SrvPayPal[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SrvPayPal.exe
Size

4.0MB
MD5

d74105614f69b0f4a13be4ec4bb4cb2d
SHA1

9e1032a4a15629803bb865bbfa8471bceb51cb85
SHA256

a530bd312d35f0ca91b2b1087ac55caacccae602031859e80f638dba479aae7c
SHA512

bd28a099651f1fb721b667c152d9a1d177fa2ff438d94f4e5a9aca20a899d5c89b973f7604dfacda924c831aa9d2aed7f1bf9b6d46e1974d3c0379dfb7eca7ff
SSDEEP

49152:D7tar2G5DcOZgeihWiPBZGugXX37tv/UaSeGDEDHksk4aXIMg2hyg/mWc2LbG/k8:Va6yDcetih/PBZGrCHxIsorr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SrvPayPal.exe

Files

SrvPayPal.exe
.exe windows:5 windows x86 arch:x86

63e572d14d0e7fedd3c065c38ec545e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetEnvironmentStrings
CompareStringW
SetEnvironmentVariableA
FreeEnvironmentStringsA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
HeapSize
CreateThread
ExitThread
GetFileType
SetStdHandle
HeapReAlloc
VirtualQuery
VirtualAlloc
VirtualProtect
GetStartupInfoA
GetCommandLineA
HeapAlloc
ExitProcess
GetSystemTimeAsFileTime
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
SetErrorMode
GetCurrentDirectoryA
GetSystemDirectoryW
LoadLibraryW
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExA
GetShortPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetStringTypeExA
SystemTimeToFileTime
GetThreadLocale
GetOEMCP
PeekNamedPipe
GetFileInformationByHandle
GetOverlappedResult
ResetEvent
GetLogicalDriveStringsA
GetVersion
IsBadWritePtr
WriteProfileStringA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetCPInfo
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
ReleaseMutex
CreateMutexA
FileTimeToLocalFileTime
FileTimeToSystemTime
RaiseException
GetProfileIntA
GetTickCount
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryExA
InterlockedExchange
lstrcmpA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetModuleFileNameA
GlobalSize
GlobalAlloc
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
lstrcmpW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
WaitForSingleObject
lstrcatA
GetFileSize
ReadFile
GetDriveTypeA
DeviceIoControl
FindResourceA
FormatMessageA
LocalFree
lstrlenW
lstrcmpiA
GetACP
lstrcpynA
Sleep
GetLocaleInfoA
MultiByteToWideChar
lstrcpyA
MoveFileA
DeleteFileA
FindFirstFileA
SetFileAttributesA
FindNextFileA
FindClose
GetFileAttributesA
SetCurrentDirectoryA
RemoveDirectoryA
CreateDirectoryA
GetModuleHandleW
MoveFileExA
GetTempPathA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
GetWindowsDirectoryA
GetPrivateProfileStringA
CloseHandle
GetShortPathNameW
CreateFileA
QueueUserWorkItem
CopyFileA
lstrlenA
WritePrivateProfileStringA
GetSystemDirectoryA
GetSystemInfo
GetVersionExA
GetPrivateProfileIntA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
GetProcessHeap

user32

CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetNextDlgGroupItem
PostThreadMessageA
EnableMenuItem
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetMenuItemID
RemoveMenu
InsertMenuA
GetMenuStringA
GetDC
ReleaseDC
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GetMenuState
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
GetDCEx
ShowWindow
EnableWindow
SendMessageA
PostMessageA
MessageBoxA
wsprintfA
GetClientRect
LoadIconA
GetWindowRect
InvalidateRect
GrayStringA
GetParent
GetSystemMetrics
OffsetRect
IsWindowVisible
MessageBeep
UpdateWindow
GetCursorPos
LoadBitmapA
GetDlgCtrlID
GetSubMenu
ModifyMenuA
DrawMenuBar
LockWindowUpdate
RedrawWindow
SetWindowPos
PostQuitMessage
ClientToScreen
CreatePopupMenu
AppendMenuA
GetMenuItemCount
GetSysColor
GetKeyState
InflateRect
IsWindow
PtInRect
SetTimer
KillTimer
DrawIcon
IsIconic
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetWindowDC
BeginPaint
EndPaint
GetWindowThreadProcessId
SetRect
WindowFromPoint
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
ReleaseCapture
SetCursor
DestroyMenu
LoadMenuA
ReuseDDElParam
UnpackDDElParam
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
IsRectEmpty
SetWindowRgn
SetCapture
LoadCursorA
GetMenuItemInfoA
IsZoomed
GetSysColorBrush
CharUpperA
DeleteMenu
GetSystemMenu
SetParent
UnionRect
UnregisterClassA
DestroyIcon
IsClipboardFormatAvailable
CopyAcceleratorTableA
InvalidateRgn
CharNextA
MapDialogRect
SetWindowContextHelpId
GetDlgItem
GetWindowLongA
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
SetWindowLongA
GetMenu
CallWindowProcA
DefWindowProcA
DestroyCursor
DefMDIChildProcA
DefFrameProcA
CreateMenu
RegisterClipboardFormatA
GetMenuDefaultItem
MonitorFromRect
GetMonitorInfoA
GetKeyboardState
DrawFrameControl
DrawEdge
DrawStateA
DrawIconEx
GetUpdateRect
TranslateMDISysAccel
GetAsyncKeyState
EnumWindows
DrawFocusRect
FrameRect
CopyRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA

gdi32

PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
CreatePen
ExtCreatePen
CreateSolidBrush
GetBkColor
CreateCompatibleBitmap
CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateEllipticRgn
LPtoDP
GetViewportExtEx
GetTextExtentPoint32A
GetTextMetricsA
GetCharWidthA
CreateFontA
StretchDIBits
GetRgnBox
GetTextColor
GetPixel
GetWindowExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
UnrealizeObject
GetTextExtentPointA
StretchBlt
Polygon
Rectangle
SetPixelV
GetCurrentObject
SetPixel
CreateDIBitmap
SetDIBColorTable
SetBrushOrgEx
CreateDIBSection
GetViewportOrgEx
GetTextFaceA
GetWindowOrgEx
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
BitBlt
CreateCompatibleDC
PatBlt
CreateRectRgnIndirect
CopyMetaFileA
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Ellipse
ExtTextOutA
GetObjectA

comdlg32

GetOpenFileNameW
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

SetSecurityDescriptorOwner
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA
RegSetValueA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
RegCloseKey
IsValidSecurityDescriptor
AccessCheck
FreeSid
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA

shell32

SHGetMalloc
ExtractIconA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFolderPathW
ShellExecuteA
DragAcceptFiles
DragQueryFileA
DragFinish

shlwapi

PathFindExtensionW
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
PathFindFileNameA
PathIsDirectoryA
PathAddBackslashA
PathIsSystemFolderA
PathFindExtensionA
PathAppendA
PathRemoveFileSpecA
PathStripPathA
PathFileExistsA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
OleGetClipboard
CLSIDFromString
CoDisconnectObject
CoInitializeEx
CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
OleFlushClipboard
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoUninitialize
CoInitialize
DoDragDrop
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoRegisterMessageFilter

oleaut32

DispGetIDsOfNames
DispInvoke
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
LoadRegTypeLi
SysAllocString
DispCallFunc
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString

urlmon

URLDownloadToFileA

wsock32

closesocket
htons
connect
htonl
bind
getsockopt
setsockopt
accept
getsockname
getpeername
ntohs
socket
gethostname
inet_ntoa
recv
recvfrom
ioctlsocket
inet_addr
WSAGetLastError
WSAStartup
WSACleanup
WSASetLastError
select
gethostbyname
shutdown
listen
sendto
send

winmm

waveOutGetNumDevs
waveOutGetVolume
waveOutGetDevCapsA
waveOutGetPosition
waveOutReset
waveOutPrepareHeader
waveOutWrite
waveOutRestart
waveOutClose
mciGetErrorStringA
waveOutOpen
waveOutPause
waveOutUnprepareHeader
PlaySoundA
mciSendCommandA
waveOutSetVolume

ws2_32

WSACloseEvent
freeaddrinfo
WSACreateEvent
WSAEventSelect
getnameinfo
WSAEnumNetworkEvents
getaddrinfo

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipFree
GdipGetImageWidth

wininet

HttpOpenRequestA
InternetReadFile
InternetSetOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenUrlA
HttpQueryInfoA

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ImageList_GetIcon
ImageList_GetImageInfo
_TrackMouseEvent

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1016KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63e572d14d0e7fedd3c065c38ec545e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

urlmon

wsock32

winmm

ws2_32

gdiplus

wininet

comctl32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 387KB - Virtual size: 387KB

.data Size: 1016KB - Virtual size: 5.1MB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 387KB - Virtual size: 387KB

.data
Size: 1016KB - Virtual size: 5.1MB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB