343bc9c685c017666c5f6b70a08accace535ed267b9024e718f8cbb4485d0d3a

Sharing

Copy URL

Twitter E-mail

General

Target

343bc9c685c017666c5f6b70a08accace535ed267b9024e718f8cbb4485d0d3a
Size

1.0MB
MD5

0ee3fcea70fcfc73ece0267936c38b8b
SHA1

50fdd9fd47cc6051ce2921b1e11c97cc7afe5a09
SHA256

343bc9c685c017666c5f6b70a08accace535ed267b9024e718f8cbb4485d0d3a
SHA512

4f40533f107dc1d9407e9d70a13f7648cd9a132e491991d95da161b700e55ee2357c79e1da907e199aea408dc8b54e7bd793f1307a7fd6d468877c3dd4d0e2ff
SSDEEP

12288:XlwfQQDAu+dRsShohV3jEQ2CQXimd7reZtX32819TT86VLIPHDSoF:XdWSAit

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
343bc9c685c017666c5f6b70a08accace535ed267b9024e718f8cbb4485d0d3a

Files

343bc9c685c017666c5f6b70a08accace535ed267b9024e718f8cbb4485d0d3a
.exe windows:4 windows x86

9319aa67c233a0c3acf002b9b24cbc02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

libguile-2.2-1

scm_boot_guile
scm_c_eval_string
scm_c_use_module
scm_call_1
scm_call_2
scm_current_output_port
scm_from_locale_string
scm_is_string
scm_to_int32
scm_to_utf8_string

libboost_locale-mt

_ZN5boost6locale19base_message_formatIcE2idE
_ZN5boost6locale7details13format_parser12get_positionEv
_ZN5boost6locale7details13format_parser12set_one_flagERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESA_
_ZN5boost6locale7details13format_parser7restoreEv
_ZN5boost6locale7details13format_parserC1ERSt8ios_basePvPFvS5_RKSt6localeE
_ZN5boost6locale7details13format_parserD1Ev
_ZN5boost6locale8ios_info13display_flagsEy
_ZN5boost6locale8ios_info21date_time_pattern_setEv
_ZN5boost6locale8ios_info3getERSt8ios_base
_ZNK5boost6locale8ios_info9domain_idEv

libboost_program_options-mt

_ZN5boost15program_options10validators22check_first_occurrenceERKNS_3anyE
_ZN5boost15program_options11bool_switchEPb
_ZN5boost15program_options11to_internalERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5boost15program_options13variables_mapC1Ev
_ZN5boost15program_options16validation_error12get_templateB5cxx11ENS1_6kind_tE
_ZN5boost15program_options19options_description11add_optionsEv
_ZN5boost15program_options19options_description21m_default_line_lengthE
_ZN5boost15program_options19options_description3addERKS1_
_ZN5boost15program_options19options_descriptionC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEjj
_ZN5boost15program_options19options_descriptionC1Ejj
_ZN5boost15program_options20invalid_option_valueC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN5boost15program_options22error_with_option_nameC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_S9_i
_ZN5boost15program_options29options_description_easy_initclEPKcPKNS0_14value_semanticES3_
_ZN5boost15program_options30positional_options_description3addEPKci
_ZN5boost15program_options30positional_options_descriptionC1Ev
_ZN5boost15program_options3argB5cxx11E
_ZN5boost15program_options5storeERKNS0_20basic_parsed_optionsIcEERNS0_13variables_mapEb
_ZN5boost15program_options6detail7cmdline22set_positional_optionsERKNS0_30positional_options_descriptionE
_ZN5boost15program_options6detail7cmdline23set_options_descriptionERKNS0_19options_descriptionE
_ZN5boost15program_options6detail7cmdline27get_canonical_option_prefixEv
_ZN5boost15program_options6detail7cmdline3runEv
_ZN5boost15program_options6detail7cmdlineC2ERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS9_EE
_ZN5boost15program_options6notifyERNS0_13variables_mapE
_ZN5boost15program_options8validateERNS_3anyERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS9_EEPS9_i
_ZN5boost15program_optionslsERSoRKNS0_19options_descriptionE
_ZNK5boost15program_options22error_with_option_name23substitute_placeholdersERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNK5boost15program_options22error_with_option_name4whatEv
_ZNK5boost15program_options29value_semantic_codecvt_helperIcE5parseERNS_3anyERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaISB_EEb
_ZTVN5boost15program_options13variables_mapE
_ZTVN5boost15program_options22error_with_option_nameE
_ZTVN5boost15program_options29value_semantic_codecvt_helperIcEE

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__register_frame_info

libglib-2.0-0

g_build_filename
g_error_free
g_file_test
g_free
g_get_tmp_dir
g_list_free_full
g_log
g_print
g_strdup
g_utf16_to_utf8
g_utf8_to_utf16

libintl-8

libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_gettext
libintl_setlocale
libintl_textdomain

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCommandLineW
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetUserDefaultLocaleName
InitializeCriticalSection
IsValidLocaleName
LeaveCriticalSection
LoadLibraryA
LocalFree
LocaleNameToLCID
SetThreadLocale
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_cexit
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
getenv
malloc
memcmp
memcpy
memmove
signal
strchr
strlen
strncmp
vfprintf

shell32

CommandLineToArgvW

libstdc++-6

_ZNKSt11logic_error4whatEv
_ZNKSt13runtime_error4whatEv
_ZNKSt6locale2id5_M_idEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13get_allocatorEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5emptyEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6lengthEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7_M_dataEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareERKS4_
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE8capacityEv
_ZNKSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEE3strEv
_ZNKSt9basic_iosIcSt11char_traitsIcEEntEv
_ZNKSt9type_infoeqERKS_
_ZNSaIcEC1ERKS_
_ZNSaIcEC1Ev
_ZNSaIcED1Ev
_ZNSaIcED2Ev
_ZNSolsEPFRSoS_E
_ZNSolsEPFRSt8ios_baseS0_E
_ZNSt11logic_errorC2ERKS_
_ZNSt11logic_errorD2Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC2EPKc
_ZNSt13runtime_errorC2ERKS_
_ZNSt13runtime_errorD1Ev
_ZNSt13runtime_errorD2Ev
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt6localeC1ERKS_
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_disposeEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE11_M_capacityEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_Alloc_hiderC1EPcRKS3_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_M_local_dataEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_M_set_lengthEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_S_copy_charsEPcN9__gnu_cxx17__normal_iteratorIS5_S4_EES8_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_S_copy_charsEPcPKcS7_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE3endEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5beginEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6insertEjRKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7_M_dataEPc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERjj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS3_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEc
_ZNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEC1Ev
_ZNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8bad_castD2Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE5imbueERKSt6locale
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt25__throw_bad_function_callv
_ZSt28__throw_bad_array_new_lengthv
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt4cerr
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c
_ZStlsIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_St5_Setw
_ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZTIc
_ZTIv
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVSt8bad_cast
_ZTVSt9exception
_ZdaPv
_ZdlPvj
_Znaj
_Znwj
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__dynamic_cast
__gxx_personality_v0

libgnc-report

gnc_report_init
gnc_run_report_with_error_handling

libgnc-app-utils

_ZN9GncQuotes12had_failuresEv
_ZN9GncQuotes15report_failuresB5cxx11Ev
_ZN9GncQuotes16sources_as_glistEv
_ZN9GncQuotes5fetchEP8_QofBook
_ZN9GncQuotes6reportEPKcRKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS8_EEb
_ZN9GncQuotes7sourcesB5cxx11Ev
_ZN9GncQuotes7versionB5cxx11Ev
_ZN9GncQuotesC1Ev
_ZN9GncQuotesD1Ev
gnc_prefs_init

libgnc-expressions

gfec_try_load

libgnc-core-utils

_Z18gnc_list_all_pathsv
_Z19gnc_open_filestreamPKc
_Z20gnc_get_boost_localev
_Z21gnc_init_boost_localeRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
gnc_build_id
gnc_environment_setup
gnc_filepath_init
gnc_gbr_init
gnc_path_get_localedir
gnc_path_get_pkgsysconfdir
gnc_prefs_is_debugging_enabled
gnc_prefs_set_debugging
gnc_prefs_set_extra
gnc_prefs_set_namespace_regexp
gnc_userconfig_dir
gnc_version

libgnc-engine

gnc_engine_init
gnc_engine_shutdown
gnc_get_current_session
gnc_hook_run
gnc_quote_source_set_fq_installed
qof_event_resume
qof_event_suspend
qof_log_check
qof_log_init_filename
qof_log_init_filename_special
qof_log_level_from_string
qof_log_parse_log_config
qof_log_prettify
qof_log_set_level
qof_session_begin
qof_session_destroy
qof_session_get_book
qof_session_get_error
qof_session_get_error_message
qof_session_load
qof_session_save

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 244B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 1024B - Virtual size: 707B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/94
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/110
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9319aa67c233a0c3acf002b9b24cbc02

Headers

DLL Characteristics

File Characteristics

Imports

libguile-2.2-1

libboost_locale-mt

libboost_program_options-mt

libgcc_s_dw2-1

libglib-2.0-0

libintl-8

kernel32

msvcrt

shell32

libstdc++-6

libgnc-report

libgnc-app-utils

libgnc-expressions

libgnc-core-utils

libgnc-engine

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 512B - Virtual size: 124B

.rdata Size: 13KB - Virtual size: 12KB

/4 Size: 76KB - Virtual size: 76KB

.bss Size: - Virtual size: 244B

.idata Size: 14KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 174KB - Virtual size: 174KB

.reloc Size: 3KB - Virtual size: 2KB

/14 Size: 1024B - Virtual size: 656B

/29 Size: 34KB - Virtual size: 34KB

/41 Size: 7KB - Virtual size: 6KB

/55 Size: 6KB - Virtual size: 6KB

/67 Size: 1024B - Virtual size: 707B

/78 Size: 7KB - Virtual size: 6KB

/94 Size: 3KB - Virtual size: 2KB

/110 Size: 512B - Virtual size: 384B

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 512B - Virtual size: 124B

.rdata
Size: 13KB - Virtual size: 12KB

/4
Size: 76KB - Virtual size: 76KB

.bss
Size: - Virtual size: 244B

.idata
Size: 14KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 174KB - Virtual size: 174KB

.reloc
Size: 3KB - Virtual size: 2KB

/14
Size: 1024B - Virtual size: 656B

/29
Size: 34KB - Virtual size: 34KB

/41
Size: 7KB - Virtual size: 6KB

/55
Size: 6KB - Virtual size: 6KB

/67
Size: 1024B - Virtual size: 707B

/78
Size: 7KB - Virtual size: 6KB

/94
Size: 3KB - Virtual size: 2KB

/110
Size: 512B - Virtual size: 384B