fe6ea5a00a7db56669f6c8b00b743416409273d3a35ec6900722e6c114167cd1

Sharing

Copy URL Twitter E-mail

General

Target

fe6ea5a00a7db56669f6c8b00b743416409273d3a35ec6900722e6c114167cd1
Size

144KB
MD5

7252137f21661b7b7259956c72dd35a8
SHA1

925f2a9e4144b121ebaf9c6586f8138b8343dc7f
SHA256

fe6ea5a00a7db56669f6c8b00b743416409273d3a35ec6900722e6c114167cd1
SHA512

f30cedc282a281373d4710c392e8ad6143e96d9406e5e8a5af315072553aec4fe2d9595a4e43d4f4ce28cdaba945af538848a9734aff0a3a727eb6a607df3fda
SSDEEP

1536:QP6hXzmfG6TIreMgArw/+M7AtyqJG7QVtFGnl41s7WpQLaaZg:5c13ArwWYD97QVtFGl41nAJZg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe6ea5a00a7db56669f6c8b00b743416409273d3a35ec6900722e6c114167cd1

Files

fe6ea5a00a7db56669f6c8b00b743416409273d3a35ec6900722e6c114167cd1
.exe windows:4 windows x86 arch:x86

d6388f54b9723412efdcca7c37538862

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CreateDirectoryA
CreateThread
GetProcAddress
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
GetPrivateProfileStringA
GetLastError
GetCurrentProcess
DeviceIoControl
SetSystemTime
ExpandEnvironmentStringsA
WritePrivateProfileStringA
FreeLibrary
LoadLibraryA
GetVersionExA
WaitForSingleObject
OpenEventA
SetEvent
SetPriorityClass
SetThreadExecutionState
SetFileAttributesA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
CloseHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapSize
SetEnvironmentVariableA
SetFilePointer
WriteFile
Sleep
OutputDebugStringA
GetCurrentProcessId
lstrcmpA
GetCurrentThreadId
lstrcmpiA
lstrlenA
lstrcatA
DeleteFileA
GetModuleFileNameA
lstrcpyA
FindFirstFileA
FindNextFileA
GetStringTypeA
FindClose

user32

EndDeferWindowPos
CreateWindowExA
SystemParametersInfoA
InflateRect
ClientToScreen
ScreenToClient
InvalidateRect
UpdateWindow
BeginPaint
EndPaint
DefWindowProcA
ShowCursor
GetWindowRect
SetMenuItemInfoA
RemoveMenu
CheckMenuItem
EnableMenuItem
LoadCursorA
SetCursor
ChangeDisplaySettingsA
RegisterClassA
GetParent
DeferWindowPos
PostThreadMessageA
OpenInputDesktop
RegisterWindowMessageA
SetFocus
EnableWindow
UnregisterHotKey
SetClassLongA
SetWindowPos
LoadBitmapA
SetTimer
KillTimer
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
PostMessageA
EndDialog
GetWindowLongA
SetWindowLongA
DestroyIcon
LoadImageA
GetClassNameA
BeginDeferWindowPos
GetForegroundWindow
FrameRect
WindowFromPoint
LoadIconA
GetDlgItem
SendMessageA
GetClassInfoA
GetUserObjectInformationA
GetThreadDesktop
mouse_event
SetCursorPos
GetSystemMetrics
FindWindowA
DestroyWindow
UnregisterClassA
EnumWindows
keybd_event
MapVirtualKeyA
GetDesktopWindow
PeekMessageA
TranslateMessage
DispatchMessageA
ShowWindow
EnumThreadWindows
SetForegroundWindow
GetCursorPos
LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
IsWindowVisible
GetClientRect

gdi32

GetStockObject
DeleteObject

advapi32

RegQueryValueExA
RegCreateKeyExA
CreateProcessAsUserA
GetUserNameA
RegCloseKey
RegOpenKeyExA

shell32

SHFileOperationA
SHGetFolderPathA
Shell_NotifyIconA
ShellExecuteA

ole32

OleUninitialize
OleInitialize

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

ws2_32

WSAStartup
WSACleanup
htons
recv
inet_ntoa
inet_addr
recvfrom
closesocket
WSAAsyncSelect
setsockopt
accept
getpeername

redcomm

?SelectANodeOnly@CBaseHostListing@@QAEHK@Z
ord120
ord24
ord177
ord176
ord123
ord57
ord26
ord51
?PaintDib@CReceivingDib@@QAEHPAUHWND__@@PAUtagRECT@@HPAHHH@Z
?PaintFullDib@CReceivingDib@@QAEHPAUHWND__@@PAUtagRECT@@HPAHHH@Z
ord74
?clear@CReceivingDib@@QAEXXZ
?initialize@CReceivingDib@@QAEHXZ
ord140
ord154
??0CVideoDriver@@QAE@XZ
??1CVideoDriver@@QAE@XZ
ord63
ord62
ord84
ord28
?DeselectAll@CBaseHostListing@@QAEHXZ
ord91
ord172
ord36
ord181
?clear@CDibCapture@@QAEXXZ
??1CDibCapture@@QAE@XZ
ord122
ord110
ord66
ord146
ord33
ord25
ord21
ord108
ord23
ord17
ord59
ord19
ord124
ord40
ord141
ord22
ord165
ord168
ord170
ord173
??0CDibCapture@@QAE@XZ
ord109
ord16
ord142
ord121
ord143
ord52
ord93
??1CImpersonateLoggedOnUser@@QAE@XZ
??0CImpersonateLoggedOnUser@@QAE@XZ
ord54
ord94
ord144
ord81
ord88
ord90
ord89
ord95
ord96
ord50
ord34
ord106
??0CReceivingDib@@QAE@XZ
??1CReceivingDib@@QAE@XZ
?FindNode@CBaseHostListing@@QAEPAU_HOSTINFO@@K@Z
ord37
ord166
ord87
ord149
ord27
ord86

rsclass

?LAN_BroadcastOfCommand@@YGHPAUHWND__@@IUsockaddr_in@@EKH@Z
?WAN_RequestOfCommandSock@@YGHPAUHWND__@@IIKH@Z
?FUN_OpenDlgFTP@@YGHPAUHWND__@@PAU_DLGFTP_PARAM@@@Z
?MP_UpLoadPaper@@YGHPAUHWND__@@PAD@Z
ord100
ord108
?LAN_StartSocketToRead@@YGIPAUHWND__@@GHH@Z
?LAN_StartSocketToPost@@YGIPAUHWND__@@GH@Z
ord102
?GetSystemSettings_General@@YGHPAU_SYSTEM_SETTINGS_GENERAL@@@Z
?GetSystemSettings_Disk@@YGHPAU_SYSTEM_SETTINGS_DISK@@@Z
?GetSystemSettings_Net@@YGHPAU_SYSTEM_SETTINGS_NET@@PAD@Z
?GetSystemSettings_Settings@@YGHPAU_SYSTEM_SETTINGS_SETTINGS@@@Z
?NewNode@CFileUploadInfoListing@@UAEPAU_FILE_UPLOAD_INFO@@XZ
?DeleteNode@CFileUploadInfoListing@@UAEHPAU_FILE_UPLOAD_INFO@@@Z
?IsANodePointer@CFileUploadInfoListing@@UAEHPAX@Z
?ExamJudgeFile@CHandleExamFile@@QAEHPAD@Z
?ExamWriteAnswerInfo@CHandleExamFile@@QAEHPADK00@Z
??0CHandleExamFile@@QAE@XZ
?ExamReadFileHeader@CHandleExamFile@@QAEHPADPAU_EXAMFILEHEADER@@@Z
??1CHandleExamFile@@QAE@XZ
?AutoParseSAP@CHostListing@@QAEPAU_HOSTINFO@@PAUHWND__@@0KPAUsockaddr_in@@PAU_FORMAT_SAP_T@@@Z
?FUN_SetParametersToLocal@@YGHPAU_FORMAT_SYSPARAMETERS@@@Z
?gpGlobalVar@@3PAU_GLOBALVAR@@A
ord103
??1CFileUploadInfoListing@@QAE@XZ
??0CFileUploadInfoListing@@QAE@XZ
??1CHostListing@@QAE@XZ
??0CHostListing@@QAE@XZ
?gEnvVar@@3U_ENVVAR@@A
?FUN_SetHistoryDataFileHeader@@YGHPBDPAU_HISTORYDATAFILE_HEADER@@@Z
?FUN_GetHistoryDataFileHeader@@YGHPBDPAU_HISTORYDATAFILE_HEADER@@@Z
?ExamAddNewAnswerPaper@CHandleExamFile@@QAEHPADPAXKK@Z

iphlpapi

GetIpAddrTable
GetAdaptersInfo

shlwapi

PathIsDirectoryA
PathFileExistsA
PathAppendA

redhooks

ord1
ord2
ord5

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6388f54b9723412efdcca7c37538862

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

ws2_32

redcomm

rsclass

iphlpapi

shlwapi

redhooks

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 36KB - Virtual size: 52KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 36KB - Virtual size: 52KB