PUI_Push111[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PUI_Push111.exe
Size

1.0MB
MD5

21f1feb6dac0fd9188381f790f513132
SHA1

36b58392d469e2e7027096071dfc4c724e895c63
SHA256

7fefb2fd70d1f6c8885df9dadf7685c75454d67156d25596edae42da28ae8627
SHA512

69f258afde9ff84f15107f27bc8e312d225916b26cee928fd351f4e6a67db508aeca76e11de6d778f2cafe92330ff56cc5efc214f3692980beb838c5c50aae2d
SSDEEP

24576:Os7Qmu/k9bPJhn/IBsqaDAE3fDTqng4u6tC:dM8BPJhn/AsprPDugk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PUI_Push111.exe

Files

PUI_Push111.exe
.exe windows:5 windows x86

1647dfbdebb9c63e6c9ba2adb51e8902

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurld

curl_easy_perform
curl_slist_append
curl_easy_setopt
curl_easy_init
curl_easy_cleanup

kernel32

IsBadWritePtr
EncodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
DecodePointer
IsDebuggerPresent
FindNextFileA
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
GlobalMemoryStatusEx
GlobalAlloc
GlobalFree
GetDiskFreeSpaceExA
LoadLibraryA
SetErrorMode
GetFileAttributesA
GetPrivateProfileStringA
lstrlenA
SetConsoleCtrlHandler
CopyFileA
OutputDebugStringA
CreateDirectoryA
GetModuleFileNameA
ResumeThread
DeleteFileA
CreateFileA
GetCurrentProcessId
GetLocalTime
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetUnhandledExceptionFilter
GetVersion
GetCurrentThread
SetThreadPriority
TlsGetValue
SetEvent
RaiseException
CreateEventA
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetProcAddress
InterlockedIncrement
TlsSetValue
TlsAlloc
InitializeCriticalSection
InterlockedDecrement
TlsFree
DeleteCriticalSection
CreateMutexA
GetCurrentProcess
DuplicateHandle
GetFullPathNameA
CreateProcessA
TerminateProcess
CloseHandle
SetHandleInformation
ReleaseMutex
WaitForSingleObject
DeleteFileW
CreateDirectoryW
FindNextFileW
FindClose
SetLastError
GetFileAttributesW
FindFirstFileW
GetFileAttributesExW
AllocConsole
Sleep
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
GetLongPathNameW
GetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
FreeConsole
GetTickCount
GetSystemInfo

msvcp100d

??0_Lockit@std@@QAE@XZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
??0_Lockit@std@@QAE@H@Z
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ

ws2_32

send
gethostbyname
gethostname
recv
getnameinfo
ntohs
closesocket
freeaddrinfo
htons
socket
connect
getsockname
getaddrinfo
WSACleanup
WSAStartup
listen
bind
ioctlsocket
__WSAFDIsSet
setsockopt
WSAGetLastError
inet_addr
accept
select
htonl
ntohl
shutdown

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

xosdlld_vc60

_XOS_Startup@0
_XOS_Cleanup@0
_XOS_AddrToU32@4
xprintf
_XOS_CloseSocket@4
_XOS_UDPBind@8
_XOS_TCPRecvDataNB@16
_XOS_TCPSendDataNB@16
_XOS_TCPConnectNB@8
_XOS_TCPConnectProbe@4
_XOSMutex_Delete@4
_XOSMutex_Create@0
_xvprintf@8
_XOSMutex_Lock@4
_XOSMutex_Unlock@4
_XOS_UDPSendToNB@20
_XOS_UDPRecvFromNB@20
_XOS_U32ToAddr@8

watchdogd

Watchdog_Add
Watchdog_Notify
Watchdog_Del
Watchdog_Start
Watchdog_Stop
Watchdog_SetName

aced

?get_string_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDAAV?$ACE_String_Base@D@@@Z
?fseek@ACE_OS@@YAHPAU_iobuf@@JH@Z
?ftell@ACE_OS@@YAJPAU_iobuf@@@Z
?rewind@ACE_OS@@YAXPAU_iobuf@@@Z
?mkdir@ACE_OS@@YAHPBDG@Z
??0ACE_INET_Addr@@QAE@QBD@Z
?fread@ACE_OS@@YAIPAXIIPAU_iobuf@@@Z
?fclose@ACE_OS@@YAHPAU_iobuf@@@Z
?strstr@ACE_OS@@YAPBDPBD0@Z
??0ACE_Configuration_Section_Key@@QAE@XZ
??1ACE_Configuration_Section_Key@@QAE@XZ
??4?$ACE_String_Base@D@@QAEAAV0@ABV0@@Z
?strcasecmp@ACE_OS@@YAHPBD0@Z
?set_integer_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDI@Z
?sprintf@ACE_OS@@YAHPADPBDZZ
?set_string_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDABV?$ACE_String_Base@D@@@Z
?strtoul@ACE_OS@@YAKPBDPAPADH@Z
?length@?$ACE_String_Base@D@@QBEIXZ
?resolve_key@ACE_Configuration_Win32Registry@@SAPAUHKEY__@@PAU2@PBDH@Z
??0ACE_Configuration_Win32Registry@@QAE@PAUHKEY__@@@Z
?get_string_value@ACE_Configuration_Win32Registry@@UAEHABVACE_Configuration_Section_Key@@PBDAAV?$ACE_String_Base@D@@@Z
??1ACE_Configuration_Win32Registry@@UAE@XZ
??0?$ACE_String_Base@D@@QAE@PBDPAVACE_Allocator@@H@Z
??9?$ACE_String_Base@D@@QBE_NABV0@@Z
?strsncpy@ACE_OS@@YAPADPADPBDI@Z
?open@ACE_Configuration_Heap@@QAEHI@Z
?last_error_adapter@ACE_Log_Msg@@SAHXZ
?instance@ACE_Log_Msg@@SAPAV1@XZ
?conditional_set@ACE_Log_Msg@@QAEXPBDHHH@Z
?log@ACE_Log_Msg@@QAAHW4ACE_Log_Priority@@PBDZZ
??0ACE_Ini_ImpExp@@QAE@AAVACE_Configuration@@@Z
?import_config@ACE_Ini_ImpExp@@UAEHPBD@Z
??1ACE_Ini_ImpExp@@UAE@XZ
??4?$ACE_String_Base@D@@QAEAAV0@PBD@Z
??1ACE_Thread_Mutex@@QAE@XZ
?remove_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBD@Z
?find_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDAAW4VALUETYPE@ACE_Configuration@@@Z
?get_binary_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDAAPAXAAI@Z
?get_integer_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDAAI@Z
?set_binary_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDPBXI@Z
?enumerate_sections@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@HAAV?$ACE_String_Base@D@@@Z
?enumerate_values@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@HAAV?$ACE_String_Base@D@@AAW4VALUETYPE@ACE_Configuration@@@Z
?remove_section@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDH@Z
?open_section@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDHAAV2@@Z
?root_section@ACE_Configuration@@UBEABVACE_Configuration_Section_Key@@XZ
??0ACE_Configuration_Heap@@QAE@XZ
??0ACE_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
??1ACE_Configuration_Heap@@UAE@XZ
?release@ACE_Recursive_Thread_Mutex@@QAEHXZ
?acquire@ACE_Recursive_Thread_Mutex@@QAEHXZ
??0?$ACE_String_Base@D@@QAE@PAVACE_Allocator@@@Z
?c_str@?$ACE_String_Base@D@@QBEPBDXZ
?clear@?$ACE_String_Base@D@@QAEXH@Z
??1?$ACE_String_Base@D@@QAE@XZ
?set@ACE_Time_Value@@QAEXJJ@Z
?info@ACE_Shared_Object@@UBEHPAPADI@Z
?fini@ACE_Shared_Object@@UAEHXZ
?init@ACE_Shared_Object@@UAEHHQAPAD@Z
?wait@ACE_Task_Base@@UAEHXZ
?activate@ACE_Task_Base@@UAEHJHHJHPAV1@QAPAX1QAIQAK@Z
?put@ACE_Task_Base@@UAEHPAVACE_Message_Block@@PAVACE_Time_Value@@@Z
?module_closed@ACE_Task_Base@@UAEHXZ
?resume@ACE_Task_Base@@UAEHXZ
?suspend@ACE_Task_Base@@UAEHXZ
?remove_reference@ACE_Event_Handler@@UAEJXZ
?add_reference@ACE_Event_Handler@@UAEJXZ
??0ACE_Time_Value@@QAE@JJ@Z
?sec@ACE_Time_Value@@QBEJXZ
?usec@ACE_Time_Value@@QBEJXZ
?sleep@ACE_OS@@YAHABVACE_Time_Value@@@Z
??1ACE_Recursive_Thread_Mutex@@QAE@XZ
??0?$ACE_Task@VACE_MT_SYNCH@@@@QAE@PAVACE_Thread_Manager@@PAV?$ACE_Message_Queue@VACE_MT_SYNCH@@@@@Z
??0ACE_Recursive_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
??1?$ACE_Task@VACE_MT_SYNCH@@@@UAE@XZ
?get_ip_address@ACE_INET_Addr@@QBEIXZ
??1ACE_INET_Addr@@UAE@XZ
??8?$ACE_String_Base@D@@QBE_NABV0@@Z
?reactor_timer_interface@ACE_Event_Handler@@UBEPAVACE_Reactor_Timer_Interface@@XZ
?reactor@ACE_Event_Handler@@UAEXPAVACE_Reactor@@@Z
?reactor@ACE_Event_Handler@@UBEPAVACE_Reactor@@XZ
?handle_group_qos@ACE_Event_Handler@@UAEHPAX@Z
?handle_qos@ACE_Event_Handler@@UAEHPAX@Z
?resume_handler@ACE_Event_Handler@@UAEHXZ
?handle_signal@ACE_Event_Handler@@UAEHHPAUsiginfo_t@@PAH@Z
?handle_close@ACE_Event_Handler@@UAEHPAXK@Z
?handle_exit@ACE_Event_Handler@@UAEHPAVACE_Process@@@Z
?handle_timeout@ACE_Event_Handler@@UAEHABVACE_Time_Value@@PBX@Z
?handle_exception@ACE_Event_Handler@@UAEHPAX@Z
?handle_output@ACE_Event_Handler@@UAEHPAX@Z
?handle_input@ACE_Event_Handler@@UAEHPAX@Z
?priority@ACE_Event_Handler@@UBEHXZ
?priority@ACE_Event_Handler@@UAEXH@Z
?set_handle@ACE_Event_Handler@@UAEXPAX@Z
?get_handle@ACE_Event_Handler@@UBEPAXXZ
?memset@ACE_OS@@YAPAXPAXHI@Z
?time@ACE_OS@@YAJPAJ@Z
?strlen@ACE_OS@@YAIPBD@Z
?strtol@ACE_OS@@YAJPBDPAPADH@Z
??0ACE_Cleanup@@QAE@XZ
?release@ACE_Thread_Mutex@@QAEHXZ
?acquire@ACE_Thread_Mutex@@QAEHXZ
??1ACE_Cleanup@@UAE@XZ
?starting_up@ACE_Object_Manager@@SAHXZ
?shutting_down@ACE_Object_Manager@@SAHXZ
?fopen@ACE_OS@@YAPAU_iobuf@@PBD0@Z
?get_singleton_lock@ACE_Object_Manager@@SAHAAPAVACE_Thread_Mutex@@@Z
?strcat@ACE_OS@@YAPADPADPBD@Z
?last_error@ACE_OS@@YAHXZ
??0ACE_Main_Base@@QAE@XZ
?ace_os_main_i@@YAHAAVACE_Main_Base@@HQAPAD@Z

