PCMgr_Setup[.]exe

Resubmissions

21/02/2024, 22:40

240221-2llagagg56 9

Sharing

Copy URL Twitter E-mail

General

Target

PCMgr_Setup.exe
Size

175.4MB
MD5

ece024743c0bb6466f4f4ff250f16a48
SHA1

1211aeb4eacb8ba26c928e68d3dd4f1047c8275e
SHA256

d605f22b61ac32bcb41db457e285f39126e328c242c810ba2fa5e451318dc7d6
SHA512

fd3d183ce98423df9a88adacc5f96d20aee94bb06e5b7c49a79339e4f5b3163902e47cc20388251e616c010560a40f72f12b5bcd053303515084ca2ab83fe08c
SSDEEP

3145728:yWKvK3l5TmbEMTEoynflcCrKWi1cfFJAROJIuxSLScF5zPbhtCfsJpt+OHCDr1d:BQaHTDMTKflc1D1cfFmRXuxSjFZPt80m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PCMgr_Setup.exe

Files

PCMgr_Setup.exe
.exe windows:4 windows x86 arch:x86

7b1b23d8c8e7ccb96e67b0744c45b320

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\data\landun\workspace\TxiOAClient\master_release_8.3\Basic\Output\BinFinal\QQPCMgrPacket.pdb

Imports

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CryptQueryObject

kernel32

Process32NextW
MoveFileExW
Module32FirstW
Module32NextW
ProcessIdToSessionId
MoveFileExA
GetSystemInfo
FlushInstructionCache
LoadLibraryA
VirtualAlloc
VirtualFree
ReleaseSemaphore
CreateSemaphoreW
GetStdHandle
GetTempFileNameW
MoveFileW
GetFullPathNameW
CreateFileA
GlobalLock
GlobalAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetComputerNameExW
CreatePipe
GetTempPathA
DeleteFileA
CreateProcessA
OpenThread
SetUnhandledExceptionFilter
WriteProcessMemory
VirtualQuery
lstrlenA
GetTempPathW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleA
VirtualProtect
ExitThread
GetStartupInfoW
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetLocalTime
GetCPInfo
ReleaseMutex
GetSystemDefaultLangID
DeleteFileW
CreateFileW
GetFileSize
CloseHandle
MultiByteToWideChar
ReadFile
WaitForSingleObject
SetEvent
GetTickCount
Sleep
CopyFileW
GetVersionExW
CreateEventW
ResetEvent
DeleteCriticalSection
HeapFree
GetProcessHeap
InterlockedIncrement
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetLastError
GetCurrentProcess
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringW
RemoveDirectoryW
GetCommandLineW
GetUserDefaultUILanguage
LocalAlloc
GetCurrentThreadId
CreateFileMappingW
MapViewOfFileEx
LoadLibraryExW
CreateMutexW
OpenMutexW
InitializeCriticalSection
SetCurrentDirectoryW
RaiseException
lstrcmpiW
GetPrivateProfileIntW
GlobalMemoryStatus
lstrcmpW
InterlockedExchange
FreeResource
InterlockedCompareExchange
OpenFileMappingW
FreeLibrary
SetEndOfFile
GetCurrentProcessId
FindNextFileW
FlushFileBuffers
DeviceIoControl
SetFilePointer
GetPrivateProfileIntA
WritePrivateProfileStringA
CreateProcessW
SetErrorMode
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetExitCodeProcess
CreateThread
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
lstrcpynW
OpenProcess
GetVersion
WriteFile
QueryDosDeviceW
GetFileAttributesW
TerminateProcess
lstrlenW
WideCharToMultiByte
CreateDirectoryW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetModuleFileNameW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
LoadResource
LockResource
LocalFree
SizeofResource
FindResourceW
FindClose
FindFirstFileW
GetCurrentThread
GetModuleHandleW
SetFileAttributesW
SetLastError
FindResourceExW
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
InterlockedDecrement
WaitForMultipleObjects

user32

GetWindowTextLengthW
FrameRect
GetWindowTextW
FillRect
GetWindowDC
EqualRect
PtInRect
OffsetRect
DrawTextW
DefWindowProcW
DrawIconEx
PostMessageW
ClientToScreen
CreateWindowExW
MessageBoxW
FindWindowW
ExitWindowsEx
MessageBoxA
SendMessageTimeoutW
GetWindowThreadProcessId
GetForegroundWindow
AttachThreadInput
ShowWindow
CharNextW
SetWindowPos
SetForegroundWindow
CharUpperW
KillTimer
SetTimer
GetWindowLongW
SetWindowTextW
LoadCursorW
SetLayeredWindowAttributes
SetCursor
GetDC
TrackPopupMenu
GetDlgCtrlID
ReleaseCapture
CallWindowProcW
SendMessageW
RegisterClassExW
UnregisterClassA
DestroyWindow
SetWindowLongW
GetClassInfoExW
SetFocus
CharLowerW
IsWindow
TrackMouseEvent
RedrawWindow
PostQuitMessage
SetCapture
InvalidateRect
ReleaseDC
EndPaint
EnableWindow
GetActiveWindow
TranslateMessage
GetWindow
CopyRect
GetKeyState
BeginPaint
SetActiveWindow
IsWindowVisible
IsWindowEnabled
PostThreadMessageW
GetDlgItem
MoveWindow
GetMonitorInfoW
MonitorFromWindow
GetDesktopWindow
UpdateLayeredWindow
GetMessageW
GetParent
SetRect
DispatchMessageW
GetClientRect
MapWindowPoints
PeekMessageW
InflateRect
DrawFrameControl
LoadImageW
LoadIconW
CopyImage
SystemParametersInfoW
GetWindowRect
GetSystemMenu

gdi32

GetTextMetricsW
CreateSolidBrush
ExtSelectClipRgn
RectInRegion
Rectangle
RoundRect
CreatePen
MoveToEx
LineTo
ExtTextOutW
BitBlt
CreateBitmap
SetBkColor
CreateDIBSection
SetTextColor
StretchBlt
CombineRgn
SelectClipRgn
SetBkMode
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteDC
AddFontResourceW
DeleteObject

advapi32

RegOpenKeyExW
RegCloseKey
GetTokenInformation
GetNamedSecurityInfoW
InitializeAcl
GetSecurityInfo
CopySid
AddAce
SetSecurityInfo
SetNamedSecurityInfoW
GetAclInformation
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
LookupAccountNameW
GetAce
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
ConvertSidToStringSidW
DeleteService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
RegDeleteKeyW
SetEntriesInAclW
BuildExplicitAccessWithNameW
RegEnumKeyExW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
InitializeSecurityDescriptor
RegDeleteValueA
RegQueryValueExA
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
GetUserNameW
RegOpenKeyW
RegCreateKeyExW
IsValidSid
GetLengthSid

shell32

SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW
SHFileOperationW
ord680
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VariantInit
OleLoadPicture
VariantCopy
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

PathAddExtensionW
wnsprintfW
PathFileExistsA
PathAddBackslashA
PathIsRelativeW
StrCpyW
StrToIntA
PathRemoveExtensionW
PathFindFileNameW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
StrStrW
StrChrW
StrCatW
SHDeleteValueW
PathAddBackslashW
PathRemoveBackslashW
PathCanonicalizeW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

inet_addr
htons
htonl

wininet

HttpOpenRequestW
InternetSetOptionW
InternetConnectW
InternetQueryOptionW
HttpSendRequestW
InternetCrackUrlW
HttpAddRequestHeadersW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

Sections

.text
Size: 748KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

7b1b23d8c8e7ccb96e67b0744c45b320

Headers

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

wininet

userenv

psapi

wtsapi32

version

netapi32

Sections

.text Size: 748KB - Virtual size: 746KB

.rdata Size: 212KB - Virtual size: 208KB

.data Size: 20KB - Virtual size: 40KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 748KB - Virtual size: 746KB

.rdata
Size: 212KB - Virtual size: 208KB

.data
Size: 20KB - Virtual size: 40KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB