LoadIconA
ShowWindow
GetUpdateRect
InvalidateRect
PostQuitMessage
PostMessageA
BeginPaint
EndPaint
MessageBoxA
LoadStringA
EnableMenuItem
UpdateWindow
PostThreadMessageA
GetWindow
DestroyIcon
DrawIconEx
LoadImageA
IsCharAlphaNumericA
SetWindowPos
CreatePopupMenu
LoadMenuA
GetMenuItemID
IsWindowVisible
GetCursorPos
WindowFromPoint
InsertMenuA
DeleteMenu
GetSystemMetrics
ReleaseCapture
SetCapture
GetClientRect
IsIconic
LoadCursorA
SetCursor
GetAsyncKeyState
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
GetDC
ReleaseDC
ModifyMenuA
GetMenuStringA
GetSubMenu
AppendMenuA
GetSysColor
KillTimer
SetTimer
ShowCursor
ClientToScreen
ClipCursor
SetRect
DrawTextA
DestroyMenu
TrackPopupMenu
GetWindowRect

gdi32

SelectPalette
DeleteObject
SetROP2
CreatePen
ExtCreatePen
SelectClipRgn
PolyPolygon
SetPolyFillMode
CreateSolidBrush
SelectObject
ExtSelectClipRgn
GetRgnBox
GetClipRgn
CreateRectRgn
LineTo
MoveToEx
Polygon
Rectangle
GetStockObject
Polyline
SetPixelV
ExtTextOutA
SetBkColor
SetTextColor
SetTextAlign
CreateFontIndirectA
SetBkMode
GetBkMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetViewportExtEx
SetWindowExtEx
GetGlyphOutlineA
GetGlyphOutlineW
SetMapMode
GetViewportExtEx
GetWindowExtEx
GetMapMode
PolyPolyline
CreatePalette
GetRasterizerCaps
GetPaletteEntries
GetNearestPaletteIndex
GetTextExtentPointA
GetDIBits
GetObjectA
StretchDIBits
DeleteDC
EnumFontFamiliesA
CreateDCA
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetStretchBltMode
CreatePolygonRgn
PatBlt
StretchBlt
GetBitmapDimensionEx
GetPath
FlattenPath
EndPath
BeginPath
WidenPath
IntersectClipRect
RealizePalette

oleaut32

SysFreeString
SysAllocStringLen

msvcrt

rewind
longjmp
_setjmp3
fopen
getenv
tmpfile
_except_handler3
_fullpath
tan
asin
acos
_strnicmp
realloc
setvbuf
strncmp
rand
toupper
_chdrive
vsprintf
memmove
strcmp
fwrite
ftell
fseek
getc
fputs
exit
sprintf
fabs
memcmp
putc
rename
pow
free
malloc
_ftol
memcpy
strncpy
sin
cos
strlen
qsort
calloc
fclose
sscanf
atoi
atof
strchr
strrchr
fgets
_fsopen
strcat
strcpy
_getcwd
strstr
atan
sqrt
atan2
floor
labs
time
_stat
_strrev
ceil
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
_stricmp
_fcloseall
_strcmpi
_access
_unlink
_chdir
_mkdir
_close
_open
_fdopen
_setmode
fread

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.my_data
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 598KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05619851d1291d8f8e3944fe8dbb0d52

Headers

File Characteristics

Imports

bwutils

bwgdiplus

bwabout

drawcom

webdcom

webddlg

kernel32

user32

gdi32

oleaut32

msvcrt

Sections

.text Size: 464KB - Virtual size: 461KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 28KB - Virtual size: 320KB

.my_data Size: 4KB - Virtual size: 100B

.rsrc Size: 600KB - Virtual size: 598KB

.text
Size: 464KB - Virtual size: 461KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 28KB - Virtual size: 320KB

.my_data
Size: 4KB - Virtual size: 100B

.rsrc
Size: 600KB - Virtual size: 598KB