037d89d1236e175c2a4d0fa81c8f539c334e389d80ffb1a679a638d2d726057c

Sharing

Copy URL Twitter E-mail

General

Target

037d89d1236e175c2a4d0fa81c8f539c334e389d80ffb1a679a638d2d726057c
Size

927KB
MD5

a3872c1de5a037f9918d141411b100aa
SHA1

d9ccfa1d8eda6ac8da6c77595902f6d0aa496a55
SHA256

037d89d1236e175c2a4d0fa81c8f539c334e389d80ffb1a679a638d2d726057c
SHA512

6245e3b46e997fa269f4548712d641143d9aebde2435104407b497bffe312b0fd2d1ca64ca676ab3b1336363ecada0eb52c63323a406e88ac0128ace4a207d40
SSDEEP

24576:1NqS2NlyhIHZJ+Y+reV935g8ztsCvgeBPRKAHfeSs:jZ7q3vsC/BPRnGSs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
037d89d1236e175c2a4d0fa81c8f539c334e389d80ffb1a679a638d2d726057c

Files

037d89d1236e175c2a4d0fa81c8f539c334e389d80ffb1a679a638d2d726057c
.exe windows:5 windows x86 arch:x86

639a17ce3af16d99917c4d4d7ea2f026

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\download_mgr\Release\flv_std_installer.pdb

Imports

kernel32

CreateMutexW
LocalFree
DebugBreak
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
ExitProcess
HeapCreate
RtlUnwind
GetConsoleCP
SetStdHandle
MoveFileA
DeleteFileA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
VirtualAlloc
SetLastError
FlushInstructionCache
FormatMessageW
WideCharToMultiByte
VirtualFree
GetCurrentProcess
GetPrivateProfileSectionW
GetCurrentProcessId
GetVersion
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
GetLocalTime
EnterCriticalSection
GetProcAddress
GetLastError
GetPrivateProfileIntW
RaiseException
GlobalUnlock
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
Sleep
TerminateThread
LoadLibraryW
GlobalAlloc
InitializeCriticalSection
GetPrivateProfileStringW
GetTickCount
GetModuleHandleW
OutputDebugStringW
WaitForSingleObject
GlobalLock
InterlockedDecrement
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
SystemTimeToFileTime
DosDateTimeToFileTime
GetStdHandle
GetStartupInfoW
CreateFileA
UnregisterWaitEx
GetExitCodeProcess
GetLongPathNameW
ReadDirectoryChangesW
SetEvent
InterlockedCompareExchange
InterlockedIncrement
LoadLibraryExW
LoadResource
QueryPerformanceFrequency
GetCurrentDirectoryW
QueryPerformanceCounter
FormatMessageA
GetModuleHandleA
ReadConsoleInputW
DuplicateHandle
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
WriteConsoleW
SetConsoleCursorPosition
ReadConsoleA
SetConsoleTextAttribute
GetNumberOfConsoleInputEvents
WriteConsoleInputW
SetNamedPipeHandleState
FlushFileBuffers
ReadFile
CreateNamedPipeW
ConnectNamedPipe
PeekNamedPipe
SetConsoleCtrlHandler
InterlockedExchange
CancelIo
RegisterWaitForSingleObject
CreateEventA
SetHandleInformation
UnregisterWait
QueueUserWorkItem
PostQueuedCompletionStatus
GetFileType
GetConsoleMode
CreateIoCompletionPort
GetQueuedCompletionStatus
SetErrorMode
ReleaseMutex
CreateThread
TerminateProcess
DeviceIoControl
GetFileAttributesA
LockResource
CreateFileW
GetVersionExW
WriteFile
FreeResource
SetFilePointer
FreeLibrary
FindResourceW
lstrlenA

user32

CallWindowProcW
GetMonitorInfoW
DrawFrameControl
UnregisterClassA
GetSystemMetrics
AttachThreadInput
GetForegroundWindow
SystemParametersInfoW
AllowSetForegroundWindow
GetWindowThreadProcessId
DestroyIcon
SetWindowTextW
EnableWindow
MapWindowPoints
IsWindowVisible
ReleaseCapture
MessageBoxW
PostThreadMessageW
GetKeyNameTextW
CreateWindowExW
FrameRect
ShowWindow
SetLayeredWindowAttributes
GetCursorPos
RedrawWindow
GetDlgItem
MonitorFromWindow
GetWindowTextW
BringWindowToTop
InvalidateRect
LoadIconW
RegisterClassExW
GetClassInfoExW
PtInRect
CopyRect
SetFocus
GetClientRect
IsWindowEnabled
LoadCursorW
TrackMouseEvent
GetParent
GetFocus
SetForegroundWindow
DrawIconEx
GetKeyState
IsZoomed
KillTimer
PostMessageW
SetCapture
IsChild
FillRect
GetWindowDC
PostQuitMessage
SetActiveWindow
GetWindowRect
SetTimer
SetWindowRgn
MapVirtualKeyW
UpdateLayeredWindow
GetWindowTextLengthW
SetCursor
ClientToScreen
EndPaint
FindWindowW
GetWindow
MoveWindow
DestroyWindow
ScreenToClient
PeekMessageW
ReleaseDC
SetWindowLongW
SetWindowPos
LoadStringW
GetActiveWindow
IsWindow
EqualRect
PrintWindow
SendMessageW
DefWindowProcW
DispatchMessageW
GetMessageW
CharNextW
GetDC
TranslateMessage
InflateRect
OffsetRect
SetRect
BeginPaint
GetWindowLongW

