29fd8dc17f079d81de6b054410bb501af285ea8f7e88d7ef2a9445b12f0ae010

Sharing

Copy URL

Twitter E-mail

General

Target

29fd8dc17f079d81de6b054410bb501af285ea8f7e88d7ef2a9445b12f0ae010
Size

10.0MB
MD5

9eb07bd21a40c88566c46633940f0ddb
SHA1

3d0d0e0234b29501b9cda0f151081d29515e02ce
SHA256

29fd8dc17f079d81de6b054410bb501af285ea8f7e88d7ef2a9445b12f0ae010
SHA512

da57ce7533c8bd9b6aa10efb3d0dcc97e369f6ba6b9f7b8751258967d16dfa88245f9fc19dcc659a749c269b44ab5ff26b39e7530779c74a2760d92d5757e093
SSDEEP

196608:TPVFSlgYqL8xiscBiuOp53evSHmL7ohdy8WLBljzgrwTPbss9zr7Cu91D:hFUb5cYf5uKHmLUho8WLzjzQerzPL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29fd8dc17f079d81de6b054410bb501af285ea8f7e88d7ef2a9445b12f0ae010

Files

29fd8dc17f079d81de6b054410bb501af285ea8f7e88d7ef2a9445b12f0ae010
.exe windows:6 windows x86 arch:x86

2512c331a347828c723a87c97b269161

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\trunk_ldspace_build\install2013\bin\ldspaceinst.pdb

Imports

advapi32

OpenProcessToken
RegCreateKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
DuplicateTokenEx
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom

ws2_32

sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
accept
listen
send
recv
ioctlsocket
gethostname
WSAGetLastError
htonl
ntohl
WSASetLastError
select
__WSAFDIsSet
socket
WSAStartup
WSACleanup
bind

crypt32

CertFreeCertificateContext

wldap32

ord50
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord45
ord211
ord143
ord46

normaliz

IdnToAscii

kernel32

FindResourceW
LoadResource
Sleep
SizeofResource
LockResource
GetDriveTypeW
GetLogicalDriveStringsW
WaitForSingleObject
K32EnumProcessModules
K32GetModuleFileNameExW
OpenProcess
LoadLibraryW
GetExitCodeProcess
TerminateProcess
GetModuleFileNameW
SetLastError
GetProcAddress
MoveFileW
Process32FirstW
DeviceIoControl
Process32NextW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetVolumeInformationW
GlobalAlloc
GlobalFree
HeapReAlloc
FindResourceExW
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
InitializeCriticalSectionEx
RaiseException
HeapSize
DecodePointer
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetModuleHandleW
CreateEventW
SetEvent
GetLocalTime
IsDebuggerPresent
FindFirstFileW
FindNextFileW
FindClose
GlobalLock
GlobalUnlock
GetCurrentProcess
ReadFile
SetFilePointer
GetFileSize
MoveFileExW
FreeResource
DeleteFileW
RemoveDirectoryW
FreeLibrary
GetStdHandle
CreateProcessW
GetStartupInfoW
TerminateThread
GetCurrentDirectoryW
GetACP
ExitProcess
GetPrivateProfileStringW
MulDiv
InitializeCriticalSectionAndSpinCount
FormatMessageA
GetTickCount64
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
WaitForSingleObjectEx
GetFileType
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
IsProcessorFeaturePresent
CreateTimerQueue
RtlUnwind
GetStringTypeW
EncodePointer
AreFileApisANSI
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetExitCodeThread
GetCurrentThread
DuplicateHandle
GetSystemTimeAsFileTime
CreateMutexW
CloseHandle
GetLastError
CreateFileW
WriteFile
GetTickCount
ExitThread
LoadLibraryExW
SetFilePointerEx
GetCommandLineW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateSemaphoreW
GetFullPathNameW
CreateDirectoryW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
SetEndOfFile
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetOEMCP
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
ReadConsoleW
SetStdHandle
SystemTimeToTzSpecificLocalTime
WriteConsoleW

user32

InvalidateRect
GetUpdateRect
BeginPaint
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
CharNextW
IsWindowVisible
LoadImageW
LoadCursorW
GetWindow
GetParent
GetPropW
SetPropW
ScreenToClient
EnableWindow
SetFocus
IsWindow
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
wvsprintfW
SetCursor
OffsetRect
IsZoomed
SetWindowRgn
CharPrevW
DrawTextW
FillRect
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
SendMessageW
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
SetRect
CreateCaret
PostQuitMessage
DefWindowProcW
PostMessageW
CreateWindowExW
SetWindowLongW
DestroyWindow
SetTimer
KillTimer
GetSystemMetrics
IsIconic
GetWindowLongW
ShowWindow
SetWindowPos
GetDC
ReleaseDC
GetClientRect
GetWindowRect
GetCursorPos
PtInRect
GetMonitorInfoW
MonitorFromWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
RegisterClassW
GetGUIThreadInfo
EndPaint

gdi32

GetTextMetricsW
SetWindowOrgEx
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateRoundRectRgn
BitBlt
GetStockObject
GetObjectA
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
Rectangle
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
CreatePatternBrush
GetObjectW
DeleteDC
GetDeviceCaps
DeleteObject
CreatePen
GetClipBox
CreateFontIndirectW
RemoveFontResourceW
RestoreDC
AddFontResourceExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
SHBrowseForFolderW
ord165

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

shlwapi

PathFileExistsW

gdiplus

GdipDeleteFontFamily
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipAlloc
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
HttpQueryInfoW
InternetCrackUrlW
InternetOpenW
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW

msi

ord173
ord217

version

GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoW

comctl32

_TrackMouseEvent
ord17

imm32

ImmGetVirtualKey
ImmGetContext
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow

Sections

.text
Size: 1023KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67.7MB - Virtual size: 67.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2512c331a347828c723a87c97b269161

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

gdiplus

iphlpapi

wininet

msi

version

comctl32

imm32

Sections

.text Size: 1023KB - Virtual size: 1022KB

.rdata Size: 233KB - Virtual size: 232KB

.data Size: 20KB - Virtual size: 51KB

.rsrc Size: 67.7MB - Virtual size: 67.7MB

.reloc Size: 52KB - Virtual size: 51KB

.text
Size: 1023KB - Virtual size: 1022KB

.rdata
Size: 233KB - Virtual size: 232KB

.data
Size: 20KB - Virtual size: 51KB

.rsrc
Size: 67.7MB - Virtual size: 67.7MB

.reloc
Size: 52KB - Virtual size: 51KB