596050b376f3bb0ca111ec9bde03d03f

Sharing

Copy URL Twitter E-mail

General

Target

596050b376f3bb0ca111ec9bde03d03f
Size

201KB
MD5

596050b376f3bb0ca111ec9bde03d03f
SHA1

6606b3b8e009e31c2057bc9c08f8d01ca6f315ef
SHA256

b86334688777d1fbc26316310ef4e168d640cbb65c8f8a50415e6f030b53caa6
SHA512

e5da651f5d8fad27308e1ed724f647c223adf97c88cb1a335d6b3a8ef1d85d2a92fb36cf38e4c6bf8cbb2df992886a45be229b1f9e7a4b841eb3972030e28275
SSDEEP

6144:od8yIsu1uNcBhZ9B+OOo15vprvgfocjq9:od8yIsu1rfZvv0q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
596050b376f3bb0ca111ec9bde03d03f

Files

596050b376f3bb0ca111ec9bde03d03f
.exe windows:4 windows x86 arch:x86

7712f523ddb61891a4ed630be86d776e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

util

_FileExists@4
_PcaHostMessageBox@16

instdata

?Instance@IInstallDataMgr@@SAAAV1@XZ

awses32

?SetGlobalAction@CAWSession@@QAEHPAVCAction@@@Z
??1CAction@@UAE@XZ
??0CRemoteSvcMgr@@QAE@PAUHWND__@@00@Z
?PushFlowAction@CAWSession@@QAEHW4ePROC_ID@@0HK@Z
?UserData@CAWSession@@QAEKW4ePROC_ID@@@Z
?Session@CRemoteSvcMgr@@QBEPAVCAWSession@@XZ
?SetBuf@CAction@@QAEHPAEH@Z
?GetGlobalAction@CAWSession@@QAEPAVCAction@@XZ
?CheckConnectStatus@CAWSession@@QAEHXZ

awcfgmgr

_AWRegGetOptionValue@16

awtime32

_AWTimerInit@0
_AWTimerExit@0

s32pcag

ord98
ord81

awofrwrk

?SetAutoRename@CCallHostObjectMgr@@UAEHH@Z
?AutoRename@CCallHostObjectMgr@@UBEHXZ
?SetErrMsgPrompt@CCallHostObjectMgr@@UAEHH@Z
?ErrMsgPrompt@CCallHostObjectMgr@@UBEHXZ
?SetSecPrompt@CCallHostObjectMgr@@UAEHH@Z
?SecPrompt@CCallHostObjectMgr@@UBEHXZ
?CurrentDirectory@CCallHostObjectMgr@@UBEXPADAAK@Z
?MaxObjectNameLength@CAbsSerializedObjectMgr@@UBEKXZ
?ModelObjectName@CCallHostObjectMgr@@UBEXPADAAK@Z
?FindFirstEntry@CCallHostObjectMgr@@UAEHPBDK0AAUtagRECINFO@@@Z
?FindNextEntry@CCallHostObjectMgr@@UAEHKPBDAAUtagRECINFO@@@Z
?CloneObjectStore@CCallHostObjectMgr@@UAEHPBDK0AAUtagRECINFO@@@Z
?CopyObjectStore@CCallHostObjectMgr@@UAEHPBD0K0HAAUtagRECINFO@@@Z
?RenameObjectStore@CCallHostObjectMgr@@UAEHPBD0K0AAUtagRECINFO@@@Z
?DeleteObjectStore@CCallHostObjectMgr@@UAEHPBDK0@Z
?FindFirst@CAbsSerializedObjectMgr@@UAEPAVCSerialObject@@PBDW4AccessMode@1@K0@Z
?FindNext@CAbsSerializedObjectMgr@@UAEPAVCSerialObject@@W4AccessMode@1@KPBD@Z
?RetrieveObject@CAbsSerializedObjectMgr@@UAEPAVCSerialObject@@PBDW4AccessMode@1@K0@Z
?RetrieveModelObject@CAbsSerializedObjectMgr@@UAEPAVCSerialObject@@W4AccessMode@1@KPBD@Z
?DetachObject@CAbsSerializedObjectMgr@@UAEXPAVCSerialObject@@@Z
?OnLFNSystem@CCallHostObjectMgr@@MBEHPBD@Z
?OnLFNSystem@CAbsSerializedObjectMgr@@UBEHPBVCSerialObject@@@Z
?LastError@CCallHostObjectMgr@@UBEKXZ
?ReadObject@CAbsSerializedObjectMgr@@MAEHPAVCSerialObject@@KPBD@Z
?LoadObject@CAbsSerializedObjectMgr@@MAEHPAVCSerialObject@@KPBD@Z
?WriteSecurityInfo@CCallHostObjectMgr@@MAEHAAUtagSECURITY@@KKPBD@Z
?ReadSecurityInfo@CCallHostObjectMgr@@MAEHAAUtagSECURITY@@KKPBD@Z
?ReleaseSerializedObject@CAbsSerializedObjectMgr@@MAEXPAVCSerialObject@@@Z
?ReleaseAllSerializedObjects@CAbsSerializedObjectMgr@@MAEXXZ
?OpenObjectStorage@CCallHostObjectMgr@@MAEKPBDK0@Z
?CloseObjectStorage@CCallHostObjectMgr@@MAEHK@Z
?GetObjectDirInfo@CCallHostObjectMgr@@MBEHKAAUtagRECINFO@@@Z
?CreateObjectStorage@CCallHostObjectMgr@@MAEKPBDK0@Z
?WriteObjectData@CCallHostObjectMgr@@MAEHPAVCSerialObject@@KKPBD@Z
?ReadObjectData@CCallHostObjectMgr@@MAEHPAVCSerialObject@@KKPBD@Z
?LoadObjectData@CCallHostObjectMgr@@MAEHPAVCSerialObject@@KKPBD@Z
?GetPromptParentWnd@CCallHostObjectMgr@@UAEPAUHWND__@@XZ
?SetPromptParentWnd@CCallHostObjectMgr@@UAEPAUHWND__@@PAU2@@Z
?DisconnectFromIOEngine@CCallHostObjectMgr@@UAEHXZ
?ConnectToIOEngine@CCallHostObjectMgr@@UAEHPBDK@Z
??0CCallHostObjectMgr@@QAE@XZ
?FreeSerializedObject@CCallHostObjectMgr@@MAEXPAVCSerialObject@@@Z
?InstantiateNewObject@CCallHostObjectMgr@@MAEPAVCSerialObject@@XZ
??1CCallHostObjectMgr@@UAE@XZ
?WriteObject@CAbsSerializedObjectMgr@@MAEHPAVCSerialObject@@KPBD@Z
?ChangeDirectory@CCallHostObjectMgr@@UAEHPBD@Z
?CreateObject@CAbsSerializedObjectMgr@@UAEPAVCSerialObject@@PBDK0@Z

pcacmndg

_DspErr@20

sessionmanager

?GetThisClass@CSessionManagerFrame@@SGPAUCRuntimeClass@@XZ
?AttachToSessionController@CSessionManagerFrame@@QAE_NXZ

pcasharedui

?FindView@CPCAMainFrame@@QAEPAVCPCAMainView@@H@Z
?SetView@CPCAMainFrame@@QAEXHH@Z

msvcr80

_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
printf
_mbsupr_s
_mbsicmp
_splitpath_s
_makepath_s
memcpy
_strlwr_s
srand
rand
atol
_time64
_gmtime64
strcspn
_beginthreadex
_CxxThrowException
getenv
??_U@YAPAXI@Z
strstr
__iob_func
sprintf
fprintf
_resetstkoflw
??_V@YAXPAX@Z
_recalloc
calloc
sscanf
__CxxFrameHandler3
atoi
strcpy_s
fclose
fopen
??2@YAPAXI@Z
wcscpy_s
free
malloc
_mbsinc
_mbschr
??3@YAXPAX@Z
memset
_mbsrchr
_mbsstr
_mbsnbcpy
_mbslwr
_mbsupr
_mbclen
wcslen
??0exception@std@@QAE@ABQBDH@Z
?what@exception@std@@UBEPBDXZ
_setmbcp
_mbsnbcat
_stricmp
_mbscspn
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
wcstombs
strtod
strtol
_ismbcspace
_ismbcdigit
vsprintf
??1exception@std@@UAE@XZ
_mbsspn

mfc80

ord5151
ord4244
ord1402
ord1144
ord1207
ord1917
ord5493
ord2707
ord2702
ord3243
ord380
ord756
ord4444
ord4443
ord4790
ord4204
ord4781
ord4980
ord4172
ord4181
ord4591
ord4777
ord4386
ord4401
ord4399
ord4381
ord4384
ord4379
ord4864
ord4861
ord3974
ord6725
ord5915
ord1620
ord1617
ord1185
ord1187
ord1191
ord1084
ord3683
ord701
ord310
ord578
ord1486
ord865
ord2272
ord1482
ord2131
ord5529
ord781
ord1247
ord3997
ord2271
ord1258
ord1916
ord297
ord3340
ord2149
ord6252
ord6251
ord757
ord490
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2063
ord4326
ord3801
ord6278
ord4014
ord4038
ord2248
ord784
ord5383
ord6090
ord593
ord4469
ord5119
ord334
ord5386
ord2156
ord1497
ord959
ord547
ord5403
ord2468
ord4031
ord5975
ord1054
ord1122
ord1126
ord3609
ord3602
ord3450
ord3645
ord616
ord1128
ord2141
ord368
ord4264
ord4482
ord6043
ord5934
ord2768
ord3040
ord4222
ord1922
ord4705
ord4852
ord5495
ord2742
ord5412
ord1379
ord5156
ord2051
ord2016
ord6238
ord2621
ord2614
ord4566
ord1908
ord4257
ord911
ord907
ord304
ord631
ord2280
ord386
ord1230
ord4035
ord2292
ord3591
ord3682
ord565
ord4273
ord4486
ord2862
ord5200
ord1599
ord1655
ord1656
ord1964
ord5174
ord1361
ord4967
ord3344
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord3946

kernel32

SetUnhandledExceptionFilter
GetACP
GetThreadLocale
SetFilePointer
FindNextFileA
lstrcmpA
Beep
LoadLibraryA
GetLocaleInfoA
GetProcAddress
FreeLibrary
GetCurrentDirectoryA
LocalFree
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
OpenProcess
GetProcessAffinityMask
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateMutexA
OpenMutexA
ReleaseMutex
CreateEventA
GetSystemWindowsDirectoryA
lstrcpynA
FlushFileBuffers
GetDateFormatA
ReadFile
FindFirstFileA
FindClose
GetSystemDirectoryA
GetWindowsDirectoryA
DeleteFileA
ResetEvent
SetEvent
GetDiskFreeSpaceA
CreateProcessA
OpenSemaphoreA
lstrcpyA
SetCurrentDirectoryA
RemoveDirectoryA
CreateDirectoryA
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
SetSystemPowerState
Sleep
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
CreateFileA
CloseHandle
SetErrorMode
IsBadWritePtr
lstrlenA
GetVersionExA
WriteFile
VirtualQuery
GetModuleHandleA
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
lstrcatA
GetModuleFileNameA

user32

LoadStringA
wvsprintfA
MessageBoxA
wsprintfA
CharNextA
EnableWindow
CharLowerA
CharLowerW
CharUpperA
CharUpperW
SendMessageA
MessageBeep
TranslateMessage
PeekMessageA
DispatchMessageA
PostMessageA
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageA
GetClassNameA
FindWindowExA
GetForegroundWindow
FindWindowA
GetKeyState
SetWindowsHookExA
WaitForInputIdle
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
CharUpperBuffA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegQueryValueA
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA

shell32

ShellExecuteA

oleaut32

SysFreeString

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7712f523ddb61891a4ed630be86d776e

Headers

File Characteristics

Imports

util

instdata

awses32

awcfgmgr

awtime32

s32pcag

awofrwrk

pcacmndg

sessionmanager

pcasharedui

msvcr80

mfc80

kernel32

user32

advapi32

shell32

oleaut32

msvcp80

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 2KB

.2rdata Size: 68KB - Virtual size: 68KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 2KB

.2rdata
Size: 68KB - Virtual size: 68KB