5c1d9d42e5c44167b18cbab9f387ebab

Sharing

Copy URL Twitter E-mail

General

Target

5c1d9d42e5c44167b18cbab9f387ebab
Size

10.3MB
MD5

5c1d9d42e5c44167b18cbab9f387ebab
SHA1

f99e4bd44ce3e9e86887562bb5a67007e569d8b9
SHA256

3b198dfa8c9232e194a64abc4171f0761929dcb93f618d30d1d39abc55f628eb
SHA512

78fbf3c237ea509889675fcb6e61fd76e443efed307078d3524749187aa521812a77fe13111cbc709fc85f33f1871ec5dc8a73c8da5a87ffc4ef73f308c1387d
SSDEEP

196608:Hulx3c1pvkdf4PHf9mPsVUSZbmkHiFph3Ud4XwSgiy2ebjprLnMqtz7Nf:HAZc/CfSGpSPCFp5UQtT6jNLn3tPt

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/astime/AsTime Setup 4.0.0.0/AsTime400/AsTime.exe
unpack001/astime/AsTime Setup 4.0.0.0/AsTime400/Data/VTPath.exe
unpack001/astime/AsTime Setup 4.0.0.0/AsTime400/Library/IOControl.dll
unpack001/astime/AsTime Setup 4.0.0.0/AsTime400/Library/Transform.dll
unpack001/astime/AsTime Setup 4.0.0.0/AsTime400/Yedek/Yedekle.exe
unpack001/astime/AsTime Setup 4.0.0.0/AsTime400/Yedek/Yukle.exe
unpack001/astime/AsTime Setup 4.0.0.0/instmsia.exe
unpack001/astime/AsTime Setup 4.0.0.0/instmsiw.exe
unpack001/astime/AsTime Setup 4.0.0.0/setup.exe
unpack001/astime/Firebird-2.0.4.13130_0_win32.exe
unpack001/astime/donemolustur.exe

Files

5c1d9d42e5c44167b18cbab9f387ebab
.rar
astime/AsTime Setup 4.0.0.0/AsTime Personel Devam Kontrol Sistemi.msi
.msi
astime/AsTime Setup 4.0.0.0/AsTime400/AsTime.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4.4MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 96B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astime/AsTime Setup 4.0.0.0/AsTime400/Data/DATABASE.GDB
astime/AsTime Setup 4.0.0.0/AsTime400/Data/Options.ini
astime/AsTime Setup 4.0.0.0/AsTime400/Data/Settings.ini
astime/AsTime Setup 4.0.0.0/AsTime400/Data/VTPath.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 96B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astime/AsTime Setup 4.0.0.0/AsTime400/Library/IOControl.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Extra
pCopyFile
pMSAccessTransfer
pOrders

Sections

CODE
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astime/AsTime Setup 4.0.0.0/AsTime400/Library/Transform.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Aktar_Dakikacevir
Carpalan
CarpalanS
Dakikacevir
Gunsayisi
Kayit_Sayisi
TarihKontrol
Yuvarla
fUcretYuvarla
saatcevir
saatcevirSure

Sections

CODE
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astime/AsTime Setup 4.0.0.0/AsTime400/Report/1221Kisisel_Bordro.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajCalisan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajDevamsizlik.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajEksikCalisma.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajEksikSure.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajErken.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajGec.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajGenel.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajMesaiKalan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/APuantajMesaiKalmayan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/Avans.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajCalisan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajDevamsizlik.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajEksikCalisma.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajEksikSure.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajErken.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajGec.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajGenel.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajMesaiKalan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BPuantajMesaiKalmayan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/BolumS.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/DurumS.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/FirmaS.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/GenelBordro.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/GirisCikisADSOYAD.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/GirisCikisBOLUM.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/GirisCikisPKNO.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/GirisCikisTarih.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/GorevS.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/GrupS.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/Izin_Genel.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajCalisan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajDevamsizlik.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajEksikCalisma.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajEksikSure.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajErken.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajGec.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajGenel.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajMesaiKalan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KPuantajMesaiKalmayan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KisiselEKKKarti.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KisiselGirisCikis.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/KisiselIzinKarti.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/Kisisel_Bordro.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/Kisisel_Izin.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/PerBilgi.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/PerBilgiBos.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/Pusula.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/ServisS.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajCalisan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajDevamsizlik.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajEksikCalisma.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajEksikSure.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajErken.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajGec.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajGenel.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajMesaiKalan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Report/TPuantajMesaiKalmayan.frf
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/ADMIN.Anf
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/ER2006.Err
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/ER2013.Err
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/ERAralık2006.Err
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/EROcak2013.Err
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/IOCtrl.ctl
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/TR012013.Tnf
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/User.log
astime/AsTime Setup 4.0.0.0/AsTime400/Temp/_12012013.gbk
astime/AsTime Setup 4.0.0.0/AsTime400/Transfer/LogoWin.ini
astime/AsTime Setup 4.0.0.0/AsTime400/Yedek/Yedekle.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 96B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astime/AsTime Setup 4.0.0.0/AsTime400/Yedek/Yukle.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 96B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astime/AsTime Setup 4.0.0.0/bilkonkey.rar
.rar
astime/AsTime Setup 4.0.0.0/instmsia.exe
.exe windows:5 windows x86 arch:x86

86f649127f320d79de0c023a60ef77bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetModuleHandleA
CloseHandle
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetStartupInfoA
CreateDirectoryA
GlobalFree
FormatMessageA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
astime/AsTime Setup 4.0.0.0/instmsiw.exe
.exe windows:5 windows x86 arch:x86

86f649127f320d79de0c023a60ef77bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetModuleHandleA
CloseHandle
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetStartupInfoA
CreateDirectoryA
GlobalFree
FormatMessageA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
astime/AsTime Setup 4.0.0.0/setup.exe
.exe windows:4 windows x86 arch:x86

906067224c4001435aaf7d401e5e2cb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

ReadFile
GetLastError
lstrcmpA
IsValidCodePage
CreateFileA
WriteFile
SetFilePointer
CloseHandle
GetProcAddress
FreeLibrary
GlobalLock
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
GetSystemInfo
GetVersionExA
GetCurrentThread
GetLocaleInfoA
GlobalHandle
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetTickCount
DeleteFileA
GetModuleFileNameA
lstrcmpiA
GetPrivateProfileIntA
GetTempPathA
SetErrorMode
GetWindowsDirectoryA
GetTempFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrlenA
lstrcpyA
lstrcatA
VerLanguageNameA
GlobalAlloc
CreateProcessA
GetCurrentProcess
LoadLibraryA
GetDiskFreeSpaceA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
FlushFileBuffers
GetFileType
IsBadReadPtr
MultiByteToWideChar
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetOEMCP
GetACP
GetCPInfo
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapFree
TerminateProcess
ExitProcess
RtlUnwind
LCMapStringA
LCMapStringW
SetStdHandle

user32

SetTimer
LoadIconA
GetWindowPlacement
PostQuitMessage
PostMessageA
KillTimer
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DefWindowProcA
DialogBoxParamA
ShowWindow
GetDlgItem
EndDialog
CharNextA
CreateDialogParamA
DestroyWindow
IsWindow
IsDialogMessageA
PeekMessageA
SendMessageA
SendDlgItemMessageA
ExitWindowsEx
MsgWaitForMultipleObjects
CharPrevA
LoadStringA
GetDlgItemTextA
EnableWindow
SetCursor
GetParent
GetSystemMetrics
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
ReleaseDC
GetWindowRect
CreateWindowExA
EndPaint
BeginPaint
DrawIcon
LoadCursorA
DestroyIcon
RegisterClassA
MoveWindow
GetDC

gdi32

GetStockObject
GetTextExtentPointA
TranslateCharsetInfo
CreateFontIndirectA
GetObjectA
DeleteObject

advapi32

AdjustTokenPrivileges
RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
EqualSid
LookupPrivilegeValueA
OpenProcessToken
FreeSid
OpenThreadToken
AllocateAndInitializeSid
GetTokenInformation

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astime/AsTime Setup 4.0.0.0/setup.ini
astime/Firebird-2.0.4.13130_0_win32.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astime/donemolustur.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 96B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 2.1MB - Virtual size: 2.1MB

DATA Size: 21KB - Virtual size: 21KB

BSS Size: - Virtual size: 4.4MB

.idata Size: 13KB - Virtual size: 12KB

.tls Size: - Virtual size: 96B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 154KB - Virtual size: 154KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

Headers

File Characteristics

Sections

CODE Size: 580KB - Virtual size: 579KB

DATA Size: 8KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 96B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 46KB - Virtual size: 45KB

.rsrc Size: 184KB - Virtual size: 184KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 526KB - Virtual size: 526KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 136B

.reloc Size: 38KB - Virtual size: 38KB

.rsrc Size: 27KB - Virtual size: 27KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 318KB - Virtual size: 318KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 295B

.reloc Size: 21KB - Virtual size: 20KB

.rsrc Size: 13KB - Virtual size: 13KB

Headers

File Characteristics

Sections

CODE Size: 704KB - Virtual size: 703KB

DATA Size: 8KB - Virtual size: 8KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 96B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 52KB - Virtual size: 51KB

.rsrc Size: 46KB - Virtual size: 46KB

Headers

File Characteristics

Sections

CODE Size: 636KB - Virtual size: 636KB

DATA Size: 8KB - Virtual size: 8KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 96B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 47KB - Virtual size: 47KB

.rsrc Size: 44KB - Virtual size: 44KB

86f649127f320d79de0c023a60ef77bf

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

CODE
Size: 2.1MB - Virtual size: 2.1MB

DATA
Size: 21KB - Virtual size: 21KB

BSS
Size: - Virtual size: 4.4MB

.idata
Size: 13KB - Virtual size: 12KB

.tls
Size: - Virtual size: 96B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 154KB - Virtual size: 154KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

CODE
Size: 580KB - Virtual size: 579KB

DATA
Size: 8KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 96B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 184KB - Virtual size: 184KB

CODE
Size: 526KB - Virtual size: 526KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 136B

.reloc
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 27KB - Virtual size: 27KB

CODE
Size: 318KB - Virtual size: 318KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 295B

.reloc
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 13KB - Virtual size: 13KB

CODE
Size: 704KB - Virtual size: 703KB

DATA
Size: 8KB - Virtual size: 8KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 96B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 46KB - Virtual size: 46KB

CODE
Size: 636KB - Virtual size: 636KB

DATA
Size: 8KB - Virtual size: 8KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 96B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 44KB - Virtual size: 44KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 20KB - Virtual size: 17KB

CODE
Size: 34KB - Virtual size: 34KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

CODE
Size: 737KB - Virtual size: 737KB

DATA
Size: 8KB - Virtual size: 8KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 96B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 54KB - Virtual size: 54KB

.rsrc
Size: 51KB - Virtual size: 51KB