8bd945aa7d368d9845a77d161ef857be

Sharing

Copy URL

Twitter E-mail

General

Target

8bd945aa7d368d9845a77d161ef857be
Size

4.7MB
MD5

8bd945aa7d368d9845a77d161ef857be
SHA1

a5bb792f2ee93aae91cf738c5bb16ce4370652f8
SHA256

444bb929087869e35eec8a4704deefc372f40b039d3698ad1e03b9a7b4be785c
SHA512

ae5a646eb1d08d1ebbc14d281c124ac94be536e46b25433940b0a80f66d633e4b69acc8cc50f51bacd1d449647f6e718a537fb8b397c888eaf6ab0ca9800b4fb
SSDEEP

98304:LRnWkWuW3PFw8I58lu9+amhMlFo9lFoWXqdCNf02pCpw:LFW3T2N9+amhFmWXqdCNMtw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bd945aa7d368d9845a77d161ef857be

Files

8bd945aa7d368d9845a77d161ef857be
.exe windows:5 windows x86 arch:x86

32f8931d12588274dec9ccbe0e31c287

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Work\PlatformDev\_release\NGM\20110728_renewal\NGM\NGMSetup\Release\NGMSetup.pdb

Imports

kernel32

WideCharToMultiByte
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
GetVersion
GetSystemDirectoryA
CreateDirectoryA
GetTempFileNameA
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
DeleteFileA
Sleep
CopyFileA
RemoveDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
SetFilePointer
LocalFree
CreateProcessA
GetTickCount
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
LoadLibraryExA
SetErrorMode
lstrlenA
ExpandEnvironmentStringsA
GetCurrentProcess
GetWindowsDirectoryA
DeleteCriticalSection
HeapFree
MultiByteToWideChar
InitializeCriticalSection
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
InterlockedExchangeAdd
LocalAlloc
GetVersionExA
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetFileAttributesA
SetFileAttributesA
CreateFileA
GetFileSize
ReadFile
WriteFile
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetLocalTime
FormatMessageA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
SetEndOfFile
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapSize
RaiseException
RtlUnwind

user32

MessageBoxA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetNamedSecurityInfoA
FreeSid
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken

shell32

SHGetSpecialFolderPathA
SHFileOperationA
ord680
ShellExecuteExA

ole32

CoInitialize
CoUninitialize
OleRun
CoCreateInstance

oleaut32

SysStringLen
GetErrorInfo
SysAllocString
SysFreeString

shlwapi

UrlEscapeA
PathFileExistsA

wininet

HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
HttpOpenRequestA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetOpenUrlA
InternetConnectA
InternetOpenA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

closesocket
WSACloseEvent
WSAStartup
WSAGetOverlappedResult
WSAGetLastError
WSASend
WSAResetEvent
inet_ntoa
htonl
getservbyname
htons
inet_addr
WSACleanup
WSARecv
WSACreateEvent
WSASetEvent
gethostbyname
gethostbyaddr
getservbyport
ntohs
WSASetLastError
WSASocketA
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f8931d12588274dec9ccbe0e31c287

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

version

ws2_32

Sections

.text Size: 212KB - Virtual size: 212KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 12.8MB - Virtual size: 12.8MB

.text
Size: 212KB - Virtual size: 212KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 12.8MB - Virtual size: 12.8MB