cbb9771e7f0be87611b936efcfb42e2fe644705c982829f05cfa426e2777e4b6

Sharing

Copy URL Twitter E-mail

General

Target

cbb9771e7f0be87611b936efcfb42e2fe644705c982829f05cfa426e2777e4b6
Size

964KB
MD5

dbce588ebd9d3b51df7ad6d20d431aeb
SHA1

27cb46df9803534003010e1ca84ed676dde6c534
SHA256

cbb9771e7f0be87611b936efcfb42e2fe644705c982829f05cfa426e2777e4b6
SHA512

112c9e4c1fc39748c3465264b31b7136f5dcbb1ac483cf287d447639a9a278e77241dd49c388c1eda66084ac58793ef8a7ca65556cb7f2e24c8082f65aa7fae1
SSDEEP

24576:tbZEvL3AvYpig9P4Fv5/0nDKrrrr5bZz5FrTBx3q:IsQAg9P4Fv5uKrrrr5bZ1FrTBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbb9771e7f0be87611b936efcfb42e2fe644705c982829f05cfa426e2777e4b6

Files

cbb9771e7f0be87611b936efcfb42e2fe644705c982829f05cfa426e2777e4b6
.exe windows:4 windows x86

6aa0ff52bda81eeff193735ac019ec32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

importpatientfromhis

ImportInfoFromHis
SetHisInterfaceDepartmentIDString
SetImportFromHisDatabase
SetImportFromHisLogObject

publicregister

??0CRegisterInterface@@QAE@XZ
ConfigRegisterInterface
EmptyInterfaceArray
??1CRegisterInterface@@QAE@XZ
RegisterData
SetPublicRegisterDatabaseType
SetPublicRegisterLogObject
InitInterfaceArray
?ReadFromDB@CRegisterInterface@@QAEHPAVCDatabase@@H@Z
?ConfigImportInfo@CRegisterInterface@@QAEHPAVCDatabase@@@Z

publiclog

??1CLogData@@QAE@XZ
??0CLogData@@QAE@PBDHPAUHWND__@@H@Z
?LogOut@CLogData@@QAEHHPBDHHH0HH@Z

userlogin

AccreditOperation
LoginUser
DestroyLoginUser

publicdatabase

?SetLockState@CRPGroupObject@@QAEHPAVCDatabase@@H@Z
InitReportStyleArray
?GetPatientObject@CPatientObject@@QAEPAUSPatientObject@@XZ
?GetRPGroupStateFromDB@CRPGroupObject@@QAEHPAVCDatabase@@AAH@Z
?GetOrderObject@COrderObject@@QAEPAUSOrderObject@@XZ
?SetTeachingState@CRPGroupObject@@QAEHPAVCDatabase@@H@Z
?ReadHisRequestedUIDMapping@COrderObject@@QAEHPAVCDatabase@@H@Z
?SetPathologyState@CRPGroupObject@@QAEHPAVCDatabase@@H@Z
InitBodyPartGroupArray
InitBodyPartArray
InitExamineRoomArray
InitExamineMapArray
InitDegreeTypeArray
InitChargetTypeArray
InitPatientTypeArray
InitPatientDepartmentArray
InitRequestingDoctorArray
InitRequestingDepartmentArray
InitNationalityArray
?HaveAccess@CLoginUser@@QAEHHHH@Z
EmptyReportStyleArray
EmptyExamineMapArray
EmptyImageSaveMethodArray
EmptyImageQualityArray
EmptyModalityAdditionInfoArray
EmptyFilmSizeArray
EmptyMedicineArray
EmptyImageDoctorArray
EmptyExamineNameArray
EmptyBodyPartGroupArray
EmptyBodyPartArray
EmptyExamineRoomArray
EmptyModalityArray
EmptyDegreeTypeArray
EmptyChargetTypeArray
EmptyPatientTypeArray
EmptyPatientDepartmentArray
EmptyRequestingDoctorArray
EmptyRequestingDepartmentArray
EmptyNationalityArray
?SortRPObjectIndexArray@CPatientArray@@QAEXXZ
?SortRPGroupIndexArray@CPatientArray@@QAEXXZ
??1CShowPatientInfoStyle@@QAE@XZ
?ReadFromDB@CShowPatientInfoStyle@@QAEHHPAVCDatabase@@@Z
??0CShowPatientInfoStyle@@QAE@XZ
?ReadFromDB@CNavigationStyle@@QAEHHPAVCDatabase@@@Z
?SearchFromDB@CPatientArray@@QAEHPAVCDatabase@@HPBDK@Z
?UpdateRequestedProcedureTotalPrice@CRPGroupObject@@QAEHPAVCDatabase@@J@Z
?ReadPriceListFromDB@CRequestedProcedureObject@@QAEHPAVCDatabase@@@Z
?RebuildIndexArray@CPatientArray@@QAEXXZ
DestroyPatientObject
?GetAt@CPatientArray@@QAEPAVCPatientObject@@H@Z
?GetSize@CPatientArray@@QAEHXZ
DestroyOrderObject
DestroyRPGroupObject
?DeleteFromDB@COrderObject@@QAEHPAVCDatabase@@HH@Z
?DeleteFromDB@CRPGroupObject@@QAEHPAVCDatabase@@HH@Z
?GetRPGroupUID@CRPGroupObject@@QAEHXZ
??0CPatientArray@@QAE@XZ
??1CPatientArray@@QAE@XZ
?GetRPGroupIndexArray@CPatientArray@@QAEPAV?$CArray@PAVCRPGroupObject@@PAV1@@@XZ
?InsertAt@CPatientArray@@QAEHHPAVCPatientObject@@@Z
?GetOrderObject@CRPGroupObject@@QAEPAVCOrderObject@@XZ
?GetRPGroupObject@CRequestedProcedureObject@@QAEPAVCRPGroupObject@@XZ
SetQueueState
InitModalityArray
SetDatabaseLogObject
GetConfigData
SetPublicDatabaseDatabaseType
InitExamineNameArray
?DrawNavigationStyle@CNavigationStyle@@QAEXPAVCDC@@PAVCRequestedProcedureObject@@PAV?$CArray@PAUSExamineName@@PAU1@@@PAV?$CArray@PAUSExamineMap@@PAU1@@@H@Z
GetTotalNumber
ShowExampleNavigationStyle
EmptyNavigationStyleArray
DataManagerNagivateStyle
DataManagerExamineMap
InitNavigationStyleArray
EmptyImageDepartmentArray
EmptyDeviceArray
InitDeviceArray
InitImageDepartmentArray
InitImageDoctorArray
EmptyShowPatientInfoStyleArray
?GetPatientObject@COrderObject@@QAEPAVCPatientObject@@XZ
?GetOrderUniqueID@COrderObject@@QAEHXZ
?SaveHisRequestedUIDMapping@COrderObject@@QAEHPAVCDatabase@@HJAAVCStringArray@@@Z
?SavePriceListToDB@CRequestedProcedureObject@@QAEHPAVCDatabase@@@Z
?AddNewPriceListItem@CRequestedProcedureObject@@QAEHPAUSPriceListItem@@@Z
InitShowPatientInfoStyleArray
DataManagerShowPatientInfoStyle
ShowShowPatientInfoStyle
?DrawStyle@CShowPatientInfoStyle@@QAE?AVCSize@@PAVCDC@@VCRect@@PAVCRPGroupObject@@PAVCLoginUser@@H@Z
?EmptyPatientArray@CPatientArray@@QAEXXZ
InitImageSaveMethodArray
??1CNavigationStyle@@QAE@XZ
InitImageQualityArray
InitModalityAdditionInfoArray
??0CNavigationStyle@@QAE@XZ
ReConnectToDatabase
InitFilmSizeArray
InitMedicineArray

pubfunction

PushOutReport
CATestDlg

mfc80

ord1207
ord5710
ord3991
ord2884
ord1439
ord6288
ord5089
ord629
ord384
ord4888
ord3430
ord2419
ord2420
ord1556
ord4587
ord4935
ord3647
ord6765
ord393
ord3465
ord4388
ord4171
ord4178
ord6764
ord5914
ord5204
ord2417
ord764
ord416
ord5960
ord651
ord1600
ord4282
ord4722
ord3441
ord1084
ord297
ord1185
ord3403
ord1794
ord1565
ord6286
ord354
ord1181
ord605
ord5320
ord3641
ord2370
ord5203
ord4262
ord4185
ord3883
ord4486
ord6275
ord3949
ord5073
ord4580
ord2644
ord1908
ord1564
ord266
ord3709
ord5152
ord5868
ord3719
ord4244
ord3718
ord1401
ord6297
ord2533
ord3946
ord5331
ord2646
ord1617
ord2540
ord1620
ord2862
ord5912
ord2714
ord6724
ord4307
ord2835
ord2731
ord1551
ord2537
ord1670
ord5200
ord1671
ord6003
ord1599
ord2020
ord1655
ord4890
ord1656
ord4735
ord2878
ord1964
ord4212
ord2867
ord5175
ord5182
ord5712
ord1362
ord6754
ord4967
ord3345
ord6277
ord3802
ord6279
ord265
ord1522
ord2172
ord2178
ord2405
ord2387
ord1187
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord781
ord3255
ord2398
ord1482
ord2400
ord2394
ord304
ord2410
ord6703
ord6752
ord2390
ord934
ord930
ord299
ord932
ord578
ord928
ord923
ord1489
ord5233
ord1063
ord5235
ord907
ord1934
ord3210
ord3875
ord5873
ord3161
ord370
ord618
ord310
ord1280
ord784
ord557
ord2322
ord745
ord1123
ord911
ord3795
ord2873
ord2654
ord2372
ord3489
ord2958
ord3230
ord4261
ord760
ord572
ord5214
ord4238
ord1402
ord658
ord5915
ord6725
ord2092
ord3651
ord3989
ord2164
ord3287
ord5641
ord5640
ord4240
ord1591
ord3576
ord2095
ord2991
ord3317
ord741
ord3163
ord3684
ord2367
ord3997
ord6236
ord5563
ord2272
ord1892
ord1793
ord2899
ord5833
ord2657
ord6067
ord2766
ord3033
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3406
ord3229
ord657
ord587
ord1799
ord1880
ord1873
ord1191
ord4109
ord865
ord2086
ord1545
ord4232
ord3164
ord6168
ord5419
ord1251
ord1091
ord3879
ord5866
ord2866
ord591
ord6174
ord6180
ord1931
ord1483
ord4098
ord2089
ord1547
ord4104
ord4234
ord341
ord597
ord313
ord1198
ord3171
ord5103
ord1635
ord1543
ord3157
ord583
ord4115
ord1306
ord2173
ord5859
ord5205
ord5927
ord5148
ord762
ord5929
ord3945
ord1557
ord4019
ord2144
ord2424
ord2145
ord2425
ord2003
ord2992
ord5356
ord943
ord5165
ord4904
ord4309
ord2939
ord4135
ord5012
ord5009
ord2615
ord1913
ord3803
ord2246
ord3466
ord3648
ord395
ord635
ord553
ord742
ord552
ord740
ord4299
ord4265
ord4277
ord3442
ord357
ord606
ord3642
ord4296
ord6090
ord4339
ord1903
ord4125
ord1962
ord5161
ord5202
ord6269
ord5145
ord5913
ord1347
ord1343
ord4986
ord1352
ord2039
ord2077
ord2081
ord1912
ord3987
ord5355
ord3929
ord4196
ord6014
ord1552
ord1955
ord4100
ord2094
ord3244
ord1283
ord2371
ord6144
ord6099
ord6101
ord2931
ord6173
ord526
ord721
ord3761
ord4085
ord2271
ord5491
ord980
ord2036
ord3328
ord754
ord3680
ord3799
ord1968
ord562
ord751
ord5740
ord1425
ord330
ord589
ord1930
ord6065
ord4041
ord1346
ord4966
ord2478
ord2402
ord5739
ord4198
ord1595
ord1651
ord6009
ord2875
ord2668
ord5962
ord6029
ord5613
ord347
ord602
ord1279
ord5731
ord2075
ord2055
ord6237
ord332
ord2204
ord5637
ord567
ord758
ord4682
ord4950
ord3584
ord3944
ord5069
ord3401
ord3677
ord5072
ord4190
ord5071
ord6747
ord3552
ord516
ord718
ord3667
ord5895
ord4720
ord4736
ord4213
ord4844
ord4867
ord5211
ord4617
ord4797
ord2243
ord5070
ord5871
ord333
ord2019
ord5746
ord2495
ord2662
ord1161
ord5715
ord2882
ord1781
ord1790
ord4273
ord5174
ord3567
ord1360
ord3344
ord544
ord5151
ord732
ord3974
ord4860
ord4863
ord3672
ord4379
ord4384
ord4381
ord4399
ord4401
ord4591
ord4386
ord5988
ord4776
ord6091
ord4181
ord4172
ord4980
ord4781
ord4204
ord3350
ord4790
ord4443
ord4444
ord3740
ord908
ord2451
ord3348
ord5985
ord4564
ord5059
ord502
ord326
ord3204
ord2368
ord537
ord727
ord2072
ord5642
ord4123
ord4001
ord3596
ord5976
ord4761
ord725
ord5095
ord2740
ord1449
ord3966
ord1791
ord5807
ord534
ord4473
ord3683
ord3333
ord4481
ord2838
ord566
ord5566
ord757
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord1920
ord3832
ord5382
ord6219
ord5102

msvcr80

_CIsqrt
__set_app_type
__p__fmode
__CxxLongjmpUnwind
_setjmp3
floor
_setmbcp
_ftol
getenv
sscanf
memcpy
fflush
fwrite
fread
sprintf
memset
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
memcpy_s
strcpy_s
atoi
_time64
_localtime64_s
vsprintf_s
longjmp
fopen_s
fclose
_mktime64
_mbstok_s
memmove_s
ceil
atol
atof
strftime
free
malloc
__CxxFrameHandler3
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_except_handler4_common

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetTempPathA
GlobalUnlock
GlobalLock
lstrcmpiA
GetCommandLineA
DeleteFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetProcAddress
GetModuleHandleA
LoadLibraryA
SetLastError

user32

WindowFromDC
DrawFocusRect
UpdateWindow
SetMenu
CharNextA
EnableMenuItem
EnableScrollBar
ReleaseCapture
FillRect
SetCursor
LoadCursorA
IsWindowVisible
IsWindow
GetDlgCtrlID
SetRectEmpty
DrawStateA
GetIconInfo
InflateRect
OffsetRect
LoadImageA
CreateIconIndirect
GetWindowRect
ReleaseDC
GetSubMenu
LoadMenuA
GetClientRect
GetActiveWindow
MessageBoxA
GetDC
CopyRect
ScreenToClient
GetCursorPos
InvalidateRect
GetSysColor
GetParent
PtInRect
LoadBitmapA
SendMessageA
LoadIconA
SetTimer
EnableWindow

gdi32

CreateCompatibleDC
CreateFontA
BitBlt
GetDeviceCaps
SetStretchBltMode
StretchDIBits
Rectangle
CreateSolidBrush
CreatePen
GetCurrentObject
CreateHatchBrush
SetPixel
GetPixel
GetStockObject
CreateCompatibleBitmap
CreateBitmap

winspool.drv

EnumPrintersA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA

comctl32

InitCommonControlsEx

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate

hisinterface

ManagerExamineStateMapping
ManagerExamineNameMapping
ManagerPayStateMapping
ManagerPatientTypeMapping
ManagerReqDoctorMapping
ManagerReqDepartmentMapping
ReadImageDepartmentFromHis
ManagerImageDoctorMapping
GetSearchResult
SetHisInterfaceParams
SetHisInterfaceLogObject
SetHisInterfaceDatabaseConnect
SetHisInterface_RisDatabase
CloseHisInterfaceDatabase
ReTryConnectHisInterfaceDb
SearchPutBackPrice
PutBackPrice
CancelPutBackPrice
SearchInPatientsFromHis
GetInfoFromHisDB
ClearSearchResult
RisRegisterCompleted
UnRegisterRisInterface
ManagerChargetTypeMapping

Exports

Exports

??4CBaseObject@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6aa0ff52bda81eeff193735ac019ec32

Headers

File Characteristics

Imports

importpatientfromhis

publicregister

publiclog

userlogin

publicdatabase

pubfunction

mfc80

msvcr80

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

oleaut32

hisinterface

Exports

Exports

Sections

.text Size: 372KB - Virtual size: 369KB

.rdata Size: 96KB - Virtual size: 94KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 480KB - Virtual size: 477KB

.text
Size: 372KB - Virtual size: 369KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 480KB - Virtual size: 477KB