81f44c6828a3ccf30f59c9077e6369a606b30ed7a7356493ec4a8a4d3bd538d6

Sharing

Copy URL Twitter E-mail

General

Target

81f44c6828a3ccf30f59c9077e6369a606b30ed7a7356493ec4a8a4d3bd538d6
Size

1.6MB
MD5

7b5795592165ffe74705d8db66cff5fa
SHA1

7e46b11dbd3ab6f5fe859b4b4c89c844c60b05e3
SHA256

81f44c6828a3ccf30f59c9077e6369a606b30ed7a7356493ec4a8a4d3bd538d6
SHA512

ff36ee381b1840ff19b4ee3057f4769edcd13563b9e7e9bb996821744fd2246fbe14427039b0ab5d35b8f4472629c8be76cd99a43091600a3760f83421c76613
SSDEEP

24576:aIevyqU+s+h+OARimNsqjnhMgeiCl7G0nehbGZpbD:iNs8x4XxDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81f44c6828a3ccf30f59c9077e6369a606b30ed7a7356493ec4a8a4d3bd538d6

Files

81f44c6828a3ccf30f59c9077e6369a606b30ed7a7356493ec4a8a4d3bd538d6
.exe windows:5 windows x86 arch:x86

c32404fcfcd710361ab9d9f72d717d6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WORKSPACE\99_Secure_login__SVN\ConquerAutoP\Release\AutoP.pdb

Imports

kernel32

WriteFile
FindNextFileA
GetOEMCP
GetCPInfo
GetUserDefaultLCID
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetFullPathNameA
CreateFileW
WriteConsoleW
SetEnvironmentVariableA
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
ReadConsoleW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
GetStringTypeW
LCMapStringW
OutputDebugStringW
FlushFileBuffers
FindFirstFileA
FindClose
GlobalFlags
FreeEnvironmentStringsW
SetEndOfFile
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentProcessId
SetEvent
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileAttributesExA
FileTimeToLocalFileTime
FormatMessageA
LocalFree
GlobalFree
GlobalUnlock
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
GetCurrentThreadId
GetCurrentThread
LoadLibraryW
GetModuleFileNameW
SetLastError
GetACP
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
FreeLibrary
LoadLibraryA
GetFileAttributesA
OutputDebugStringA
CreateDirectoryA
DeleteFileA
GetVersionExA
GetModuleHandleW
GetProcAddress
GetVolumeInformationA
WritePrivateProfileStringA
GetCurrentDirectoryA
CreateFileA
DeviceIoControl
InterlockedDecrement
GetCommandLineA
GetModuleHandleA
DisconnectNamedPipe
ReadFile
ConnectNamedPipe
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
TerminateThread
Sleep
WaitForSingleObject
CreateNamedPipeA
GetTickCount
Process32Next
Process32First
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateToolhelp32Snapshot
GetCurrentProcess
CloseHandle

user32

DestroyMenu
CharUpperA
LoadCursorA
GetSysColorBrush
GetSystemMetrics
ReleaseDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
InvalidateRect
SetTimer
RealChildWindowFromPoint
ClientToScreen
GetWindowThreadProcessId
SetCursor
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageA
CreateWindowExA
DestroyWindow
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
SetWindowTextA
IsWindowEnabled
ShowWindow
GetMonitorInfoA
KillTimer
GetClientRect
SetRectEmpty
OffsetRect
GetParent
PostMessageA
PostQuitMessage
GetSubMenu
GetMenuItemID
GetMenuItemCount
SendMessageA
GetScrollPos
GetWindowTextA
GetWindowLongA
GetWindow
RegisterWindowMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
IsWindow
IsMenu
MonitorFromWindow
WinHelpA
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowRect
RemovePropA
GetPropA
SetPropA
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
EnableWindow
SetWindowPos
GetCapture
GetKeyState
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
GetDlgItem
GetDlgCtrlID
GetFocus

gdi32

OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetDeviceCaps
SetBkColor
SetTextColor
CreateBitmap
DeleteObject
DeleteDC
Escape
GetClipBox
GetStockObject

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CreateProcessAsUserA
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA

ole32

CoTaskMemFree
CoCreateGuid
CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

VariantChangeType
VarUdateFromDate
SysAllocStringLen
VariantClear
VariantCopy
VariantInit
SysFreeString
SysAllocString

d3d9

Direct3DCreate9

iphlpapi

GetAdaptersInfo

ws2_32

socket
WSAStartup
WSAGetLastError
htons
inet_addr
connect
closesocket
send
recv
WSACleanup
inet_ntoa
gethostname
gethostbyname

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c32404fcfcd710361ab9d9f72d717d6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

d3d9

iphlpapi

ws2_32

oleacc

Sections

.text Size: 297KB - Virtual size: 296KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 7KB - Virtual size: 19KB

.gfids Size: 3KB - Virtual size: 2KB

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 297KB - Virtual size: 296KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 7KB - Virtual size: 19KB

.gfids
Size: 3KB - Virtual size: 2KB

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB