bdd81bef458bb8587535bf2296163f5b

Sharing

Copy URL Twitter E-mail

General

Target

bdd81bef458bb8587535bf2296163f5b
Size

718KB
MD5

bdd81bef458bb8587535bf2296163f5b
SHA1

c502edd42aa1d7d2e9bf2bd3d1ac5df62027a3f8
SHA256

097227d8183a805d5700b363448479320f39ced70ed2351bf81ca59e38e44674
SHA512

96567050c043b5a105e6854f2874283a14464214533851cf66661b1f3566061462e8a5040500e51171a8d31c1b802c01a980d3e706f1d55d0965038a813d9c7a
SSDEEP

12288:0Utpu8gK3geWu8D3k7U0ikn91HacEQMiIxt9FM1K:0kXge/8D3x0XnnacEP7xt9Ff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdd81bef458bb8587535bf2296163f5b

Files

bdd81bef458bb8587535bf2296163f5b
.exe windows:5 windows x86 arch:x86

c0194743e6863ad7510d240712b97d42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\REL_2010_Q1\setup-oem\setup32\ReleaseUnicode\Setup32.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserW

mfc90u

ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord3286
ord4910
ord3489
ord797
ord595
ord611
ord2283
ord1719
ord4660
ord3654
ord778
ord265
ord2360
ord2069
ord3445
ord6635
ord2904
ord6604
ord6579
ord6577
ord6807
ord6311
ord4682
ord5152
ord5661
ord4664
ord1492
ord6408
ord3353
ord1675
ord1809
ord1810
ord2208
ord5324
ord5168
ord4632
ord5632
ord4608
ord5277
ord5047
ord5508
ord5511
ord5510
ord2901
ord4741
ord1183
ord2537
ord2106
ord3543
ord1354
ord2597
ord3488
ord3537
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord3682
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4652
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord1665
ord2274
ord4324
ord1137
ord2676
ord5939
ord4490
ord4519
ord2695
ord2478
ord5979
ord4518
ord6013
ord4405
ord935
ord938
ord2479
ord4494
ord1607
ord285
ord374
ord639
ord1779
ord1708
ord3627
ord750
ord1938
ord6659
ord6687
ord5008
ord524
ord1272
ord744
ord5182
ord3515
ord1169
ord5231
ord4739
ord5509
ord6760
ord5301
ord4026
ord542
ord753
ord538
ord3907
ord1405
ord2224
ord1709
ord5662
ord4700
ord1640
ord4692
ord6804
ord2612
ord4740
ord2654
ord1248
ord1096
ord2630
ord2375
ord2368
ord1641
ord6802
ord1728
ord4174
ord3953
ord4044
ord1262
ord6636
ord1149
ord2593
ord3741
ord1533
ord6096
ord4131
ord1383
ord2372
ord3768
ord3622
ord333
ord5867
ord6094
ord6095
ord2592
ord4527
ord4410
ord4541
ord6109
ord1018
ord4543
ord6065
ord5011
ord4027
ord549
ord756
ord3908
ord6275
ord2910
ord2057
ord654
ord3528
ord3621
ord6527
ord6098
ord5535
ord663
ord404
ord1108
ord613
ord337
ord3486
ord2595
ord1689
ord3158
ord4270
ord3146
ord4171
ord3220
ord1599
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord3670
ord2447
ord794
ord589
ord4043
ord4967
ord4040
ord686
ord436
ord791
ord6349
ord3665
ord3375
ord5925
ord6158
ord1458
ord3794
ord6187
ord1064
ord1100
ord1250
ord1254
ord405
ord664
ord2209
ord3399
ord2504
ord4631
ord3217
ord909
ord811
ord4442
ord286
ord266
ord799
ord280
ord3185
ord813
ord600
ord296
ord4681
ord4348
ord2891
ord4071
ord4081
ord4080
ord2764
ord2893
ord2774
ord2966
ord4728
ord3112
ord2983
ord2771
ord801
ord5167
ord5653
ord4000

msvcr90

_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
clock
_snwprintf_s
_vsnwprintf_s
strtoul
_wsopen
_lseek
_filelength
calloc
_purecall
_CxxThrowException
strnlen
wcstombs
_configthreadlocale
atoi
__CxxFrameHandler3
_wsplitpath_s
iswalnum
iswspace
vswprintf_s
_wfopen_s
srand
rand
swprintf_s
wcscat_s
swscanf_s
wcsncat_s
wcscpy_s
wcsncpy_s
wcsncmp
fseek
fgets
_errno
strchr
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strtok_s
wcscpy
strstr
strlen
sscanf
_wgetenv
_wchdir
_wgetcwd
_wcsdup
realloc
printf
free
_wtoi
_swprintf
_waccess
wcsrchr
_wcsicmp
malloc
_wcsupr
wcsncpy
?_wsopen@@YAHPB_WHHH@Z
_eof
_read
_wfopen
fputws
fclose
wcsncat
_snwprintf
wcsstr
_wchmod
_wsplitpath
feof
fgetws
_itow
_wunlink
_wcslwr
_wrename
wcschr
swscanf
fwrite
_time64
?_wopen@@YAHPB_WHH@Z
_close
wcscat
wcslen
memset
fread
mbstowcs
_snprintf
strncat
strncpy
memmove_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
memcpy_s
fputc
fflush
wcscmp
memcpy

