3b43db9475dbc344269ab6c0aa73dd32

Sharing

Copy URL

Twitter E-mail

General

Target

3b43db9475dbc344269ab6c0aa73dd32
Size

812KB
MD5

3b43db9475dbc344269ab6c0aa73dd32
SHA1

a188c13738b8eecdbab53a5874cc9b0cc1cf31a5
SHA256

6265d0e45b4a5d069ded42256f11cc4a271b9cd2a9aa50e4c043c0e550c67107
SHA512

5cf0788e7d9fa7154e5ef1e50e7d7ab9df076d4458598c8c586529c1e4a000da6f43b1a59fc7848595e2d6ff86495d0729e9003c344cd8e2ac8619e73dd9e847
SSDEEP

12288:QiNRGA05HR/rFX+sfq0TpmGAWk/cwCI+JCvqUZ:DD7iHhFRzTpmGAW1wAUqUZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b43db9475dbc344269ab6c0aa73dd32

Files

3b43db9475dbc344269ab6c0aa73dd32
.exe windows:4 windows x86 arch:x86

92c589bf01d94555e6069a2f38e8b296

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ngscm

?SetSupportedDevices@CCSDWrapper@@QAEXPBG@Z
?GetSupportedDeviceCount@CCSDWrapper@@QAEHXZ
?SelectDevice@CCSDWrapper@@QAEJH@Z
?Validate@CNbuuStaticBitmapSkin@@UAEXXZ
?Draw@CNbuuStaticBitmapSkin@@UAEXPAVCNbuuWindow@@PAVCNbuuGraphics@@HH@Z
??0CNbuuCommonButtonCtrl@@QAE@XZ
?SelectDevice@CCSDWrapper@@QAEJKH@Z
?SetSelectionMode@CCSDWrapper@@QAEXK@Z
?RemoveListener@CCSDWrapper@@QAEXPAVCCSDWrapperListener@@@Z
?AddListener@CCSDWrapper@@QAEXPAVCCSDWrapperListener@@@Z
??0CCommonAboutDlg@@QAE@XZ
??1CCommonAboutDlg@@UAE@XZ
?DoModal@CCommonAboutDlg@@QAEHXZ
?SetAboutBoxParams@CCommonAboutDlg@@QAEXPAUtagABOUTBOXPARAMS@@@Z
??0CNbuuSplashScreen@@QAE@PAUHINSTANCE__@@I@Z
??1CNbuuSplashScreen@@UAE@XZ
?Show@CNbuuSplashScreen@@QAEHI@Z
?Hide@CNbuuSplashScreen@@QAEHI@Z
?PcsInitializeWER@@YAHXZ
??0CNbuuTabSkin@@QAE@XZ
??1CNbuuTabSkin@@UAE@XZ
??0CNbuuStepBarCtrl@@QAE@XZ
??1CNbuuStepBarCtrl@@UAE@XZ
??0CNbuuTabCtrl@@QAE@XZ
??1CNbuuTabCtrl@@UAE@XZ
?TranslateMenuAccelerator@CNbuuWindowBackgroundCtrl@@QAEHPAUtagMSG@@@Z
?m_dwLayout@CNbuuLib@@0KA
??1CNbuuStaticCtrl@@UAE@XZ
?DrawBackBuffer@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@1@Z
??1CNbuuWindowBackgroundCtrl@@UAE@XZ
?DrawBackBufferPart@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@11@Z
?DrawParentBackBuffer@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@@Z
?SetSkinDef@?$CNbuuBaseSkinImpl@VCNbuuStaticBitmapSkin@@VCNbuuStaticBitmapSkinDef@@@@UAEXVCNbuuStaticBitmapSkinDef@@@Z
?m_hInstRes@CNbuuLib@@0PAUHINSTANCE__@@A
??0CNbuuStaticBitmapSkin@@QAE@XZ
??1CNbuuStaticBitmapSkin@@UAE@XZ
?IsValid@?$CNbuuBaseSkinImpl@VCNbuuStaticBitmapSkin@@VCNbuuStaticBitmapSkinDef@@@@UAE_NXZ
?Load@CNbuuStaticBitmapSkin@@UAEXXZ
?SetTooltip@?$CNbuuButtonImpl@VCNbuuCommonButtonSkin@@@@QAEXPAG@Z
?Init@CNbuuLib@@SAXPAUHINSTANCE__@@0@Z
??1CNbuuCommonButtonCtrl@@UAE@XZ
??0CNbuuComboBoxCtrl@@QAE@XZ
?Unload@CNbuuStaticBitmapSkin@@UAEXXZ
??1CNbuuComboBoxCtrl@@UAE@XZ
??0CNbuuCheckButtonCtrl@@QAE@XZ
?PcsLoadFont@@YAXPAUtagLOGFONTW@@@Z
??1CNbuuCheckButtonCtrl@@UAE@XZ
?NGSCM_GetCommonNGR@@YAPAUHINSTANCE__@@XZ
??0CNbuuWindowBackgroundSkin@@QAE@XZ
?SetTextColor@CNbuuStaticCtrl@@QAEXK@Z
?CreateBackBuffer@CNbuuBackBuffer@@UAEXHHPAVCNbuuGraphics@@@Z
??1CNbuuWindowBackgroundSkin@@UAE@XZ
?ReadPCSL@CPCSL2InfoReader@@QAEHPAG@Z
?PCSL_GetVariantID@CPCSL2InfoReader@@QAEGXZ
?GetUIManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?GetFirstPhoneManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?GetNextPhoneManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?GetNumberOfPhoneManufacturers@CPCSL2InfoReader@@QAEHXZ
??0CCSDWrapper@@QAE@XZ
??1CCSDWrapper@@UAE@XZ
?Initialize@CCSDWrapper@@QAEJPAUHWND__@@@Z
?Terminate@CCSDWrapper@@QAEXXZ
??1CPCSL2InfoReader@@QAE@XZ
??0CPCSL2InfoReader@@QAE@XZ
?Show@CNbuuCommonMessageBox@@SAHPAUHWND__@@PBG1I@Z
??0CNbuuWindowBackgroundCtrl@@QAE@XZ
?DeleteBackBuffer@CNbuuBackBuffer@@UAEXXZ
??0CNbuuStaticCtrl@@QAE@XZ

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

connapi

ord550
ord10
ord504
ord11
ord552
ord503
ord501
ord506
ord551
ord553
ord500
ord205
ord200
ord206
ord204
ord212
ord213
ord507
ord505
ord502
ord201

psapi

GetModuleFileNameExW
EnumProcessModules

gdiplus

GdiplusStartup
GdiplusShutdown

mfc80u

ord2379
ord2381
ord2531
ord2399
ord2725
ord2169
ord2829
ord2856
ord4301
ord2163
ord2708
ord1513
ord2534
ord6273
ord2640
ord3796
ord2527
ord6275
ord3712
ord3713
ord3703
ord2638
ord3943
ord3339
ord2155
ord4961
ord6086
ord5609
ord4119
ord5178
ord6720
ord1611
ord5908
ord1608
ord1392
ord4480
ord2651
ord4256
ord3940
ord1353
ord5171
ord1955
ord4729
ord4238
ord4884
ord5148
ord1899
ord2011
ord5196
ord1662
ord5067
ord1661
ord6271
ord4179
ord3176
ord3397
ord4716
ord762
ord5891
ord4714
ord4730
ord4611
ord4838
ord4791
ord5065
ord6744
ord1087
ord3546
ord1864
ord1785
ord1784
ord6232
ord1894
ord4184
ord313
ord1189
ord265
ord5663
ord588
ord2343
ord5998
ord328
ord3159
ord1176
ord266
ord5489
ord380
ord745
ord557
ord631
ord386
ord3195
ord629
ord1430
ord5672
ord6284
ord676
ord5319
ord6000
ord443
ord3248
ord384
ord3946
ord3249
ord1518
ord1241
ord5707
ord760
ord572
ord739
ord5829
ord2422
ord5699
ord1638
ord1580
ord6721
ord5911
ord1393
ord5210
ord2985
ord4255
ord3309
ord331
ord3422
ord3603
ord3596
ord3629
ord590
ord4475
ord2132
ord5406
ord2832
ord1182
ord2936
ord1021
ord1178
ord3168
ord747
ord722
ord5440
ord1522
ord5710
ord6001
ord530
ord3289
ord1086
ord2161
ord1494
ord3065
ord2247
ord5186
ord6751
ord2827
ord2244
ord2241
ord2243
ord3163
ord314
ord797
ord1067
ord6002
ord5438
ord5709
ord1123
ord1139
ord1079
ord701
ord1386
ord4112
ord1287
ord3133
ord587
ord6061
ord3678
ord3331
ord2167
ord2402
ord2012
ord630
ord3395
ord3901
ord462
ord755
ord5713
ord564
ord3857
ord3508
ord5442
ord1027
ord5444
ord6003
ord2299
ord2159
ord2149
ord1925
ord1271
ord3204
ord4094
ord2085
ord1962
ord1274
ord1946
ord3238
ord3198
ord3635
ord5199
ord605
ord4206
ord4574
ord354
ord4226
ord2077
ord3158
ord3662
ord4266
ord1512
ord4274
ord1318
ord5208
ord721
ord715
ord4577
ord1634
ord5472
ord1572
ord977
ord3286
ord3661
ord2027
ord5207
ord5698
ord718
ord2421
ord5066
ord1573
ord5064
ord528
ord4861
ord3547
ord4207
ord516
ord3287
ord4234
ord741
ord1416
ord2086
ord3311
ord2255
ord2981
ord3322
ord2279
ord3925
ord754
ord2364
ord6293
ord5327
ord1080
ord3985
ord416
ord651
ord2861
ord6282
ord1555
ord5316
ord6749
ord3327
ord2239
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677
ord757
ord1121
ord1049
ord5379
ord5565
ord5564
ord6248
ord1119
ord5138
ord5181
ord3435
ord1190
ord1091
ord6140
ord5566
ord2365
ord2407
ord2809
ord1971
ord3590
ord3855
ord558
ord746
ord618
ord5708
ord5999
ord370
ord896
ord776
ord774
ord5231
ord5229
ord577
ord2384
ord283
ord2394
ord280
ord2392
ord2390
ord293
ord2386
ord2409
ord2397
ord3927
ord1472
ord2121
ord1647
ord1646
ord4026
ord1590
ord5485
ord2311
ord1542
ord1883
ord899
ord2696
ord284
ord287
ord2271
ord2697
ord5083
ord3990
ord4100
ord4078
ord2261
ord1476
ord5398
ord2468
ord894
ord897
ord288
ord6700
ord282
ord1479
ord559
ord290
ord6040
ord1118
ord1164
ord1220
ord5712
ord5711
ord4101
ord5524
ord6171
ord476
ord3756
ord6166
ord6172
ord4074
ord5558
ord2260
ord6165
ord2310
ord3082
ord385
ord3842
ord277
ord6063
ord3858
ord777
ord1616
ord860
ord1536
ord1582
ord2692
ord3877
ord2878
ord5864
ord1172
ord5096
ord1007
ord2009
ord4320
ord566
ord1058
ord2932
ord2461
ord2460
ord2341
ord6160
ord291
ord1002
ord5478
ord2388
ord2404
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord2366
ord2648
ord3752
ord6059
ord764
ord581
ord1200
ord1162
ord315
ord765
ord1198
ord1299

msvcr80

_tzset
memset
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
sprintf
wcsncpy
_wcsdup
free
strtoul
memcpy_s
_wsetlocale
wcsftime
_time64
_localtime64_s
_wmakepath
wcstol
ceil
_wsplitpath
wcstoul
_purecall
_CxxThrowException
memcpy
floor
_localtime64

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
LocalFree
CreateThread
IsDebuggerPresent
CreateEventA
ExitThread
WaitForSingleObject
LoadLibraryA
GetLongPathNameW
FileTimeToLocalFileTime
GetTimeZoneInformation
FileTimeToSystemTime
CreateMutexW
SetLastError
GetEnvironmentVariableW
SetEnvironmentVariableW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcpyW
OpenEventA
LockResource
LoadLibraryW
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetEvent
WaitForMultipleObjects
ResetEvent
CreateDirectoryW
CloseHandle
GetLastError
GetPrivateProfileStringW
OpenProcess
Process32NextW
CreateToolhelp32Snapshot
WideCharToMultiByte
MoveFileW
QueryPerformanceCounter
DeleteFileW
GetUserDefaultLangID
CopyFileW
GetModuleHandleW
SystemTimeToFileTime
FindResourceW
FreeLibrary
LoadResource
SizeofResource
Sleep
GetModuleFileNameW
OpenEventW
LoadLibraryExW
CreateEventW
GetProcAddress
GetTickCount
GetVersionExW
MultiByteToWideChar
Process32FirstW

user32

GetMenuDefaultItem
GetDoubleClickTime
CheckMenuItem
EndMenu
PtInRect
SystemParametersInfoW
GetMenuItemCount
LoadMenuW
GetWindowLongW
SetMenuDefaultItem
GetClientRect
IsIconic
IsZoomed
EnableMenuItem
LockWindowUpdate
GetDlgItem
SetFocus
GetWindowTextLengthW
SetWindowTextW
MapWindowPoints
SetActiveWindow
GetCursorPos
WinHelpW
LoadStringW
DestroyIcon
GetNextDlgTabItem
IsWindowEnabled
IsWindow
PostQuitMessage
InsertMenuW
GetSystemMetrics
IsWindowVisible
SendMessageCallbackW
GetActiveWindow
GetSubMenu
GetWindowInfo
GetFocus
GetMenuItemID
NotifyWinEvent
LoadIconW
SetForegroundWindow
MessageBeep
ShowWindow
MsgWaitForMultipleObjects
MessageBoxW
GetWindowTextW
wvsprintfW
GetDesktopWindow
ScreenToClient
InvalidateRect
GetParent
MoveWindow
DispatchMessageW
TranslateMessage
SendMessageW
GetClassNameW
PostMessageW
KillTimer
SetTimer
EnableWindow
GetWindowRect
EnumChildWindows
SetCursor
PeekMessageW
LoadCursorW
RegisterWindowMessageW

gdi32

GetStockObject
CreateFontIndirectW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFolderLocation
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
SHGetMalloc
SHGetDesktopFolder

shlwapi

StrRetToBufW
PathIsNetworkPathW

ole32

CLSIDFromString
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantCopy
SysFreeString
VarUdateFromDate
SysAllocString
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SysStringLen
SysAllocStringLen
SafeArrayGetLBound

Sections

.text
Size: 544KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92c589bf01d94555e6069a2f38e8b296

Headers

File Characteristics

Imports

ngscm

version

connapi

psapi

gdiplus

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 544KB - Virtual size: 541KB

.rdata Size: 160KB - Virtual size: 158KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 544KB - Virtual size: 541KB

.rdata
Size: 160KB - Virtual size: 158KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 96KB - Virtual size: 96KB