msvcr100d

__CxxFrameHandler3
strlen
memcpy
??3@YAXPAX@Z
memmove
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
strcmp
_wassert
isdigit
tolower
isxdigit
_strnicmp
atoi
memchr
strchr
isalnum
free
_invalid_parameter
_CrtDbgReportW
fflush
fputc
fprintf
puts
_vsnprintf
_time32
_wfopen
_stat32
fclose
_beginthread
strtoul
_read
_fileno
ferror
fwrite
rename
remove
sscanf
fgets
fopen
strcat
strcpy
iscntrl
strftime
_gmtime32
qsort
strerror
_localtime32
wcscat
strcspn
realloc
fread
_lseeki64
strstr
strncmp
memcmp
calloc
_mkgmtime32
setbuf
_fdopen
_close
_pipe
strrchr
_get_osfhandle
isspace
atof
isprint
toupper
getenv
_pclose
_popen
fgetc
_strtoi64
memset
_beginthreadex
_errno
_strtoui64
_access
_rmdir
sprintf
_findclose
_findnext32
system
_findfirst32
_mktime32
??_V@YAXPAX@Z
_purecall
_mkdir
ftell
fseek
sprintf_s
strtol
freopen
__iob_func
setlocale
wprintf
wcslen
_vswprintf
strncpy
fputs
_fsopen
fputws
_chsize
rewind
mbstowcs_s
wcstombs_s
_CrtDbgReport
vsprintf
??2@YAPAXIHPBDH@Z
_chkesp
__CxxFrameHandler
_pctype
_isctype
__mb_cur_max
rand
srand
_malloc_dbg
_free_dbg
_assert
strncat
_strdup
putc
_write
getc
strtok
strtod
_realloc_dbg
_snprintf
_calloc_dbg
_iob
fabs
_vsnprintf_s
pow
_CRT_RTC_INITW
_except_handler4_common
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
exit
__initenv
_CrtSetCheckCount
_initterm
_initterm_e
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
printf
strspn
_unlink
_stricmp
_itoa
malloc

dbghelp

MiniDumpWriteDump

pdh

PdhAddCounterA
PdhOpenQueryA
PdhEnumObjectItemsA
PdhGetFormattedCounterValue
PdhCollectQueryData

user32

OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
MessageBoxW
MessageBoxA
wsprintfA
SetThreadDesktop
CloseWindowStation
CloseDesktop
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
OpenProcessToken

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.textbss
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 843KB - Virtual size: 842KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1647dfbdebb9c63e6c9ba2adb51e8902

Headers

DLL Characteristics

File Characteristics

Imports

libcurld

kernel32

msvcp100d

ws2_32

version

xosdlld_vc60

watchdogd

aced

msvcr100d

dbghelp

pdh

user32

advapi32

Exports

Exports

Sections

.textbss Size: - Virtual size: 400KB

.text Size: 843KB - Virtual size: 842KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 6KB - Virtual size: 13KB

.idata Size: 18KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 31KB - Virtual size: 31KB

.textbss
Size: - Virtual size: 400KB

.text
Size: 843KB - Virtual size: 842KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 6KB - Virtual size: 13KB

.idata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 31KB - Virtual size: 31KB