kernel32

LocalAlloc
GetCurrentThread
VerifyVersionInfoW
VerSetConditionMask
WaitForSingleObject
GlobalAlloc
GlobalFree
GetComputerNameW
LoadLibraryExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ReadFile
SetLastError
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetErrorMode
InitializeCriticalSection
QueryDosDeviceW
WideCharToMultiByte
RaiseException
GetLastError
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
LoadLibraryA
ExpandEnvironmentStringsA
MultiByteToWideChar
WriteFile
GetCurrentProcess
ReleaseMutex
CreateMutexW
GetLocaleInfoW
GetDriveTypeW
LocalFree
GetStartupInfoW
CreateProcessW
lstrcpyW
lstrcpynW
GetSystemDirectoryW
TerminateProcess
OpenProcess
lstrlenW
CreateEventW
SetEvent
OpenEventW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetLocalTime
GetTimeFormatW
GetDateFormatW
GetSystemTime
GetFileTime
GetTickCount
SystemTimeToFileTime
FindResourceW
GetExitCodeProcess
GetVersionExW
OutputDebugStringW
GetTempPathW
GetDiskFreeSpaceExW
PulseEvent
FindResourceExW
ExpandEnvironmentStringsW
RemoveDirectoryW
WritePrivateProfileStringW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
MulDiv
GetCurrentThreadId
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
CopyFileW
CreateDirectoryW
GetShortPathNameW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
GetPrivateProfileStringW
GetProcAddress
GetModuleHandleW
GetFileSize
CreateFileW
CloseHandle
LoadLibraryW
Sleep
GetCommandLineW
FreeLibrary

user32

LoadStringW
ExitWindowsEx
GetActiveWindow
LoadCursorW
SetCursor
SetRectEmpty
UpdateWindow
FillRect
DrawIconEx
CopyRect
InflateRect
DrawStateW
GetFocus
LoadIconW
ReleaseDC
GetDC
LoadImageW
wsprintfW
GetForegroundWindow
AttachThreadInput
DestroyIcon
GetLastActivePopup
GetDesktopWindow
MapDialogRect
SetRect
ReleaseCapture
SetCapture
PtInRect
ScreenToClient
IsWindow
SetWindowLongW
RegisterWindowMessageW
IsChild
InvalidateRect
GetClassNameW
OffsetRect
SetClassLongW
GetClassLongW
MessageBeep
GetWindowThreadProcessId
GetMessagePos
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
GetParent
PostMessageW
KillTimer
GetWindowRect
EnableWindow
MessageBoxW
SetFocus
SetWindowPos
SetForegroundWindow
SendMessageW

gdi32

CreateSolidBrush
GetStockObject
CreatePalette
SetDIBitsToDevice
StretchDIBits
RealizePalette
GetDIBits
GetObjectW
CreateFontW
CreateFontIndirectW
CreatePen
RoundRect
GetTextExtentPoint32W
GetPixel
SetPixel
GetDeviceCaps

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

QueryServiceConfigW
LookupPrivilegeValueW
LookupAccountNameW
EqualSid
AddAce
GetAclInformation
GetAce
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetFileSecurityW
ControlService
StartServiceW
DuplicateTokenEx
ImpersonateLoggedOnUser
SetThreadToken
GetTokenInformation
LookupAccountSidW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegSetValueExW
OpenProcessToken
GetUserNameW
CreateProcessAsUserW
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
GetSidSubAuthority
CopySid
IsValidSid
GetSidLengthRequired
InitializeSid
GetLengthSid
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
FileEncryptionStatusW
DecryptFileW
RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
RegCreateKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteKeyW
QueryServiceStatus
RegDeleteValueW
ChangeServiceConfigW
RegEnumValueW

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHBrowseForFolderW

shlwapi

ord176
PathIsDirectoryW

ole32

CoGetMalloc
CoCreateInstance
CoUninitialize
CoInitialize
StringFromIID

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wininet

InternetCheckConnectionW

rpcrt4

UuidCreate

ws2_32

WSCEnumProtocols
WSCDeinstallProvider
WSCGetProviderPath
WSACleanup
WSCInstallProvider
WSAStartup

comctl32

_TrackMouseEvent

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 136KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0194743e6863ad7510d240712b97d42

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

userenv

mfc90u

msvcr90

kernel32

user32

gdi32

comdlg32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp90

wininet

rpcrt4

ws2_32

comctl32

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 136KB - Virtual size: 3.3MB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 136KB - Virtual size: 3.3MB

.rsrc
Size: 96KB - Virtual size: 96KB