44e1c98eb7a5c5ffb56b0397b4d7a3d3b6ffe11339515641a3a2e56326909b4f

Sharing

Copy URL Twitter E-mail

General

Target

44e1c98eb7a5c5ffb56b0397b4d7a3d3b6ffe11339515641a3a2e56326909b4f
Size

2.1MB
MD5

1c9f9dae4296331e08d4b05996a4d453
SHA1

67159f89c43de2e3320735ff718679d8f0951916
SHA256

44e1c98eb7a5c5ffb56b0397b4d7a3d3b6ffe11339515641a3a2e56326909b4f
SHA512

1526ee92f4dd437eb5431aa6a55fa718c683b2f67ad6521aa69022a9ff33d080174a2411dbc325c407cb13db7111bbd84f38041cf079d6d007371235d42b62bf
SSDEEP

24576:Grpa97XmzQCHga+M/Bi5jMkDhTuTdFQj3jD:R97Xm1Hbi9LDhiTTQb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44e1c98eb7a5c5ffb56b0397b4d7a3d3b6ffe11339515641a3a2e56326909b4f

Files

44e1c98eb7a5c5ffb56b0397b4d7a3d3b6ffe11339515641a3a2e56326909b4f
.exe windows:4 windows x86

316df1011af2070fa39ef74c2606c11b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCpyW
PathAppendA
PathRemoveFileSpecA

ws2_32

inet_ntoa
WSACleanup
gethostbyname
gethostname
WSAStartup

sdcommon

??0CSDCommon@@QAE@XZ
?GetExeFromExt@CSDCommon@@QAE_NPBDPADPAH@Z
??1CSDCommon@@QAE@XZ

kernel32

RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitThread
HeapReAlloc
HeapSize
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
SetVolumeLabelA
GetDiskFreeSpaceExA
InterlockedExchange
VirtualFree
VirtualAlloc
OutputDebugStringA
GetModuleFileNameA
FindClose
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FreeLibrary
LocalFree
FormatMessageA
LoadLibraryExA
CloseHandle
GetStdHandle
UnmapViewOfFile
CreateFileMappingA
WriteFile
GetLastError
CreateFileA
SetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetEnvironmentVariableA
GetComputerNameExA
OpenProcess
GetCurrentProcessId
ReleaseMutex
WaitForSingleObject
OpenMutexA
CreateDirectoryA
GetVersion
GetLongPathNameA
GetTempPathA
lstrcmpiA
GetProcAddress
GetModuleHandleA
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
CreateThread
InitializeCriticalSection
CopyFileA
Sleep
MapViewOfFile
CreateMutexA
FindFirstFileW
SetFileTime
GetFileTime
GetFileSize
GetFileAttributesA
CreateEventA
GetPrivateProfileStringA
MoveFileExA
CreateProcessA
GetTempFileNameA
DeleteCriticalSection
OutputDebugStringW
GetFullPathNameA
GetVolumeInformationA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
DuplicateHandle
SetErrorMode
GetThreadLocale
GetCurrentDirectoryA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
SizeofResource
GlobalFlags
GlobalAlloc
lstrcmpA
GetCurrentThread
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
FindNextFileA
lstrcpynA
InterlockedDecrement
InterlockedIncrement
MulDiv
SetLastError
lstrcatA
GetSystemTimeAsFileTime
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetACP
GetPrivateProfileIntA
GetVersionExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemDirectoryA
LoadLibraryA

user32

PostThreadMessageA
RegisterClipboardFormatA
CharUpperA
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
LoadStringA
GetSysColorBrush
LoadCursorA
GetDesktopWindow
GetClassNameA
DestroyMenu
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
LoadIconA
MapDialogRect
SetWindowContextHelpId
SetCursor
PostQuitMessage
GetMessageA
TranslateMessage
ValidateRect
InflateRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetClientRect
LoadBitmapA
SendMessageA
PostMessageA
EnableWindow
GetFocus
SetTimer
GetWindowLongA
KillTimer
ReleaseDC
GetDC
GetWindowRect
GetCursorPos
SetForegroundWindow
OffsetRect
FillRect
RedrawWindow
DrawTextA
GetSysColor
WindowFromPoint
FindWindowA
GetClassInfoA
wsprintfA
MessageBoxA
InvalidateRect
SetWindowLongA
DrawIcon
GetSystemMetrics
IsIconic
GetSubMenu
LoadMenuA
GetMessagePos
SystemParametersInfoA
PtInRect
IsWindowEnabled
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
IntersectRect
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetDlgItem

gdi32

TextOutA
ExtTextOutA
Escape
GetMapMode
PatBlt
GetDeviceCaps
DPtoLP
GetTextColor
GetBkColor
LPtoDP
StretchBlt
CreateCompatibleDC
GetObjectA
CreateSolidBrush
CreatePen
GetTextMetricsA
CreateFontA
DeleteDC
BitBlt
SelectObject
GetStockObject
RectVisible
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetTextExtentPointA
PtVisible
GetWindowExtEx
GetClipBox
GetViewportExtEx
CreateDIBitmap
DeleteObject
CreateFontIndirectA

comdlg32

GetFileTitleA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CloseServiceHandle
OpenServiceA
OpenSCManagerA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
GetUserNameA
LookupAccountSidA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
RegCloseKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptSignHashA
CryptDestroyHash
CryptGetUserKey
CryptDestroyKey
CryptAcquireContextA
QueryServiceStatus
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

FindExecutableA
ShellExecuteA
SHFileOperationA

comctl32

_TrackMouseEvent
ord17
ImageList_Destroy

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
OleInitialize

olepro32

ord253

oleaut32

VariantTimeToSystemTime
VariantCopy
VariantClear
VariantChangeType
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen

fsp_notice

FspMessageBox

csp_crypto_dll

Close
GetSerialNumber
Init
GetLastErr

fspfileout

InstallDriver
StartDriver
AddTrustProc
EncFolderCtrl
DelTrustProc

sd_assistp

GetMachineCode
SERInstallDriver
SERStartDriver

loaderinterface

SetFileRight

psapi

GetProcessImageFileNameA

sdcommonex

??0CSDCommonEx@@QAE@XZ
??1CSDCommonEx@@QAE@XZ
?SD_GetDiskSN@CSDCommonEx@@QAEIPADI@Z

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 600KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

316df1011af2070fa39ef74c2606c11b

Headers

File Characteristics

Imports

shlwapi

ws2_32

sdcommon

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

fsp_notice

csp_crypto_dll

fspfileout

sd_assistp

loaderinterface

psapi

sdcommonex

iphlpapi

Sections

.text Size: 600KB - Virtual size: 599KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 84KB - Virtual size: 107KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 600KB - Virtual size: 599KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 84KB - Virtual size: 107KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB