bf24a1d2748e8b1e9b28b68d24693d10

Sharing

Copy URL Twitter E-mail

General

Target

bf24a1d2748e8b1e9b28b68d24693d10
Size

104KB
MD5

bf24a1d2748e8b1e9b28b68d24693d10
SHA1

a6eb1d0a85ca1e3d1597c8e926207765d5d02696
SHA256

46fc7007d34af10031fc2aa9162798d3eb35d01552a45c81f29adb1313461d37
SHA512

4e43e06cfb34612d1e11a756c9a93382a302a780d0181abe467259ca095e7cfdf8ce3f17ebdd2007961b45eabede4241191b5a0764affbe1d46b10e9e79f16a6
SSDEEP

3072:whx1ZLr3lCm5eWUULny6CoTlNdo+PEZpZ:whXZFP5eWLTdo+cZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf24a1d2748e8b1e9b28b68d24693d10

Files

bf24a1d2748e8b1e9b28b68d24693d10
.exe windows:4 windows x86 arch:x86

d04b9fda9c1d987da29e79ffbfa1dc42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\vss\cvdi3\Acme\pvs2_0\devMD\components\src\hpodrend\Release\hpodrend.pdb

Imports

kernel32

DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
CloseHandle
lstrlenA
lstrcmpiA
lstrcpynA
GetFileAttributesA
lstrcpyA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleFileNameA
DeleteFileA
GetTickCount
InitializeCriticalSection
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
lstrcatA
Sleep
CreateThread
CreateEventA
GetCurrentThreadId
SetEvent
GetCommandLineA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetFileTime
InterlockedExchange
GetSystemTimeAsFileTime

user32

CharUpperA
LoadStringA
TranslateMessage
DispatchMessageA
GetMessageA
PostThreadMessageA
CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

ole32

CoTaskMemRealloc
ProgIDFromCLSID
StgOpenStorage
StgCreateDocfile
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

RegisterTypeLi
SysFreeString
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayCopy
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
VarBstrCmp
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen

shlwapi

PathFindExtensionA

msvcp70

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

msvcr70

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_c_exit
_onexit
exit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
_callnewh
memset
_wcsicmp
__p__fmode
_wtol
??0exception@@QAE@ABV0@@Z
realloc
_purecall
??_V@YAXPAX@Z
wcslen
memmove
vswprintf
_vscwprintf
_wcsupr
wcscspn
wcsspn
free
_except_handler3
_CxxThrowException
_cexit
_XcptFilter
__set_app_type
_controlfp
_wtoi
malloc
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
_exit

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d04b9fda9c1d987da29e79ffbfa1dc42

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp70

msvcr70

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 632B

.rsrc Size: 16KB - Virtual size: 76KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 632B

.rsrc
Size: 16KB - Virtual size: 76KB