011b5126f998cad490e36952f7464256ab941a99a5e4013acbfb7689b44457f0

Sharing

Copy URL Twitter E-mail

General

Target

011b5126f998cad490e36952f7464256ab941a99a5e4013acbfb7689b44457f0
Size

9.6MB
MD5

6bfcc50df1cf3204936c93fcc837f487
SHA1

f24a738f29122e9caebf1d2c60d106ee320dae34
SHA256

011b5126f998cad490e36952f7464256ab941a99a5e4013acbfb7689b44457f0
SHA512

19c79e71afe3fe52f44356101491ccfc5af9721fd822df3b622af9e4abef38280c059297d7fc08187bee0f08dd4778841a5e8fe9c5f6723d696355c299c9ac38
SSDEEP

196608:u9t57kOy5Am1aliGHyzNuG/NVQoLFOHvGdXMYLllKRPlfXe:5Oy5Am1JGHyzNuGlujQTKRdfXe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
011b5126f998cad490e36952f7464256ab941a99a5e4013acbfb7689b44457f0

Files

011b5126f998cad490e36952f7464256ab941a99a5e4013acbfb7689b44457f0
.exe windows:5 windows x86 arch:x86

08a0069d2dac43ee8e2143e8bf6e7008

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\STTool-Git-Develop\STTool\MPProgram_V5\Output\release\MPALL_F2_v200_00.pdb

Imports

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInfo
CM_Request_Device_EjectA
CM_Connect_MachineA
SetupDiGetClassDevsA
CM_Get_Sibling_Ex
CM_Get_Child_Ex
CM_Get_Parent
CM_Get_Sibling
CM_Get_Child
CM_Get_DevNode_Registry_PropertyA
CM_Locate_DevNodeA
CM_Disconnect_Machine
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
CM_Get_DevNode_Registry_Property_ExA

hid

HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetSerialNumberString
HidD_GetAttributes
HidD_GetHidGuid
HidP_GetCaps

inpout32

ord1
ord2

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA
StrToInt64ExA
StrToIntExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

GetFileTime
GetLocalTime
CreateEventA
SetCommMask
GetCommState
SetCommState
SetCommTimeouts
SignalObjectAndWait
WaitCommEvent
GetCommMask
SetLastError
ReleaseMutex
TerminateThread
lstrlenA
GetFileSizeEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemDefaultLangID
GetConsoleOutputCP
WriteConsoleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetFullPathNameW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
WinExec
GetACP
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStdHandle
SetHandleCount
HeapCreate
HeapSize
SetStdHandle
RaiseException
RtlUnwind
GetStartupInfoA
WaitForMultipleObjects
GetTempPathA
SetThreadLocale
SetFileAttributesA
GetCommandLineA
ExitProcess
HeapReAlloc
GetFileType
GetDriveTypeW
HeapAlloc
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
InterlockedIncrement
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetFileAttributesA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
CreateFileW
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
GetFullPathNameA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SuspendThread
SetThreadPriority
FormatMessageA
LocalFree
MulDiv
GetVersionExA
CreatePipe
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersion
InterlockedDecrement
GetTickCount
GetModuleFileNameA
GetShortPathNameA
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSection
GetComputerNameA
GlobalFree
GlobalAlloc
lstrcmpA
WriteFile
GetFileAttributesW
CreateProcessA
SetVolumeLabelA
VirtualFree
VirtualAlloc
DeviceIoControl
SetFilePointer
GetFileSize
ReadFile
CloseHandle
FindNextFileA
GetLogicalDrives
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
GetDriveTypeA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateFileA
GetDiskFreeSpaceA
GetVolumeInformationA
GetDiskFreeSpaceExA
ResumeThread
WaitForSingleObject
CreateDirectoryA
Sleep
DeleteFileA
CopyFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
OutputDebugStringA
OutputDebugStringW
MultiByteToWideChar
LocalAlloc
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetCurrentThreadId
GetLastError
LeaveCriticalSection
EnterCriticalSection
ResetEvent
SetEvent
WriteConsoleW
GetExitCodeProcess
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
FileTimeToSystemTime
GlobalUnlock
FileTimeToLocalFileTime
GlobalLock
GetCurrentProcessId
SetCurrentDirectoryA
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameW
GetWindowsDirectoryA
IsValidCodePage

winscard

SCardEstablishContext
SCardListReadersA
SCardConnectA
SCardDisconnect
SCardBeginTransaction
SCardTransmit
SCardEndTransaction
SCardStatusA

ws2_32

bind
WSAStartup
WSACleanup
ntohs
htonl
htons
getservbyname
inet_addr
gethostbyname
ntohl
gethostname
accept
shutdown
closesocket
getsockname
getpeername
socket
setsockopt
connect
listen
WSAGetLastError
__WSAFDIsSet
select
inet_ntoa
send
sendto
recv
recvfrom

rpcrt4

UuidCreateSequential

bch_sdk

BCH_1023_278_Decode

user32

UnregisterClassA
LoadCursorA
GetSysColorBrush
PostQuitMessage
CreateDialogIndirectParamA
EndPaint
BeginPaint
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextLengthA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
wsprintfW
SendMessageA
PostMessageA
wsprintfA
TranslateMessage
DispatchMessageA
FindWindowA
EnableWindow
DestroyCursor
DestroyMenu
DestroyIcon
GetWindowLongA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
ClientToScreen
WindowFromPoint
GetActiveWindow
GetWindowRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
GetWindow
CharUpperA
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
ValidateRect
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuItemID
GetMenuItemCount
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DrawEdge
GetClassLongA
WindowFromDC
SendMessageTimeoutA
GetDesktopWindow
SetActiveWindow
SetFocus
SetForegroundWindow
GetSubMenu
TrackPopupMenuEx
CopyRect
InflateRect
DrawFocusRect
GetClientRect
OffsetRect
DrawStateA
FillRect
GetSysColor
GetDC
ReleaseDC
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetDlgItem
GetCursorPos
MsgWaitForMultipleObjects
DrawIcon
GetSystemMetrics
IsIconic
RegisterDeviceNotificationA
LoadIconA
GetWindowTextA
GetClassNameA
PeekMessageA
IsWindow
UpdateWindow
RedrawWindow
MessageBoxA
KillTimer
PtInRect
ScreenToClient
GetMessagePos
SetTimer
FrameRect
EndDialog

gdi32

CreatePen
CreateSolidBrush
CreateDIBSection
GetObjectA
Rectangle
DeleteDC
CreateFontIndirectA
GetViewportOrgEx
SetViewportOrgEx
CreateFontA
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
GetTextExtentPoint32A
CreateRectRgn
ExtTextOutA
PtVisible
RectVisible
TextOutA
Escape
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
SetMapMode
SetBkMode
DeleteObject
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateBitmap
SelectObject
SaveDC
RestoreDC
SetBkColor
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegQueryValueExA
RegFlushKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA
SHCreateDirectoryExA

comctl32

_TrackMouseEvent

ole32

CoUninitialize
CoInitialize
OleRun
CoCreateInstance

oleaut32

VariantChangeType
VariantInit
SysAllocString
GetErrorInfo
VariantClear
SysFreeString

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipGetImageEncodersSize

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08a0069d2dac43ee8e2143e8bf6e7008

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

inpout32

shlwapi

version

netapi32

kernel32

winscard

ws2_32

rpcrt4

bch_sdk

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 141KB - Virtual size: 1.5MB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 141KB - Virtual size: 1.5MB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB