bdf6dff30eed6231c0c7d29ff97cd43a

Sharing

Copy URL Twitter E-mail

General

Target

bdf6dff30eed6231c0c7d29ff97cd43a
Size

142KB
MD5

bdf6dff30eed6231c0c7d29ff97cd43a
SHA1

66c9d65c8dc0ca5002aa6e532d6ec697abc5e7f3
SHA256

34ff08739ac82821481ca3b9459076f212bb86bd800a0a2a1ca07dfc84670388
SHA512

0c5dcd5e0272b3dd601795a2176f4187bc0520165e248260c0eaaccb5bd117b69de392a3b7eeda38afe2160442e70d4695d4a213b42a4a6d1b57bf88b97504fd
SSDEEP

3072:H7/ABS+7I9t9cNxJVUdmGb4CO7U8P0MtZEnRIg:biSu2t9cNx/Upl+7Dz2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/info.scr

Files

bdf6dff30eed6231c0c7d29ff97cd43a
.zip
info.scr
.exe windows:5 windows x86 arch:x86

217f5269ccc2c49fff5005a361155272

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ScaleWindowExtEx
GetStringBitmapA
GetOutlineTextMetricsA
SetBkMode
GdiDescribePixelFormat
PathToRegion
EnumFontFamiliesExA
EngCheckAbort
SwapBuffers
GdiProcessSetup
DeleteEnhMetaFile
SetICMProfileA
SetMetaRgn
GetTextAlign
DdEntry24
DdEntry18
GdiEntry3
GdiEntry7
STROBJ_vEnumStart
SetColorAdjustment
PolyPolyline
GdiConvertMetaFilePict
GdiPlayEMF
GdiFullscreenControl
GdiPrinterThunk
PolyBezierTo
GetEnhMetaFilePixelFormat
EngLoadModule
SetGraphicsMode
ExtTextOutW
GetViewportOrgEx
ArcTo
GdiGetLocalDC
GetCharWidth32A
GdiConvertRegion
DdEntry12
GetKerningPairsW
SetPolyFillMode
DdEntry19
CreateRoundRectRgn
DdEntry38
GetRgnBox
GdiAddGlsBounds
GetGlyphIndicesA
GetFontLanguageInfo
RectVisible
EngStrokeAndFillPath
GdiEntry13
GetCharABCWidthsFloatW
ExtSelectClipRgn
GetCharWidthW
DdEntry20
FontIsLinked
FONTOBJ_pfdg
EngWideCharToMultiByte
GetFontResourceInfoW
GetKerningPairsA
GetCharWidthFloatW
SetBitmapBits
SaveDC
GetTextCharacterExtra
GdiEntry5
CombineTransform
GetPixelFormat
GetEUDCTimeStamp
SetDCBrushColor
FONTOBJ_cGetGlyphs
DdEntry44
GdiConvertPalette
DeleteObject
DdEntry28

msvcp60

??1?$moneypunct@D$00@std@@UAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?curr_symbol@?$_Mpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??0locale@std@@QAE@ABV01@@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??1?$numpunct@D@std@@UAE@XZ
?_Doraise@bad_alloc@std@@MBEXXZ
?denorm_min@?$numeric_limits@N@std@@SANXZ
??4?$numeric_limits@F@std@@QAEAAV01@ABV01@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?_Initcvt@?$basic_filebuf@GU?$char_traits@G@std@@@std@@IAEXXZ
?do_out@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?arg@std@@YANABV?$complex@N@1@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXPADPBD1@Z
??_7?$ctype@G@std@@6B@
?min@?$numeric_limits@J@std@@SAJXZ
?ldexp@?$_Ctr@N@std@@SANNH@Z
??8locale@std@@QBE_NABV01@@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??_Fmessages_base@std@@QAEXXZ
??4?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Mode@?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEHH@Z
?_Init@ios_base@std@@IAEXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
_Stof
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??1_Timevec@std@@QAE@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBGI@Z
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?min@?$numeric_limits@E@std@@SAEXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?neg_format@?$_Mpunct@D@std@@QBE?AUpattern@money_base@2@XZ
_FDenorm
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??1out_of_range@std@@UAE@XZ
??4?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??_F?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$moneypunct@D$00@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?do_encoding@codecvt_base@std@@MBEHXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??Kstd@@YA?AV?$complex@O@0@ABV10@0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??_7bad_typeid@std@@6B@
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?neg_format@?$_Mpunct@G@std@@QBE?AUpattern@money_base@2@XZ
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?length@?$codecvt@DDH@std@@QBEHAAHPBD1I@Z
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??1?$moneypunct@G$00@std@@UAE@XZ
?sgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEHPAGH@Z
??_D?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??9std@@YA_NABV?$complex@M@0@0@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??1?$moneypunct@D$0A@@std@@UAE@XZ
??Nstd@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?do_max_length@codecvt_base@std@@MBEHXZ
?do_truename@?$numpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Nanv@?$_Ctr@M@std@@SAMM@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBG@Z
??4overflow_error@std@@QAEAAV01@ABV01@@Z
?do_is@?$ctype@G@std@@MBE_NFG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z

kernel32

CreateMutexW
SetConsoleNlsMode
IsSystemResumeAutomatic
LocalSize
RegisterWaitForInputIdle
LZCopy
GetPrivateProfileStructA
GetStartupInfoW
DeleteCriticalSection
LockResource
CreateSemaphoreA
GetCommMask
CreateFileW
VirtualAlloc
HeapDestroy
GetProcessShutdownParameters
GetThreadTimes
RtlFillMemory
GetSystemDefaultUILanguage
GlobalFindAtomW
GlobalGetAtomNameW
EnterCriticalSection
LoadLibraryA
WriteConsoleOutputW
SetNamedPipeHandleState
HeapFree
InterlockedDecrement
GetVolumeNameForVolumeMountPointA
LeaveCriticalSection
GetVersionExW
GetNumberOfConsoleInputEvents
GetCPInfoExA
GetCurrentConsoleFont

msvcrt20

_flsbuf
??0ostrstream@@QAE@PADHH@Z
_mbsncpy
??_8iostream@@7Bostream@@@
?sync@stdiobuf@@UAEHXZ
iscntrl
_chdrive
??_Diostream@@QAEXXZ
_wmakepath
?bitalloc@ios@@SAJXZ
??_Gifstream@@UAEPAXI@Z
??_Eistream@@UAEPAXI@Z
?lockptr@ios@@IAEPAU_RTL_CRITICAL_SECTION@@XZ
??6ostream@@QAEAAV0@K@Z
??0strstreambuf@@QAE@PADH0@Z
_tcschr
putc
free
?_query_new_mode@@YAHXZ
malloc
_mbscat
??_GIostream_init@@QAEPAXI@Z
?open@ifstream@@QAEXPBDHH@Z
?stossc@streambuf@@QAEXXZ
_findfirst
iswxdigit
strspn

odbc32

SQLSpecialColumnsW
SQLAllocEnv
SQLSetStmtAttrA
SQLGetStmtAttr
SQLGetStmtOption
SQLExecDirectA
SQLFetchScroll
CursorLibLockStmt
SQLTransact
GetODBCSharedData
SQLDescribeColW
SQLGetFunctions
SQLGetDescRecW
SQLGetDiagRecA
SQLColAttribute
SQLProceduresA
SQLBulkOperations
LockHandle
SQLDriversW
SQLCopyDesc
SQLGetDescField
SQLGetConnectAttr
PostODBCError
g_hHeapMalloc
SQLProcedureColumnsA
SQLColumnsW
SQLTablePrivileges
SQLForeignKeysW
ODBCQualifyFileDSNW
SQLSetConnectOptionW
SQLConnectA
SQLExecDirectW
SQLSetConnectAttrW
SQLColumnPrivilegesW
SQLErrorW

netapi32

NetServiceEnum
NetUserGetLocalGroups
NetpCleanFtinfoContext
NetLocalGroupDelMembers
NetDfsGetClientInfo
NetapipBufferAllocate
DsAddressToSiteNamesExA
NetUserSetInfo
NetAddAlternateComputerName
NetShareSetInfo
RxNetServerEnum
NetReplImportDirUnlock
NetLocalGroupAddMembers
NetDfsEnum
NetDfsAddFtRoot
NetGroupGetUsers
NetMessageBufferSend
NetMessageNameEnum
I_NetAccountDeltas
NetShareGetInfo
NetpIsRemote
I_BrowserQueryStatistics
NetpInitFtinfoContext
DsAddressToSiteNamesA
DsRoleDcAsDc
NetReplImportDirEnum
NetDfsAdd
NetUseAdd
NetUserChangePassword
DsEnumerateDomainTrustsA
DsRoleFreeMemory

msvcrt

exit

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

217f5269ccc2c49fff5005a361155272

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

msvcp60

kernel32

msvcrt20

odbc32

netapi32

msvcrt

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 60KB - Virtual size: 255KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 976B

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 60KB - Virtual size: 255KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 976B