8c548b50514c509873dca24be6368a49

Sharing

Copy URL

Twitter E-mail

General

Target

8c548b50514c509873dca24be6368a49
Size

164KB
MD5

8c548b50514c509873dca24be6368a49
SHA1

6489f0b0b686d57f3811c6a44eb0b5d58931bb08
SHA256

d7689408eab1a00ef05678e856733434de28c2eb231165c215e44d4cfd29bc69
SHA512

63d297ff066405d3ee8402f962e9eedb80df5b015e70f57d2c456355bbaf2f55ea9bb91daa82f1cf2e611ea1117ab25a3ff568325da38b0d1f191cb14969de18
SSDEEP

3072:1YI+cvJzeScN2IoOvEbVqhLt//p2AFqkrFzj+zCmClZ:11kScN2IolVkt/EAFq2oe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c548b50514c509873dca24be6368a49

Files

8c548b50514c509873dca24be6368a49
.exe windows:4 windows x86 arch:x86

57cc048d459675a2b1686e7b82350ce7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Work\Projects\Personal\HitBot\BestClick\Release\BestClick.pdb

Imports

kernel32

DeleteCriticalSection
HeapFree
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
MulDiv
HeapAlloc
FlushInstructionCache
GetCurrentProcess
lstrcmpA
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
ExitProcess
ReadFile
GetFileSize
GetSystemTime
MoveFileA
GetTempFileNameA
SetPriorityClass
OpenProcess
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
CreateProcessA
CopyFileA
ReleaseMutex
CreateMutexA
WriteProcessMemory
ReadProcessMemory
SetWaitableTimer
CreateWaitableTimerA
GetTickCount
OutputDebugStringA
GetLocalTime
SetFilePointer
ResetEvent
SetEvent
TerminateThread
InitializeCriticalSection
LockResource
FindResourceExA
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateThread
WaitForSingleObject
MoveFileExA
GetTempPathA
DeleteFileA
LoadLibraryA
GetLastError
WriteFile
CreateFileA
GetSystemDirectoryA
GetProcAddress
CloseHandle
GetFullPathNameA
CreateEventA
lstrcatA
Sleep
lstrlenA

user32

UnregisterClassA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetSysColor
ReleaseCapture
GetWindowLongA
FillRect
MessageBoxA
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
IsWindowVisible
SetRect
SetWindowLongA
SetCapture
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
SetFocus
GetWindow
IsChild
DestroyAcceleratorTable
SendMessageA
GetFocus
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
CreateWindowExA
wsprintfA
SetThreadDesktop
CreateDesktopA
FindWindowExA
CharLowerBuffA
GetWindowRect
PostMessageA
ClientToScreen
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA

gdi32

SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
CreateDIBSection
SetPixel
GetPixel
DeleteObject

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
CreateServiceA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegQueryValueExA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid

oleaut32

SysAllocStringByteLen
DispCallFunc
SafeArrayUnlock
SafeArrayLock
VarBstrCmp
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

PathFindExtensionW
PathFindExtensionA

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

ws2_32

htons
connect
send
gethostbyname
closesocket
WSAStartup
WSACleanup
socket
select
ioctlsocket
recv

Sections

.flat
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57cc048d459675a2b1686e7b82350ce7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

wininet

ws2_32

Sections

.flat Size: 8KB - Virtual size: 7KB

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 16B

.flat
Size: 8KB - Virtual size: 7KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 16B