PUI_Push2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PUI_Push2.exe
Size

1.0MB
MD5

3356855cf0d23f59aedf20999fb4ed41
SHA1

ef67ab6b838a41e8f6c173ee8ac8f29918cc1280
SHA256

f34f5c438fe412c8a754452778b3a7cd1ee19b940f27abf30d238fe67724153f
SHA512

99b4d964eca3062db6fea84402139c426b81476264aa2634d7989b5de2a8148299c072daea205fd6d157a7361292348d27c70533de77dce61f7b73abc09b561e
SSDEEP

24576:nfVvAjjXSNR0JgJC+Oy7IaLNWBHTl7Tuu8TCj:fVofSNR0mJVOXisHZ7yej

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PUI_Push2.exe

Files

PUI_Push2.exe
.exe windows:5 windows x86

324463479be6d637b37a0847e3b97e9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
IsProcessorFeaturePresent
GetModuleFileNameW
VirtualQuery
UnhandledExceptionFilter
lstrlenA
IsDebuggerPresent
DecodePointer
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
EncodePointer
IsBadWritePtr
GetProcessHeap
GlobalMemoryStatusEx
GetSystemInfo
GlobalAlloc
GlobalFree
GetDiskFreeSpaceExA
LoadLibraryA
SetErrorMode
SetConsoleCtrlHandler
GetPrivateProfileStringA
GetFileAttributesA
CopyFileA
OutputDebugStringA
OutputDebugStringW
FreeConsole
AllocConsole
CreateDirectoryA
GetModuleFileNameA
ResumeThread
DeleteFileA
CreateFileA
GetCurrentProcessId
GetLocalTime
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetUnhandledExceptionFilter
GetVersion
GetCurrentThread
SetThreadPriority
TlsGetValue
SetEvent
RaiseException
CreateEventA
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetProcAddress
InterlockedIncrement
TlsSetValue
TlsAlloc
InitializeCriticalSection
InterlockedDecrement
TlsFree
DeleteCriticalSection
CreateMutexA
GetCurrentProcess
DuplicateHandle
GetFullPathNameA
CreateProcessA
TerminateProcess
CloseHandle
SetHandleInformation
ReleaseMutex
WaitForSingleObject
DeleteFileW
CreateDirectoryW
FindNextFileW
FindClose
LeaveCriticalSection
SetLastError
GetFileAttributesW
FindFirstFileW
GetFileAttributesExW
Sleep
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
GetLongPathNameW
GetLastError
MultiByteToWideChar
EnterCriticalSection
FindNextFileA
GetTickCount

msvcp100d

??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Debug_message@std@@YAXPB_W0I@Z
??1_Lockit@std@@QAE@XZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ

ws2_32

connect
socket
htons
gethostbyname
getaddrinfo
WSACleanup
getsockname
accept
select
__WSAFDIsSet
ntohl
htonl
gethostname
ioctlsocket
inet_addr
WSAGetLastError
setsockopt
shutdown
closesocket
ntohs
send
recv
getnameinfo
freeaddrinfo
bind
listen
WSAStartup

xosdlld_vc60

_XOS_Cleanup@0
_XOS_Startup@0
_XOS_TCPRecvDataNB@16
_XOS_TCPSendDataNB@16
_XOS_TCPConnectNB@8
_XOS_TCPConnectProbe@4
_XOSMutex_Delete@4
_XOSMutex_Create@0
_XOS_AddrToU32@4
xprintf
_XOS_CloseSocket@4
_XOS_UDPBind@8
_XOS_U32ToAddr@8
_XOS_UDPRecvFromNB@20
_XOS_UDPSendToNB@20
_XOSMutex_Unlock@4
_XOSMutex_Lock@4
_xvprintf@8

watchdogd

Watchdog_SetName
Watchdog_Add
Watchdog_Notify
Watchdog_Start
Watchdog_Stop
Watchdog_Del

aced

?fread@ACE_OS@@YAIPAXIIPAU_iobuf@@@Z
??0ACE_Time_Value@@QAE@JJ@Z
?sec@ACE_Time_Value@@QBEJXZ
?usec@ACE_Time_Value@@QBEJXZ
?sleep@ACE_OS@@YAHABVACE_Time_Value@@@Z
??1ACE_Recursive_Thread_Mutex@@QAE@XZ
??0?$ACE_Task@VACE_MT_SYNCH@@@@QAE@PAVACE_Thread_Manager@@PAV?$ACE_Message_Queue@VACE_MT_SYNCH@@@@@Z
??0ACE_Recursive_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
??1?$ACE_Task@VACE_MT_SYNCH@@@@UAE@XZ
??8?$ACE_String_Base@D@@QBE_NABV0@@Z
?fopen@ACE_OS@@YAPAU_iobuf@@PBD0@Z
?fseek@ACE_OS@@YAHPAU_iobuf@@JH@Z
?ftell@ACE_OS@@YAJPAU_iobuf@@@Z
?rewind@ACE_OS@@YAXPAU_iobuf@@@Z
?fclose@ACE_OS@@YAHPAU_iobuf@@@Z
?strstr@ACE_OS@@YAPBDPBD0@Z
??0ACE_Configuration_Section_Key@@QAE@XZ
??1ACE_Configuration_Section_Key@@QAE@XZ
??4?$ACE_String_Base@D@@QAEAAV0@ABV0@@Z
?strcasecmp@ACE_OS@@YAHPBD0@Z
?set_integer_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDI@Z
?sprintf@ACE_OS@@YAHPADPBDZZ
?set_string_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDABV?$ACE_String_Base@D@@@Z
?get_string_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDAAV?$ACE_String_Base@D@@@Z
?strtoul@ACE_OS@@YAKPBDPAPADH@Z
?length@?$ACE_String_Base@D@@QBEIXZ
?resolve_key@ACE_Configuration_Win32Registry@@SAPAUHKEY__@@PAU2@PBDH@Z
??0ACE_Configuration_Win32Registry@@QAE@PAUHKEY__@@@Z
?get_string_value@ACE_Configuration_Win32Registry@@UAEHABVACE_Configuration_Section_Key@@PBDAAV?$ACE_String_Base@D@@@Z
??1ACE_Configuration_Win32Registry@@UAE@XZ
??0?$ACE_String_Base@D@@QAE@PBDPAVACE_Allocator@@H@Z
??9?$ACE_String_Base@D@@QBE_NABV0@@Z
?strsncpy@ACE_OS@@YAPADPADPBDI@Z
?open@ACE_Configuration_Heap@@QAEHI@Z
?last_error_adapter@ACE_Log_Msg@@SAHXZ
?instance@ACE_Log_Msg@@SAPAV1@XZ
?conditional_set@ACE_Log_Msg@@QAEXPBDHHH@Z
?log@ACE_Log_Msg@@QAAHW4ACE_Log_Priority@@PBDZZ
??0ACE_Ini_ImpExp@@QAE@AAVACE_Configuration@@@Z
?import_config@ACE_Ini_ImpExp@@UAEHPBD@Z
??1ACE_Ini_ImpExp@@UAE@XZ
??4?$ACE_String_Base@D@@QAEAAV0@PBD@Z
??1ACE_Thread_Mutex@@QAE@XZ
?remove_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBD@Z
?find_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDAAW4VALUETYPE@ACE_Configuration@@@Z
?get_binary_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDAAPAXAAI@Z
?get_integer_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDAAI@Z
?set_binary_value@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDPBXI@Z
?enumerate_sections@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@HAAV?$ACE_String_Base@D@@@Z
?enumerate_values@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@HAAV?$ACE_String_Base@D@@AAW4VALUETYPE@ACE_Configuration@@@Z
?remove_section@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDH@Z
?open_section@ACE_Configuration_Heap@@UAEHABVACE_Configuration_Section_Key@@PBDHAAV2@@Z
?root_section@ACE_Configuration@@UBEABVACE_Configuration_Section_Key@@XZ
??0ACE_Configuration_Heap@@QAE@XZ
??0ACE_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
??1ACE_Configuration_Heap@@UAE@XZ
?release@ACE_Recursive_Thread_Mutex@@QAEHXZ
?acquire@ACE_Recursive_Thread_Mutex@@QAEHXZ
??0?$ACE_String_Base@D@@QAE@PAVACE_Allocator@@@Z
?c_str@?$ACE_String_Base@D@@QBEPBDXZ
?clear@?$ACE_String_Base@D@@QAEXH@Z
??1?$ACE_String_Base@D@@QAE@XZ
?set@ACE_Time_Value@@QAEXJJ@Z
?info@ACE_Shared_Object@@UBEHPAPADI@Z
?fini@ACE_Shared_Object@@UAEHXZ
?init@ACE_Shared_Object@@UAEHHQAPAD@Z
?wait@ACE_Task_Base@@UAEHXZ
?activate@ACE_Task_Base@@UAEHJHHJHPAV1@QAPAX1QAIQAK@Z
?put@ACE_Task_Base@@UAEHPAVACE_Message_Block@@PAVACE_Time_Value@@@Z
?module_closed@ACE_Task_Base@@UAEHXZ
?resume@ACE_Task_Base@@UAEHXZ
?suspend@ACE_Task_Base@@UAEHXZ
?mkdir@ACE_OS@@YAHPBDG@Z
??0ACE_INET_Addr@@QAE@QBD@Z
?get_ip_address@ACE_INET_Addr@@QBEIXZ
??1ACE_INET_Addr@@UAE@XZ
?remove_reference@ACE_Event_Handler@@UAEJXZ
?add_reference@ACE_Event_Handler@@UAEJXZ
?reactor_timer_interface@ACE_Event_Handler@@UBEPAVACE_Reactor_Timer_Interface@@XZ
?reactor@ACE_Event_Handler@@UAEXPAVACE_Reactor@@@Z
?reactor@ACE_Event_Handler@@UBEPAVACE_Reactor@@XZ
?handle_group_qos@ACE_Event_Handler@@UAEHPAX@Z
?handle_qos@ACE_Event_Handler@@UAEHPAX@Z
?resume_handler@ACE_Event_Handler@@UAEHXZ
?handle_signal@ACE_Event_Handler@@UAEHHPAUsiginfo_t@@PAH@Z
?handle_close@ACE_Event_Handler@@UAEHPAXK@Z
?handle_exit@ACE_Event_Handler@@UAEHPAVACE_Process@@@Z
?handle_timeout@ACE_Event_Handler@@UAEHABVACE_Time_Value@@PBX@Z
?handle_exception@ACE_Event_Handler@@UAEHPAX@Z
?handle_output@ACE_Event_Handler@@UAEHPAX@Z
?handle_input@ACE_Event_Handler@@UAEHPAX@Z
?priority@ACE_Event_Handler@@UBEHXZ
?priority@ACE_Event_Handler@@UAEXH@Z
?set_handle@ACE_Event_Handler@@UAEXPAX@Z
?get_handle@ACE_Event_Handler@@UBEPAXXZ
?memset@ACE_OS@@YAPAXPAXHI@Z
?time@ACE_OS@@YAJPAJ@Z
?strlen@ACE_OS@@YAIPBD@Z
?strtol@ACE_OS@@YAJPBDPAPADH@Z
??0ACE_Cleanup@@QAE@XZ
?release@ACE_Thread_Mutex@@QAEHXZ
?acquire@ACE_Thread_Mutex@@QAEHXZ
??1ACE_Cleanup@@UAE@XZ
?ace_os_main_i@@YAHAAVACE_Main_Base@@HQAPAD@Z
??0ACE_Main_Base@@QAE@XZ
?last_error@ACE_OS@@YAHXZ
?strcat@ACE_OS@@YAPADPADPBD@Z
?get_singleton_lock@ACE_Object_Manager@@SAHAAPAVACE_Thread_Mutex@@@Z
?shutting_down@ACE_Object_Manager@@SAHXZ
?starting_up@ACE_Object_Manager@@SAHXZ

libcurld

curl_slist_append
curl_easy_perform
curl_easy_cleanup
curl_easy_setopt
curl_easy_init

msvcr100d

_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
strcmp
_wassert
isdigit
tolower
isxdigit
malloc
atoi
memchr
strchr
isalnum
free
_invalid_parameter
_CrtDbgReportW
fflush
fputc
fprintf
puts
_vsnprintf
_time32
_wfopen
_stat32
fclose
_beginthread
strtoul
_read
_fileno
ferror
fwrite
rename
remove
sscanf
fgets
fopen
strcat
strcpy
iscntrl
strftime
_gmtime32
qsort
strerror
_localtime32
wcscat
strcspn
realloc
fread
_lseeki64
strstr
strncmp
memcmp
calloc
_mkgmtime32
setbuf
_fdopen
_close
_pipe
strrchr
_get_osfhandle
isspace
atof
isprint
toupper
getenv
_pclose
_popen
fgetc
_strtoi64
strspn
_beginthreadex
_errno
_strtoui64
_access
_rmdir
memmove
_findclose
_findnext32
system
_findfirst32
_mktime32
??_V@YAXPAX@Z
_purecall
_mkdir
ftell
fseek
sprintf_s
strtol
freopen
__iob_func
setlocale
wprintf
wcslen
_vswprintf
strncpy
fputs
_fsopen
fputws
_chsize
rewind
mbstowcs_s
wcstombs_s
_CrtDbgReport
vsprintf
??2@YAPAXIHPBDH@Z
_chkesp
__CxxFrameHandler
_pctype
_isctype
__mb_cur_max
rand
srand
_malloc_dbg
_free_dbg
_assert
strncat
_strdup
putc
_write
getc
strtok
strtod
_realloc_dbg
_snprintf
_calloc_dbg
_iob
fabs
_vsnprintf_s
pow
_CRT_RTC_INITW
_except_handler4_common
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
exit
__initenv
_CrtSetCheckCount
_initterm
_initterm_e
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
??3@YAXPAX@Z
memcpy
strlen
__CxxFrameHandler3
memset
printf
_itoa
_stricmp
_unlink
sprintf
_strnicmp

dbghelp

MiniDumpWriteDump

pdh

PdhCollectQueryData
PdhAddCounterA
PdhOpenQueryA
PdhEnumObjectItemsA
PdhGetFormattedCounterValue

user32

CloseDesktop
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
CloseWindowStation
SetThreadDesktop
wsprintfA
MessageBoxA
MessageBoxW

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.textbss
Size: - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 849KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

324463479be6d637b37a0847e3b97e9f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp100d

ws2_32

xosdlld_vc60

watchdogd

aced

libcurld

msvcr100d

dbghelp

pdh

user32

advapi32

version

Sections

.textbss Size: - Virtual size: 403KB

.text Size: 849KB - Virtual size: 848KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 6KB - Virtual size: 13KB

.idata Size: 18KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.textbss
Size: - Virtual size: 403KB

.text
Size: 849KB - Virtual size: 848KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 6KB - Virtual size: 13KB

.idata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB