0c31312f3063ea14a9c2bf9bdb35016e

Sharing

Copy URL

Twitter E-mail

General

Target

0c31312f3063ea14a9c2bf9bdb35016e
Size

1.2MB
MD5

0c31312f3063ea14a9c2bf9bdb35016e
SHA1

448ba98c83bffb2bd0be2277c93fa79a1780c40a
SHA256

e563c7038169d2577524e20b0977e47d017f32046ff7e72f1053b4de09b11fbe
SHA512

e02841639369c3cc981bda9994b987a2b6022fbf82bee80425a4039b09ac9125bc2dc818395839098a0b2a5eb76dcbe296dea534d0867c0222a512eab73406d4
SSDEEP

24576:7Wrwgp2KCvsyANRtORhK/33Me8Bz3ja5ReKsIAUoLFNVUqZRF59rf:YwvfDE8BzTA4dB9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c31312f3063ea14a9c2bf9bdb35016e

Files

0c31312f3063ea14a9c2bf9bdb35016e
.exe windows:4 windows x86 arch:x86

0c23949fb8c3f63b1803b293dfb9770f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

registryutilities

?GetKiasInstallPath@@YAHPAD@Z
?GetDLSRegUIInfo@@YAHPBDKPAEK@Z
?GetSystemModeFlag@@YAKPAD@Z
?GetDLSLaunchPath@@YAHPAD@Z
?GetQssKidsMachineFlag@@YAKXZ
?GetSystemType@@YAHPADPAEK@Z
?SrchSpecialEntry@@YAHPAD0@Z
?GetInitializeFlag@@YAKPAD@Z
?FindOptionSoft@@YAHPAD0@Z

rpcrt4

NdrComplexStructFree
NdrPointerFree
RpcServerRegisterIf
RpcServerListen
NdrComplexStructUnmarshall
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcBindingFree
RpcStringFreeA
NdrFreeBuffer
NdrConformantArrayUnmarshall
NdrSimpleStructUnmarshall
NdrConvert
NdrSendReceive
NdrSimpleStructMarshall
I_RpcGetBuffer
NdrServerInitializeNew
RpcServerUnregisterIf
NdrServerCall2
NdrAllocate
NdrGetBuffer
NdrSimpleStructBufferSize
NdrClientInitializeNew
RpcRaiseException
NdrConformantArrayMarshall
NdrConformantArrayBufferSize
RpcServerUseProtseqEpA
NdrComplexStructBufferSize
NdrComplexStructMarshall
NdrComplexArrayMarshall
NdrComplexArrayBufferSize

parameter

??0TCL_ParamNode@@QAE@XZ
??1TCL_ParamNode@@QAE@XZ
?FreePrm@CParameter@@QAEXXZ
?GetPrm@CParameter@@QAEJPADJ@Z
?InitPrm@CParameter@@QAEJPAD@Z
??1CParameter@@QAE@XZ
?GetPrm@CParameter@@QAE_NPADPAJ@Z
??0CParameter@@QAE@XZ

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathCombineA
PathFileExistsA
StrDupA

ws2_32

ntohl
ntohs
recv
bind
setsockopt
inet_addr
connect
htons
socket
closesocket
shutdown
send
htonl
WSAGetLastError
sendto
gethostbyname
WSAStartup
WSACleanup
recvfrom
gethostname
inet_ntoa

socksvr

?InitSockSvr@@YGHXZ
?ExitSockSvr@@YGHXZ
?EventSockSvr@@YGXABK@Z

mpr

WNetUseConnectionA

ptif

??0CUnitInfo@Cbravo@@QAE@XZ
?GetUnitInfo@Cbravo@@QAEKAAVCUnitInfo@1@AAK@Z
??1Cbravo@@QAE@XZ
??1CUnitInfo@Cbravo@@QAE@XZ
??0Cbravo@@QAE@XZ
?GetDiskSpace@Cbravo@@QAEKAAVCDiskSpace@1@@Z
??0CDiskSpace@Cbravo@@QAE@XZ

logmsg

LogMsg

netfolder

?ExitNetFolder@@YGHXZ
?InitNetFolder@@YGHXZ
?EventNetFolder@@YGXABKPBX@Z

mfc42

ord939
ord941
ord3337
ord860
ord926
ord924
ord1232
ord858
ord1980
ord3178
ord4058
ord2784
ord535
ord668
ord1979
ord2764
ord4202
ord2915
ord2781
ord5861
ord541
ord3663
ord1105
ord1200
ord940
ord6648
ord6883
ord2770
ord356
ord5186
ord3811
ord5820
ord3648
ord399
ord701
ord3440
ord5633
ord4190
ord2917
ord2803
ord958
ord6312
ord4177
ord6385
ord6010
ord5773
ord2601
ord3180
ord3183
ord3176
ord3507
ord3614
ord5651
ord3127
ord3616
ord350
ord4129
ord2841
ord2107
ord5450
ord5440
ord6383
ord6394
ord354
ord3318
ord665
ord5442
ord2818
ord537
ord540
ord825
ord800
ord823
ord914
ord1193
ord4160
ord4278
ord5683
ord1151
ord801

msvcrt

_mbstok
strstr
_except_handler3
fread
_mbctype
_beginthreadex
strncmp
_purecall
wcslen
rename
mktime
fprintf
_strnicmp
_CxxThrowException
fflush
isprint
_mbsicmp
asctime
sscanf
toupper
fgets
ftell
fseek
div
_stat
remove
fscanf
_mkdir
_rmdir
__dllonexit
strncpy
isalpha
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
strrchr
fopen
fwrite
fclose
_stricmp
_memicmp
malloc
free
_splitpath
time
_ftol
ceil
localtime
__CxxFrameHandler
memmove
sprintf
atoi
_mbscmp
_onexit
??1type_info@@UAE@XZ
_makepath
_chmod
_strcmpi
_callnewh

kernel32

CreateFileA
ReadFile
lstrlenA
GetStartupInfoA
GetModuleHandleA
MoveFileA
GetDiskFreeSpaceA
GetCompressedFileSizeA
VirtualQuery
IsBadCodePtr
GetDateFormatA
GetUserDefaultLCID
GetTimeFormatA
GetDriveTypeA
GetCurrentDirectoryA
FlushViewOfFile
OpenMutexA
GetLocalTime
OpenFileMappingA
WritePrivateProfileStringA
GetTempFileNameA
SetEndOfFile
ReleaseMutex
ResumeThread
GetCurrentThreadId
TerminateThread
GetFileAttributesA
GetFileSize
CreateFileMappingA
MapViewOfFile
SetFilePointer
UnmapViewOfFile
LoadLibraryA
FreeLibrary
TerminateProcess
MultiByteToWideChar
LocalFree
CopyFileA
WideCharToMultiByte
DeleteFileA
SetFileAttributesA
FormatMessageA
FindResourceA
LoadResource
WaitForMultipleObjects
CreateMutexA
GetLastError
RemoveDirectoryA
CreateDirectoryA
CreateThread
GetExitCodeProcess
CreateProcessA
WriteFile
OpenProcess
GlobalMemoryStatus
GetDiskFreeSpaceExA
lstrcatA
CreateEventA
GetVersionExA
GetComputerNameA
GetSystemInfo
GetModuleFileNameA
HeapSize
HeapReAlloc
GetProcessHeap
HeapAlloc
Sleep
Beep
HeapFree
GetTickCount
SetEvent
GetPrivateProfileIntA
lstrcmpA
GetProcAddress
InitializeCriticalSection
GetPrivateProfileStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrcpynA
CloseHandle
lstrcpyA
FindNextFileA
WaitForSingleObject
FindClose
FindFirstFileA
lstrcmpiA

user32

GetDesktopWindow
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
GetDC
IsWindowVisible
PostMessageA
WaitForInputIdle
GetForegroundWindow
PostThreadMessageA
CharLowerA
RegisterWindowMessageA
FindWindowA
LoadStringA
LoadCursorA
ReleaseDC
CreateWindowExA
UnregisterClassA
DestroyWindow
PostQuitMessage
DialogBoxParamA
DefWindowProcA
EndDialog
MessageBoxA
ShowWindowAsync
MessageBeep
FillRect
wsprintfA
KillTimer
SetTimer
DispatchMessageA
TranslateMessage
GetMessageA

gdi32

CreateDIBSection
GetObjectA
CreateCompatibleDC
EnumFontFamiliesExA
DeleteDC
GetDeviceCaps
GetDIBits
SetDIBits
SelectObject
PatBlt
SetICMMode
CreateCompatibleBitmap
CreateSolidBrush
SetWorldTransform
DeleteObject
SetGraphicsMode
BitBlt

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

shell32

SHAppBarMessage
FindExecutableA

msvcp60

?nothrow@std@@3Unothrow_t@1@B

scauloader

??1CSCauLoader@@UAE@XZ
?SCauGetUnitInfo@CSCauLoader@@QAEJPAUtagSCAU_UNITINFO@@@Z
??0CSCauLoader@@QAE@PBD@Z

Sections

.text
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c23949fb8c3f63b1803b293dfb9770f

Headers

File Characteristics

Imports

registryutilities

rpcrt4

parameter

shlwapi

ws2_32

socksvr

mpr

ptif

logmsg

netfolder

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

msvcp60

scauloader

Sections

.text Size: 916KB - Virtual size: 916KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 280KB - Virtual size: 770KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 916KB - Virtual size: 916KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 280KB - Virtual size: 770KB

.rsrc
Size: 24KB - Virtual size: 24KB