gdi32

GetObjectW
CreateRectRgn
GetStockObject
OffsetViewportOrgEx
RestoreDC
SelectClipRgn
DeleteObject
SetBkMode
SetBkColor
CreateFontIndirectW
DeleteDC
BitBlt
SaveDC
GetClipRgn
CreateSolidBrush
GetObjectA
IntersectClipRect
ExtSelectClipRgn
CreateRoundRectRgn
RectInRegion
CreateRectRgnIndirect
ExcludeClipRect
CreateDIBSection
SetTextColor
ExtTextOutW
CreateCompatibleBitmap
CreatePolygonRgn
CreateCompatibleDC
SelectObject

advapi32

RegQueryValueExW
CryptDestroyHash
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
CryptHashData
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam

shell32

DragQueryFileW
ord165
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFileInfoA

ole32

CoUninitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
ReleaseStgMedium
DoDragDrop
CoTaskMemFree
OleDuplicateData
CoTaskMemAlloc
RegisterDragDrop
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

StrToIntA
PathFileExistsA
StrCmpW
StrToIntW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

winmm

timeGetTime

gdiplus

GdipGetPropertyItem
GdipSetLinePresetBlend
GdipCreateSolidFill
GdipTranslateMatrix
GdipDisposeImageAttributes
GdipAlloc
GdipDisposeImage
GdipResetWorldTransform
GdipDeletePath
GdipTransformPath
GdipDeleteRegion
GdipRotateMatrix
GdipGetPathPointsI
GdipCreateImageAttributes
GdipGetPropertyItemSize
GdipSetCompositingMode
GdipTranslateWorldTransform
GdipCreateRegion
GdipCreateFromHDC
GdipGetPixelOffsetMode
GdipSetCompositingQuality
GdipImageGetFrameDimensionsCount
GdipFillPath
GdipAddPathLineI
GdipSetInterpolationMode
GdipCombineRegionRegion
GdipFillRectangleI
GdipCloneImage
GdipSetClipPath
GdipDrawLineI
GdipCreatePath
GdipGetImageWidth
GdipCreatePen1
GdipCreateTexture2I
GdipAddPathPieI
GdipDrawRectangleI
GdipImageGetFrameCount
GdiplusStartup
GdipSetStringFormatFlags
GdipCreateFontFromLogfontA
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromHICON
GdipMeasureString
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipSetStringFormatAlign
GdipImageSelectActiveFrame
GdipGetTextRenderingHint
GdipDrawString
GdipCreateRegionRectI
GdipImageGetFrameDimensionsList
GdipSetImageAttributesWrapMode
GdipAddPathBezierI
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetClip
GdipDrawPath
GdipCreateMatrix
GdipTranslateTextureTransform
GdipDrawImageRectRectI
GdipGetImageHeight
GdipCreatePath2
GdipSetLineTransform
GdipCloneBrush
GdipCreateLineBrushFromRectI
GdipGetInterpolationMode
GdipCreateStringFormat
GdipDeletePen
GdipSetClipRegion
GdiplusShutdown
GdipLoadImageFromStream
GdipDeleteBrush
GdipDeleteMatrix
GdipFree
GdipSetPenDashStyle
GdipSetStringFormatHotkeyPrefix
GdipImageRotateFlip
GdipCreateFontFromDC
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipGetPointCount
GdipSetPixelOffsetMode

iphlpapi

GetAdaptersInfo

ws2_32

closesocket
inet_addr
GetAddrInfoW
FreeAddrInfoW
getsockopt
socket
bind
setsockopt
shutdown
WSAGetLastError
WSASend
WSARecv
WSAIoctl
ioctlsocket
WSARecvFrom
WSASetLastError
WSAStartup
select
htons

Sections

.text
Size: 650KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

639a17ce3af16d99917c4d4d7ea2f026

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

winmm

gdiplus

iphlpapi

ws2_32

Sections

.text Size: 650KB - Virtual size: 649KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 55KB - Virtual size: 55KB

.text
Size: 650KB - Virtual size: 649KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 55KB - Virtual size: 55KB