352c6bbd560bcddaff6710e05b98ec79c87c35332a1356afd2fe4a4f2fc1603a

Sharing

Copy URL Twitter E-mail

General

Target

352c6bbd560bcddaff6710e05b98ec79c87c35332a1356afd2fe4a4f2fc1603a
Size

834KB
MD5

03525bfcc030eacc6c70ac61672cf972
SHA1

c2ed398a5f2352c99a24f46bccbaa5edc15273af
SHA256

352c6bbd560bcddaff6710e05b98ec79c87c35332a1356afd2fe4a4f2fc1603a
SHA512

318e2a8504e19194e8390a6b2c0a1a7ac3c13c04e85bb157b008f7d8fbcb3a1b3c3f70c1be3eadf2f7d4ee85a6e9e06db3213ad2d424ac3e0a154a30de6f1980
SSDEEP

12288:H7pngS4h89DVoHkSsNI1KYNSlXGKmydJhxloPAgJwwehOCgwrXUS/aZ0zUC:H7pngSaKYWl5tgKywrXdZzP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
352c6bbd560bcddaff6710e05b98ec79c87c35332a1356afd2fe4a4f2fc1603a

Files

352c6bbd560bcddaff6710e05b98ec79c87c35332a1356afd2fe4a4f2fc1603a
.exe windows:5 windows x86 arch:x86

206f745805fa90f20ca1ea107a7f5c95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Project\Mptool_U3_0223\Release_JBL\Win32\FCU3MpTools.pdb

Imports

authkey

ord2

waiting

ord2
ord1

settingu3

ord10
ord13
ord16
ord24
ord17
ord9
ord8
ord5
ord12
ord1
ord2
ord4

kernel32

lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
lstrlenA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
GetStartupInfoW
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
HeapReAlloc
CreateProcessA
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitProcess
RtlUnwind
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetLocaleInfoW
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetFileAttributesA
CreatePipe
GetExitCodeProcess
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsA
GetEnvironmentStrings
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
CreateFileW
GetFileSize
CloseHandle
ReadFile
GetTickCount
GetVersionExW
GetModuleHandleW
GetProcAddress
SetThreadLocale
GetUserDefaultUILanguage
GetUserDefaultLangID
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
GetLastError
GetPrivateProfileStringW
Sleep
GetFileType
GetDriveTypeW
SetErrorMode
WaitForSingleObject
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalLock
GlobalUnlock
GlobalFree
CompareStringA
InterlockedExchange
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
lstrlenW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
OutputDebugStringA
GetOverlappedResult
CreateEventA
CreateFileA
DeviceIoControl
GetLocalTime
ClearCommError
SetCommConfig
GetDefaultCommConfigW
TerminateThread
FreeLibrary
GetModuleFileNameA
FormatMessageA
LoadLibraryExA
ResetEvent
InterlockedDecrement
ResumeThread
InterlockedIncrement
WaitForMultipleObjects
GetCurrentProcessId
CreateDirectoryW
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
GlobalAlloc
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLogicalDrives
SetEvent
CreateEventW
GetFileAttributesW
WriteFile
SetFilePointer
CreateProcessW

user32

RegisterClipboardFormatW
MapDialogRect
DestroyMenu
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
GetNextDlgGroupItem
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
GetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
MsgWaitForMultipleObjectsEx
PeekMessageW
PostThreadMessageW
ReleaseCapture
SetCapture
SetRect
MessageBeep
UnregisterDeviceNotification
SetActiveWindow
CharUpperW
UnregisterClassW
LoadCursorW
GetSysColorBrush
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SendDlgItemMessageA
SetWindowContextHelpId
EnableWindow
CopyRect
SendMessageW
SetWindowLongW
TrackMouseEvent
InvalidateRect
GetSysColor
IsWindow
GetParent
LoadMenuW
GetWindowRect
GetSubMenu
PostMessageW
GetClientRect
DeleteMenu
SetTimer
KillTimer
MessageBoxW
FindWindowW
wsprintfW
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
RegisterDeviceNotificationW
PostQuitMessage
SetForegroundWindow
OffsetRect
GetWindow
LoadStringW
GetFocus
GetMenuState

gdi32

SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetDeviceCaps
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateFontIndirectW
GetObjectW
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdiplusShutdown
GdiplusStartup

dbghelp

MiniDumpWriteDump
SymGetLineFromAddr
SymFunctionTableAccess
SymGetModuleBase
StackWalk
SymCleanup
SymInitialize

ws2_32

send
shutdown
setsockopt
connect
gethostbyaddr
WSACleanup
inet_addr
gethostbyname
recv
ioctlsocket
closesocket
htons
socket
WSAStartup
WSAGetLastError

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

Exports

Exports

??0IEntry@@QAE@ABV0@@Z
??0IEntry@@QAE@PAXPAUHWND__@@@Z
??1IEntry@@QAE@XZ
??4IEntry@@QAEAAV0@ABV0@@Z
??_7IEntry@@6B@

Sections

.text
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shareent
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

206f745805fa90f20ca1ea107a7f5c95

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

authkey

waiting

settingu3

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

gdiplus

dbghelp

ws2_32

setupapi

Exports

Exports

Sections

.text Size: 572KB - Virtual size: 572KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 24KB - Virtual size: 41KB

shareent Size: 1024B - Virtual size: 1024B

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 572KB - Virtual size: 572KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 24KB - Virtual size: 41KB

shareent
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 51KB - Virtual size: 51KB