6881422e15c6e9f1135c52a2eed891035bcbfeedbd89745a224d9542eb8cf078

Sharing

Copy URL Twitter E-mail

General

Target

6881422e15c6e9f1135c52a2eed891035bcbfeedbd89745a224d9542eb8cf078
Size

288KB
MD5

98da349f5ff4e6e151a21a2788a1b234
SHA1

611092208c092a006761bf824c3ca541b5cf89fd
SHA256

6881422e15c6e9f1135c52a2eed891035bcbfeedbd89745a224d9542eb8cf078
SHA512

0f41b179987011c39eb2b2faf574a3963da77948355a0bb7b4aa09a9308d1449fe8316bb380e0a918e52864ea07d965ca96ce8a1f6e3428aa01473fc055b3047
SSDEEP

6144:criu143gGXEQ04ZXjoGPx8Mqm+WjUU4qCy:crilgeEQ04ZXYMqJi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6881422e15c6e9f1135c52a2eed891035bcbfeedbd89745a224d9542eb8cf078

Files

6881422e15c6e9f1135c52a2eed891035bcbfeedbd89745a224d9542eb8cf078
.exe windows:4 windows x86 arch:x86

654995014b6ab2ed64b5ff1a70bb8a2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Build\Upnprel90\Code\Source\Lib\Roxio\BinR\RoxioUpnpService9.pdb

Imports

ws2_32

WSASetLastError
getservbyport
ntohs
gethostbyaddr
htons
getservbyname
htonl
WSAIoctl
socket
inet_ntoa
gethostbyname
WSAGetLastError
gethostname
recvfrom
sendto
setsockopt
bind
select
WSACleanup
WSAStartup
WSASocketW
send
recv
connect
__WSAFDIsSet
listen
ioctlsocket
closesocket
getsockname
accept
inet_addr

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

SendARP

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FileTimeToSystemTime
MultiByteToWideChar
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
LocalAlloc
FormatMessageW
InterlockedDecrement
GetModuleFileNameW
EnterCriticalSection
InterlockedExchange
WideCharToMultiByte
SystemTimeToFileTime
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GlobalFree
GlobalUnlock
GlobalLock
GetFileAttributesW
InterlockedIncrement
ReleaseSemaphore
WaitForSingleObject
ExitThread
Sleep
SetEvent
WriteFile
GetTempFileNameW
GetTempPathW
CreateThread
CreateEventW
CreateSemaphoreW
GetLastError
GetTickCount
IsBadWritePtr
IsBadReadPtr
DeleteFileW
InitializeCriticalSection
DeleteCriticalSection
lstrcpyW
lstrcatW
QueryDosDeviceW
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
lstrcpynW
GetCurrentThreadId
DefineDosDeviceW
GetCommandLineW
ReadFileEx
WaitForSingleObjectEx
QueueUserAPC
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
lstrlenA
ExitProcess
GetModuleHandleA
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection

user32

LoadStringW
UnregisterClassW
wsprintfW
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
MessageBoxW
PostThreadMessageW

gdi32

SetStretchBltMode
CreateDIBSection
DeleteObject
GetObjectW
CreateCompatibleDC
DeleteDC
SelectObject
StretchBlt
SetDIBColorTable

advapi32

RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
ChangeServiceConfig2W
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CreateServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus

ole32

CoCreateInstance
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
OleRun
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitializeSecurity
StringFromGUID2

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
VarUdateFromDate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
VariantTimeToSystemTime
VarBstrFromDate
SafeArrayCreate
SafeArrayPutElement
SafeArrayRedim
LoadTypeLi
LoadRegTypeLi
VariantChangeType
SafeArrayDestroy
VariantClear
VariantInit
VarBstrCmp
SystemTimeToVariantTime
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shlwapi

PathRenameExtensionW
PathFindFileNameW
PathFileExistsW
PathRemoveExtensionW
PathAddBackslashW
PathFindExtensionW

cpscommontools9

?SetProtocol@CMGIShellNameSplitter@@QAEXPBG@Z
??0CMGIShellNameSplitter@@QAE@PBGK@Z
?Compose@CMGIShellNameSplitter@@QAEPBGK@Z
??1CMGIShellNameSplitter@@UAE@XZ

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

sscanf
_putws
wcsncpy
wcscpy
wcsncmp
_wtoi
_atoi64
printf
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
pow
atof
rand
atoi
_strtoui64
strtol
_errno
exit
time
srand
strncmp
_assert
wcsftime
_strnicmp
tolower
isalpha
atol
_wtol
memcmp
_except_handler3
_resetstkoflw
realloc
__CxxFrameHandler
strcat
sprintf
strchr
strtoul
strcmp
strncpy
strlen
calloc
strcpy
_purecall
??3@YAXPAX@Z
memmove
??_V@YAXPAX@Z
malloc
memset
wcslen
abs
wcscspn
wcsspn
fprintf
_iob
_getcwd
ftell
_controlfp
fclose
fopen
fread
_stricmp
strstr
_strcmpi
free
_CxxThrowException
memcpy
wcscmp
_wcsicmp
wcsstr
wcschr
wcsrchr
_wcslwr
_vscwprintf
vswprintf
fseek

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc
GdipCloneImage
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipGetImagePixelFormat

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

654995014b6ab2ed64b5ff1a70bb8a2b

Headers

File Characteristics

PDB Paths

Imports

ws2_32

version

iphlpapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

cpscommontools9

msvcp71

msvcr71

gdiplus

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 6KB