c0da18a0e9c79d740ab1ee9b7a6603c2

Sharing

Copy URL Twitter E-mail

General

Target

c0da18a0e9c79d740ab1ee9b7a6603c2
Size

772KB
MD5

c0da18a0e9c79d740ab1ee9b7a6603c2
SHA1

b0cdc6aa0fefc028b2f8d005f0697f01e9a27c0d
SHA256

23dc7e6ffea7ea4aa46b855e861ab486e033aa89f1ceafc04ccbbed9b3fb182c
SHA512

3e1d7197532219b237f3b5ef797301383f3e3f08d666d0e61fe99250448908376575de3032add4d5e258aec75e088618345479131adeed55c2897c0ada02acad
SSDEEP

24576:Jg1NmgPsjVCBmRSMgG6nBKM3oyEqUuTfX:nRSMP6nB13oVqUuTf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0da18a0e9c79d740ab1ee9b7a6603c2

Files

c0da18a0e9c79d740ab1ee9b7a6603c2
.exe windows:4 windows x86 arch:x86

14cbeb505567af9d26ca410d1b56dadf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn\ClientSourceForWindows\taskModule\src\TaskModule3.0\WebTest\LM_2_Release\WebTest.pdb

Imports

kernel32

HeapFree
ExitProcess
RtlUnwind
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetFileTime
LCMapStringW
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
GetFileAttributesA
SetThreadContext
GetThreadContext
FlushInstructionCache
InterlockedCompareExchange
SetErrorMode
WritePrivateProfileStringA
RaiseException
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
SuspendThread
ResumeThread
ConvertDefaultLocale
EnumResourceLanguagesA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
lstrcpynA
SetLastError
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
CreateEventA
ReadFile
ResetEvent
WaitForSingleObject
WriteFile
SetUnhandledExceptionFilter
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetStringTypeExA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
lstrcmpA
GetLastError
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcatA
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcpyA
lstrlenA
CloseHandle
GetCurrentProcessId
SetEvent
GetTickCount
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WinExec
CreateProcessW
CreateProcessA
LCMapStringA
GetCurrentThread

user32

RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ClientToScreen
wsprintfA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
CharNextA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
ShowWindow
GetClientRect
LoadStringA
SetTimer
KillTimer
PostMessageA
EnableWindow
SendMessageA
GetWindowThreadProcessId
FindWindowA
CharUpperA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
PostThreadMessageA
ModifyMenuA
ReleaseDC
GetDC
GetDesktopWindow
LoadIconA
GetWindow
PtInRect
CopyRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
UnregisterClassA
RegisterClassA
GetClassInfoA
EqualRect
GetParent
AdjustWindowRectEx
GetSysColor
GetMenuItemCount
GetMenuItemID

gdi32

CreateRectRgnIndirect
GetRgnBox
GetMapMode
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
DeleteObject
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetTextColor
GetBkColor
GetStockObject
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
GetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegFlushKey

shell32

ShellExecuteW
ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
StrStrIA

oledlg

ord8

ole32

CLSIDFromProgID
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoRegisterMessageFilter
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysFreeString
VariantInit
VariantCopy
SysStringLen
VariantChangeType
VariantClear
SysAllocStringLen
SafeArrayPutElement
SafeArrayCreate
OleCreateFontIndirect
SysAllocStringByteLen
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString

wininet

InternetQueryOptionA
HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetSetStatusCallbackW
InternetSetStatusCallbackA
InternetCloseHandle
FindCloseUrlCache
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetGetConnectedState
HttpSendRequestA
HttpSendRequestW
HttpOpenRequestA
HttpOpenRequestW
DeleteUrlCacheEntry

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP

ws2_32

closesocket
socket
WSAStartup
WSARecv
WSASend
getpeername
connect
ioctlsocket
htons
recv
setsockopt
inet_ntoa
select
gethostbyname
WSACleanup
send
inet_addr

winmm

midiOutMessage
midiOutShortMsg
midiStreamOpen
mciSendCommandW
midiInOpen
mciSendStringW
mciSendStringA
mmioOpenW
mmioOpenA
sndPlaySoundW
sndPlaySoundA
PlaySoundW
PlaySoundA
midiInStart
midiOutOpen
waveInMessage
waveInOpen
waveInStart
waveOutMessage
waveOutOpen
mciSendCommandA

Sections

.text
Size: 600KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14cbeb505567af9d26ca410d1b56dadf

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

ws2_32

winmm

Sections

.text Size: 600KB - Virtual size: 599KB

.rdata Size: 120KB - Virtual size: 118KB

.data Size: 20KB - Virtual size: 50KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 600KB - Virtual size: 599KB

.rdata
Size: 120KB - Virtual size: 118KB

.data
Size: 20KB - Virtual size: 50KB

.rsrc
Size: 28KB - Virtual size: 24KB