2bb103d88306a2149c6179f15f20e3aa

Sharing

Copy URL

Twitter E-mail

General

Target

2bb103d88306a2149c6179f15f20e3aa
Size

948KB
MD5

2bb103d88306a2149c6179f15f20e3aa
SHA1

2cbadacff8ccbdf3a36d8a232709476c7174811d
SHA256

7419123bef0daef9ff03194428ff6a9831f0d863a209020022c8157d2b8f4eae
SHA512

83867b6cb9cf55c16ac75083a8cf1617c802a3c8c764e6ed4cb366f108917f06d0045eb339e67063ee6601efae2be128b2a0a72597524bb6267332ef04d77241
SSDEEP

12288:51fTibHETHArqdjXXEhD1FEAic26N7aIAGG:/TizETgOd7EhD7Lib6Ne1GG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bb103d88306a2149c6179f15f20e3aa

Files

2bb103d88306a2149c6179f15f20e3aa
.dll windows:4 windows x86 arch:x86

d59382a6ddb2ddd36254d39de008f020

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetIcon
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw
ImageList_Destroy
ImageList_Create
ImageList_AddMasked

kernel32

GetTimeFormatW
lstrcatW
HeapFree
HeapDestroy
lstrcpyW
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetFileSize
GetFileTime
FileTimeToSystemTime
lstrcpynW
SetThreadPriority
GetFileAttributesW
FindFirstFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
FindNextFileW
HeapSize
FlushFileBuffers
SetStdHandle
ReadFile
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetCurrentDirectoryA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
GetTimeZoneInformation
PeekNamedPipe
GetFileInformationByHandle
SetFilePointer
SetEndOfFile
GetFileType
ExitProcess
GetModuleHandleA
FindClose
GetACP
CreateFileW
SetFileTime
CloseHandle
CopyFileW
GetSystemTime
CreateThread
MoveFileW
GlobalFree
GetTempFileNameW
GlobalAlloc
GetModuleHandleW
GetTempPathW
GetLongPathNameW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
IsBadReadPtr
GetDateFormatW
GetProcessHeap
GetVersionExA
GetCommandLineA
HeapReAlloc
DeleteFileW
lstrcmpiW
GlobalLock
GlobalUnlock
GetSystemTimeAsFileTime
GetDriveTypeW
FileTimeToLocalFileTime
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetCurrentThreadId
lstrlenW
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
HeapAlloc
HeapCreate
LoadLibraryA
GetUserDefaultLangID
GetShortPathNameW
GetFullPathNameW

user32

MessageBoxW
SetWindowLongW
GetWindowLongW
CreateDialogParamW
DialogBoxParamW
SendMessageW
GetParent
GetKeyState
ShowWindow
MoveWindow
ScreenToClient
GetWindowRect
GetDlgItem
UnregisterClassW
GetMessageW
DispatchMessageW
TranslateMessage
GetClassInfoExW
RegisterClassExW
LoadCursorW
RegisterClipboardFormatW
GetSystemMetrics
CreatePopupMenu
GetMenuItemInfoW
DestroyMenu
AppendMenuW
SetMenuItemInfoW
ClientToScreen
DdeInitializeA
DdeCreateStringHandleA
DdeAccessData
DdeGetData
PostMessageW
DdeQueryStringA
DdeNameService
DdeFreeStringHandle
DdeUninitialize
BringWindowToTop
SetTimer
SendDlgItemMessageW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
MapWindowPoints
LoadMenuW
TrackPopupMenu
OpenClipboard
GetClipboardData
EmptyClipboard
CloseClipboard
GetMenuState
FillRect
IsClipboardFormatAvailable
IsWindowEnabled
EnableMenuItem
GetSubMenu
CheckMenuItem
SetWindowPos
EndDialog
CheckDlgButton
CreateWindowExW
IsMenu
SetFocus
DestroyWindow
KillTimer
CallWindowProcW
DefWindowProcW
IsWindowVisible
SetWindowTextW
InvalidateRect
IsWindow
IsDlgButtonChecked
EnableWindow
UpdateWindow
GetDlgCtrlID
DrawFocusRect
DrawTextW
GetWindowTextW
GetFocus
PtInRect
SetCursor
EndPaint
BeginPaint
RegisterClassW
LoadImageW
GetClassNameW
MessageBoxA
SetCapture
ReleaseCapture
GetDesktopWindow
CreateMenu
InsertMenuItemW
LoadIconW
EnumThreadWindows
CopyRect
GetSysColor
SystemParametersInfoW
GetDC
ReleaseDC
LoadBitmapW
GetClientRect
GetSysColorBrush

gdi32

GetTextMetricsW
SetTextColor
SelectObject
Rectangle
MoveToEx
LineTo
SetBkColor
CreateSolidBrush
CreateHatchBrush
CreatePen
CreateFontIndirectW
GetDeviceCaps
ExtTextOutW
GetTextExtentPoint32W
GetClipBox
CreateRectRgn
CombineRgn
DeleteObject
SelectClipRgn
GetStockObject
SetPixel
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
GetObjectW
LineDDA
Polygon
GetPixel
ArcTo
Ellipse
Polyline
CreateDIBSection

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
DragFinish
DragQueryFileW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetDesktopFolder
SHBindToParent

ole32

ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoLockObjectExternal
RegisterDragDrop

pgpsc

PGPscAddToFileList
PGPscInit
PGPscDestroy
PGPscGetValidityDrawPrefs
PGPscGetMarginalInvalidPref
PGPscOPENFILENAMEToFileList
PGPscFreeSpaceWipeWizard
PGPscDecryptFileList
PGPscFileListFromFile
PGPscTempestViewer
PGPscFreeFileList
PGPscGetSecureViewerPref
PGPscWipeFileList
PGPscJustFile

pgpsdk

PGPOAllocatedOutputBuffer
PGPOOutputFile
PGPOOutputTARCache
PGPIncKeySetRefCount
PGPOPasskeyBuffer
PGPAddJobOptions
PGPOPassphraseBufferU8
PGPNewSecureData
PGPPeekContextMemoryMgr
PGPDeleteTARCacheObj
PGPFreeOptionList
PGPGetErrorStringU16
PGPEncode
PGPGetFullPathFromFileSpecU16
PGPGetTARCacheObjNumericProperty
PGPOpenTARCacheFile
PGPDecode
PGPOInputFile
PGPOPassThroughIfUnrecognized
PGPPeekKeyDBObjKey
PGPOKeyDBRef
PGPOInputTARCache
PGPOFileNameStringU16
PGPODetachedSig
PGPOSignWithKey
PGPOEncryptToKeySet
PGPAppendOptionList
PGPOConventionalEncrypt
PGPOPassphraseU8
PGPOCipherAlgorithm
PGPBuildOptionList
PGPNewData
PGPKeyIterSeek
PGPNewKeyIterFromKeyDB
PGPPeekKeyDBObjKeyDB
PGPGetKeyIDStringU8
PGPNewKeyIDFromStringU8
PGPCountKeysInKeyDB
PGPNewContext
PGPFreeContext
PGPFreeFilter
PGPFilterKeySet
PGPNewKeyDBObjBooleanFilter
PGPPeekKeyDBContext
PGPGetKeyIDStringU16
PGPGetTARCacheObjTimeProperty
PGPExportTARCacheObj
PGPNewTARCacheIter
PGPTARCacheIterNextTARCacheObj
PGPGetTARCacheObjDataPropertyU16
PGPFreeTARCacheIter
PGPORelativePath
PGPONullOption
PGPOLastOption
PGPOSendNullEvents
PGPOEventHandler
PGPORootPath
PGPImportTARCacheObj
PGPNewKeyIterFromKeySet
PGPFreeData
PGPFreeTARCache
PGPDeleteFile
PGPFreeFileSpec
PGPNewFileSpecFromFullPathU16
PGPGetStdTimeFromPGPTime
PGPGetPGPTimeFromStdTime
PGPContextGetRandomBytes
PGPNewHashContext
PGPContinueHash
PGPFinalizeHash
PGPFreeHashContext
PGPNewSymmetricCipherContext
PGPInitSymmetricCipher
PGPFreeSymmetricCipherContext
PGPSymmetricCipherEncrypt
PGPNewEmptyKeySet
PGPFindKeyByKeyID
PGPAddKey
PGPPeekKeySetKeyDB
PGPPeekKeySetContext
PGPNewOneKeySet
PGPCopyKeys
PGPFreeKeySet
PGPCompareKeyIDs
PGPGetKeyDBObjBooleanProperty
PGPGetKeyDBObjNumericProperty
PGPNewKeyDB
PGPFreeKeyDB
PGPPeekKeyDBRootKeySet
PGPOrderKeySet
PGPNewKeyIter
PGPValidateMemoryMgr
PGPReallocData
PGPKeyIterNextKeyDBObj
PGPFreeKeyIter
PGPFreeKeyList
PGPGetKeyID
PGPNewMemoryMgr
PGPOPassThroughKeys
PGPFreeMemoryMgr

pgpcl

_PGPclWipeFile@20
_PGPclReleaseClientLibXMLPrefRef@8
_PGPclRandom@12
PGPGetXMLPrefSiblingKeyByName
PGPGetXMLPrefChildKeyFromDict
_PGPclSyncExistingTokenKeys@16
PGPCopyEncryptableKeys
PGPKeyCanEncrypt
PGPGetXMLPrefKeyIntegerValue
PGPGetRootXMLPrefNode
_PGPclLockClientLibXMLPrefRef@4
_PGPclOpenDefaultKeyrings@12
_PGPclMessageBox@16
_PGPclConfirmObjectRemoval@20
PGPGetLastSigningKey
PGPKeyCanSignMessages
PGPSetXMLPrefKeyBooleanValue
_PGPclZipGenerationWizard@20
_PGPclFreeZipFileList@4
PGPPeekXMLPrefMemoryMgr
PGPGetXMLPrefArrayStringValues
PGPGetXMLPrefKeyBooleanValue
PGPSetXMLPrefArrayStringValues
_PGPclNetworkKeySelectionDialog@4
_PGPclEchoKeyDBObjProperties@28
PGPKeyIsInAlwaysEncryptToList
_PGPclCreateEchoFontForUsage@4
PGPGetXMLPrefKeyStringValue
PGPSetXMLPrefKeyStringValue
_PGPclIsConfiguredInstall@0
PGPGetAdminPrefBoolean
PGPGetAdminPrefNumber
_PGPclGetCachedSigningPhrase@56
PGPSetLastSigningKey
_PGPclGetCachedDecryptionPhrase@60
_PGPclFreeCachedPhrase@4
_PGPclGetPhrase@76
_PGPclGetPrimaryUserIDName@16
PGPGetAlwaysEncryptToList
_PGPclGetPrimaryUserIDNameUTF16@16

shlwapi

PathFileExistsW
PathRemoveBackslashW
PathAppendW
StrFormatByteSizeW
PathAddExtensionW
PathRemoveExtensionW
PathMakePrettyW
PathStripPathW
PathFindExtensionW
PathRemoveFileSpecW
PathRenameExtensionW

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

PGPshObjectCallback

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d59382a6ddb2ddd36254d39de008f020

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

pgpsc

pgpsdk

pgpcl

shlwapi

msimg32

Exports

Exports

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 600KB - Virtual size: 600KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 600KB - Virtual size: 600KB

.reloc
Size: 25KB - Virtual size: 25KB