3dc957cb505fab629219f5b2fb379ea11b47a9c2e1e8c7dc607c2eb9591ee9e8

Sharing

Copy URL Twitter E-mail

General

Target

3dc957cb505fab629219f5b2fb379ea11b47a9c2e1e8c7dc607c2eb9591ee9e8
Size

4.8MB
MD5

fd4c26051f728126d8a1a438145407d0
SHA1

52aef96095823c1e792d16688eb4b1a540bfb0db
SHA256

3dc957cb505fab629219f5b2fb379ea11b47a9c2e1e8c7dc607c2eb9591ee9e8
SHA512

3c83415506ee7ecdaefdb845339b6193be1e69d0f7012b1d9f9b4b87a55c303451597372b7c776f296b624b414f2ae6f87507941ceaa50955bd5d52f549fa020
SSDEEP

49152:QBq6tMQBRjAQy39wRKB9wloj0EK/cXB5yFvgTt0XORMod3fGlGIDA/HH4UPkuldu:Evdv+t0EcDmPk2taKgnrP9kjExL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dc957cb505fab629219f5b2fb379ea11b47a9c2e1e8c7dc607c2eb9591ee9e8

Files

3dc957cb505fab629219f5b2fb379ea11b47a9c2e1e8c7dc607c2eb9591ee9e8
.exe windows:5 windows x86 arch:x86

1482a530feabcb807c2b9fe122d5613a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\work\ConvProfessional_install\rel\Setup.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GlobalLock
GlobalUnlock
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
MapViewOfFile
GetFileSizeEx
MoveFileExW
SetFileAttributesW
GetLongPathNameW
IsBadReadPtr
DeviceIoControl
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetVolumeInformationW
lstrlenA
lstrcpynA
GetFileAttributesExW
InitializeCriticalSection
FileTimeToSystemTime
SetErrorMode
GetNativeSystemInfo
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
CreateEventW
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetACP
GetEnvironmentVariableW
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetSystemDirectoryW
GetSystemInfo
GetWindowsDirectoryW
SetThreadLocale
GetThreadLocale
WTSGetActiveConsoleSessionId
lstrcmpA
Module32NextW
Module32FirstW
GetProcessId
lstrlenW
lstrcpyW
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetCurrentProcess
Thread32Next
Thread32First
SystemTimeToFileTime
GetSystemTime
GetVersionExW
CreateFileA
FlushFileBuffers
GetFileSize
OpenEventW
LocalAlloc
ReadFile
GetStartupInfoW
CreatePipe
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
Process32NextW
TerminateProcess
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
LocalFree
CopyFileW
Sleep
CreateThread
OutputDebugStringW
SetFilePointer
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileTime
SetFileTime
DeleteFileW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
LoadLibraryW
GetTickCount
RtlCaptureStackBackTrace
MulDiv
GetCurrentProcessId
OpenProcess
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
FreeResource
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
LoadLibraryExW
lstrcmpiW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
GetVersion
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DecodePointer
SetEnvironmentVariableW
OutputDebugStringA
WriteConsoleW
GetStdHandle

user32

SetTimer
DestroyWindow
KillTimer
GetWindowLongW
IsWindow
LoadCursorW
SendMessageW
PostQuitMessage
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
GetClientRect
GetWindowRect
MessageBoxW
MapWindowPoints
GetParent
GetWindow
LoadIconW
MonitorFromWindow
GetMonitorInfoW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
SetRectEmpty
EqualRect
SetCursor
ClientToScreen
GetCursorPos
PtInRect
ScreenToClient
GetDoubleClickTime
CopyRect
IntersectRect
PostMessageW
DrawTextW
LoadImageW
IsRectEmpty
GetIconInfo
DrawIconEx
FillRect
SystemParametersInfoW
BeginPaint
EndPaint
IsIconic
InvalidateRect
TrackMouseEvent
CharLowerBuffW
WaitForInputIdle
FindWindowExW
FindWindowW
SetClipboardData
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetFocus
SetCapture
ReleaseCapture
SetWindowRgn
EnableWindow
CallWindowProcW
DefWindowProcW
GetForegroundWindow
GetWindowTextW
SetForegroundWindow
IsWindowVisible
IsZoomed
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
SetWindowTextW
CloseClipboard
EmptyClipboard
OpenClipboard
UnregisterClassW
SetWindowLongW
wsprintfW
UpdateWindow
UpdateLayeredWindow
SetActiveWindow
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetSystemMetrics
MonitorFromPoint
ReleaseDC
GetDC
GetFocus
GetWindowTextLengthW

gdi32

RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
GetDeviceCaps
GetStockObject
SetBkColor
CreateRectRgn
CombineRgn
CreateRoundRectRgn
CreateSolidBrush
SetBitmapBits
CreatePen
StretchBlt
SetStretchBltMode
DeleteDC
BitBlt
SetPixel
CreateCompatibleDC
GetObjectW
CreateDIBSection
DeleteObject
SelectObject
SetTextColor
SetBkMode
Rectangle
CreateFontIndirectW
GetTextColor
GetCurrentObject
GetBitmapBits
SetTextCharacterExtra

advapi32

CryptReleaseContext
RegCreateKeyExW
RegDeleteKeyW
RegNotifyChangeKeyValue
RegConnectRegistryW
AccessCheck
MapGenericMask
DuplicateToken
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW
GetUserNameA
LookupAccountNameA
GetSidIdentifierAuthority
IsValidSid
GetLengthSid
SetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
EnumServicesStatusExW
CreateProcessAsUserW
DuplicateTokenEx
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueW
RegCreateKeyW
RegOpenKeyW
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptContextAddRef
CryptGenRandom
CryptAcquireContextW
CryptDestroyKey
DeleteService
ControlService
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceStatus
RegEnumKeyW
CloseServiceHandle
CreateServiceW
StartServiceW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey

shell32

SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathW
SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW
ord165
ShellExecuteW
SHGetPathFromIDListW

ole32

CoInitializeEx
OleRun
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid

oleaut32

VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VariantTimeToSystemTime
CreateErrorInfo
VarDateFromStr
VariantChangeType
GetErrorInfo
SysAllocString
SysAllocStringLen
SystemTimeToVariantTime
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SetErrorInfo
VariantClear
SysFreeString
SysStringLen

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathCombineW
StrCmpIW
PathRemoveBackslashW
wnsprintfA
SHDeleteValueW
SHSetValueW
SHDeleteKeyW
SHGetValueW
AssocQueryStringW
ord176
PathIsRootW
PathIsDirectoryW
PathCanonicalizeW
PathIsPrefixW
PathCommonPrefixW
PathRelativePathToW
StrFormatByteSizeW
PathSearchAndQualifyW
StrCpyNW
UrlGetPartW
StrToIntExW
PathFileExistsW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipCreateFont
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipDeleteFont
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipDeleteBrush

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetSetFilePointer

dbghelp

ImageDirectoryEntryToData
ImageNtHeader

crypt32

CryptStringToBinaryA
CryptBinaryToStringW
CryptBinaryToStringA
CertGetNameStringW
CryptStringToBinaryW

psapi

EnumProcessModules
GetModuleFileNameExW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

Netbios

wintrust

CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
WinVerifyTrust
WTHelperProvDataFromStateData

iphlpapi

GetAdaptersInfo
GetIpAddrTable

secur32

GetUserNameExW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1482a530feabcb807c2b9fe122d5613a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wininet

dbghelp

crypt32

psapi

wtsapi32

userenv

netapi32

wintrust

iphlpapi

secur32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 268KB - Virtual size: 268KB

.data Size: 19KB - Virtual size: 40KB

.gfids Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9.7MB - Virtual size: 9.7MB

.reloc Size: 67KB - Virtual size: 67KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 268KB - Virtual size: 268KB

.data
Size: 19KB - Virtual size: 40KB

.gfids
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9.7MB - Virtual size: 9.7MB

.reloc
Size: 67KB - Virtual size: 67KB