c68c85f263661406f52d330dc99007da

Sharing

Copy URL Twitter E-mail

General

Target

c68c85f263661406f52d330dc99007da
Size

244KB
MD5

c68c85f263661406f52d330dc99007da
SHA1

30865365563338a559edd8d3c46678bd14850d8a
SHA256

d3a9ee30db9d965a83038a4f0bc99ef5e813b56bb30a884e681ba70b1ee43d5e
SHA512

01bf4e603aa1b374b4de552e43613bff625955bbdac4f128330dd8341aaf2f685ce036b08eb4092433a2301fd079fc3c605548b3b87fe25afd5f2404b804740e
SSDEEP

3072:aE1f7NLI+ukYTxHouyi3/Plf86IRbGVRA8rVJjfbFrp4WDt6G8AQH8V2NJmBLlMq:JMkIVIRtoP7bJue6XAQVYWf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c68c85f263661406f52d330dc99007da

Files

c68c85f263661406f52d330dc99007da
.exe windows:4 windows x86 arch:x86

c1321232a9eb1100e18a3cbab621800d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DVLP\VS7.2003\Client\Hb4.0\4.6.2.0\_bin\Release_HbTools\WeatherOnTray.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

HeapAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpiA
GetLastError
MulDiv
lstrcmpA
WideCharToMultiByte
GetTickCount
SetLastError
GetCurrentProcessId
CloseHandle
ReadFile
GetFileSize
CreateFileA
Sleep
WaitForSingleObject
OpenEventA
CreateThread
CreateEventA
lstrcpynA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
SetEvent
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CreateProcessA
GetCommandLineA
WriteFile
UnmapViewOfFile
MoveFileA
GetSystemTime
TlsSetValue
TlsGetValue
SetFilePointer
OutputDebugStringA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
FileTimeToSystemTime
GetFileTime
TlsAlloc
ResumeThread
TerminateThread
SetUnhandledExceptionFilter
VirtualQuery
GetVersionExA
GetCurrentThread
GetProcAddress
LoadLibraryA
GetProcessHeap
CreateDirectoryA
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreA
CreateMutexA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetStringTypeA
HeapSize
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
QueryPerformanceCounter
TlsFree
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetLocalTime
GetStartupInfoA
GetSystemTimeAsFileTime
HeapReAlloc
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
LocalFree
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapFree
GetCurrentProcess
FlushInstructionCache
lstrcpyA
GetCurrentThreadId
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
MultiByteToWideChar
InterlockedDecrement
FormatMessageA
lstrlenA
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
IsBadWritePtr

user32

LoadStringA
SetPropA
UnregisterClassA
wsprintfA
PostMessageA
DispatchMessageA
TranslateMessage
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
SetWindowLongA
GetWindowLongA
DestroyWindow
SendMessageA
MoveWindow
GetClientRect
BeginPaint
EndPaint
ReleaseDC
InvalidateRect
GetMessageA
LoadMenuA
GetCursorPos
GetSubMenu
TrackPopupMenu
PostQuitMessage
CharUpperA
PostThreadMessageA
FindWindowA
SendMessageTimeoutA
ReplyMessage
GetSystemMetrics
GetForegroundWindow
LoadIconA
DestroyIcon
CreateIconIndirect
SetForegroundWindow
DrawTextA
EnumChildWindows
LoadBitmapA
CreateAcceleratorTableA
RemovePropA
CharNextA
GetParent
GetClassNameA
SetWindowPos
RedrawWindow
GetDlgItem
IsWindow
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
InvalidateRgn
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
CreateWindowExA
RegisterWindowMessageA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDesktopWindow
GetWindowRect
DefWindowProcA
CallWindowProcA
LoadCursorA
GetClassInfoExA
GetLastActivePopup
SetFocus
KillTimer
SetTimer
ShowWindow
IsWindowVisible

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
SetTextColor
SetBkMode
CreatePatternBrush
CreateBitmapIndirect
SelectObject

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

CoInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoUninitialize
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringByteLen
SysStringLen
VariantInit
VariantCopy
VariantClear
VariantChangeType
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SysAllocStringLen
OleCreateFontIndirect
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr

shlwapi

StrRChrA
StrToIntA
PathFindExtensionA

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1321232a9eb1100e18a3cbab621800d

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 3KB