8889d84d1dda3134dc7f351ab065b6761794fba487eb2af2e1054d4bd7ec77f4

Sharing

Copy URL Twitter E-mail

General

Target

8889d84d1dda3134dc7f351ab065b6761794fba487eb2af2e1054d4bd7ec77f4
Size

476KB
MD5

86adc7bc9087e9f0754aba2f87ad5d5f
SHA1

c95ea5ba953f969af15fdc7e8a08ffe51db3b8f8
SHA256

8889d84d1dda3134dc7f351ab065b6761794fba487eb2af2e1054d4bd7ec77f4
SHA512

7036efa47fe150528ff8d80039b0dee03802115802c9af2eb770bfe72f861a1b813931e8d5276b58611a6604ff0e8fb2b54ea5771354ca438fa3c4b1c3203bd0
SSDEEP

12288:krgXRDSpFWAvPyDyzctIl569XmqeLMfBobce:k+myDyz9lh9M9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8889d84d1dda3134dc7f351ab065b6761794fba487eb2af2e1054d4bd7ec77f4

Files

8889d84d1dda3134dc7f351ab065b6761794fba487eb2af2e1054d4bd7ec77f4
.exe windows:4 windows x86 arch:x86

964663f0d6901a8cab83ea6191782c7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_UP_SYSTEM_ONLY

PDB Paths

C:\partial\Procom\Integra.pd

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
CreateFileA
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
HeapSize
Sleep
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetLocaleInfoA
SetEndOfFile
RaiseException
CreateDirectoryA
GetCommandLineA
GetSystemDirectoryA
GetStartupInfoA
EnterCriticalSection
GetModuleFileNameA
SuspendThread
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
GetVersionExA
GetCurrentProcessId
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteFile
ExitProcess
HeapReAlloc
VirtualAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetSystemTimeAsFileTime
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
VirtualFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapCreate
HeapDestroy
SetFilePointer
CloseHandle
SetConsoleTitleA
GetProfileStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetExitCodeProcess
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
ReadFile
GetCurrentProcess
InterlockedDecrement
GetLastError
MultiByteToWideChar
LeaveCriticalSection

user32

IsWindow
GetDlgItem
AppendMenuA
GetMenu
LoadImageA
GetSystemMetrics
wsprintfA
PostQuitMessage
SetWindowTextA
GetWindowRect
GetDesktopWindow
GetClientRect
EnableMenuItem
CreatePopupMenu
InvalidateRect
SetCapture
CreateMenu
GetWindow
SendMessageA
ExitWindowsEx
InflateRect
OffsetRect
RegisterHotKey
DialogBoxParamA
LoadBitmapW
SetTimer
CreateWindowExA
GetSystemMenu
RegisterClassA
GetScrollPos
GetScrollRange
IsDlgButtonChecked
BeginPaint
ValidateRect
EndPaint
DefWindowProcA
GetDC
ReleaseDC
SendDlgItemMessageA
EndDialog
CheckDlgButton
IsWindowEnabled

gdi32

CreateCompatibleDC
GetObjectA
SelectObject
CreateCompatibleBitmap
SetBkColor
BitBlt
GetBkColor
SetTextColor
DeleteObject
DeleteDC
SetMapMode
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
LineTo
MoveToEx
CreatePen
SetDIBits
GetStockObject
ExtTextOutA
CreateSolidBrush

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
OpenProcessToken

shell32

SHGetFolderPathA
SHBrowseForFolderA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString

odbc32

ord24
ord75
ord39
ord7
ord36
ord76
ord30

ws2_32

getnameinfo

netapi32

NetWkstaGetInfo

psapi

GetProcessMemoryInfo
EnumPageFilesA

avifil32

AVIFileInit
AVISaveVA
AVISaveOptionsFree
AVIStreamRelease
AVIFileExit
AVISaveOptions
AVIMakeStreamFromClipboard

iphlpapi

GetAdaptersAddresses
GetIcmpStatistics
GetIfEntry
GetFriendlyIfIndex

comctl32

ImageList_AddMasked
ImageList_Create
ord6

gdiplus

GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipFree
GdipAlloc

urlmon

FaultInIEFeature

Exports

Exports

Out

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

964663f0d6901a8cab83ea6191782c7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

ws2_32

netapi32

psapi

avifil32

iphlpapi

comctl32

gdiplus

urlmon

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 296KB - Virtual size: 295KB

.htext Size: 24KB - Virtual size: 24KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 296KB - Virtual size: 295KB

.htext
Size: 24KB - Virtual size: 24KB