8d9c361c247efd0ede60199557711d2b

Sharing

Copy URL Twitter E-mail

General

Target

8d9c361c247efd0ede60199557711d2b
Size

408KB
MD5

8d9c361c247efd0ede60199557711d2b
SHA1

bafd784bb019b78f1d0c8b809eea1a1919fc03fd
SHA256

bdde1000ed2a2d6c06af709d9c509da67a0d8c2a697f14790afd6ec4ac0a9667
SHA512

38d7165ffe514afbd62c8800f4556ee7aff3ce180c6c3d883a5411bcdf88431380530412ba7b78ca7b8069d139400a84059de9ac59c9287b3a52b31d774162f3
SSDEEP

6144:SCJaKQ/qgC2vVKFzTtXMiL3tSBQgh21F0jNJcZ6J8mn99jio/r:SCJ7QygvYFxMiL3MqggiHcYJ8Gjeo/r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d9c361c247efd0ede60199557711d2b

Files

8d9c361c247efd0ede60199557711d2b
.dll regsvr32 windows:4 windows x86 arch:x86

f7fe154abf4c0c0c2febb81bd3d81ffc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\client\Bin\release\ClientAX\ClientAX.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetACP
MultiByteToWideChar
lstrlenW
RaiseException
InterlockedExchange
GetLastError
lstrcmpiA
GetThreadLocale
EnterCriticalSection
LockResource
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
GetVersionExA
GetVersion
GetPrivateProfileStringA
lstrcmpA
GetTickCount
OpenProcess
CloseHandle
CreateFileA
FreeResource
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetWindowsDirectoryA
WriteFile
GetSystemDirectoryA
CreateDirectoryA
SetLastError
SetFileAttributesA
GetCurrentThreadId
GetTempPathA
DeleteFileA
lstrcatA
lstrcpyA
MapViewOfFile
UnmapViewOfFile
ReadProcessMemory
FreeLibrary
CreateFileMappingA
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
ExitProcess
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
RtlUnwind
HeapDestroy
SetFilePointer
LoadLibraryA
SetStdHandle
FlushFileBuffers
lstrcpynA
GetLocaleInfoA
lstrlenA
FindResourceA
IsDBCSLeadByte
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
FindResourceExA
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
LoadResource
SetUnhandledExceptionFilter
IsBadReadPtr
GetProcAddress
IsBadCodePtr

user32

GetClassNameA
GetWindowThreadProcessId
SendMessageA
RegisterWindowMessageA
MessageBoxA
GetDesktopWindow
EnumChildWindows
FindWindowA
CharUpperA
CharNextA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysStringByteLen
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysAllocString
LoadRegTypeLi

shlwapi

PathFindExtensionA
PathFileExistsA

Exports

Exports

ClientDistributorId
ClientExeName
ClientInfo
ClientInstall
ClientIsRunning
ClientPartnerId
ClientProductId
ClientUMT
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Version

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7fe154abf4c0c0c2febb81bd3d81ffc

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 308KB - Virtual size: 307KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 308KB - Virtual size: 307KB

.reloc
Size: 12KB - Virtual size: 8KB