d6f693d73f23b84a223c66b7bba368f5

Sharing

Copy URL Twitter E-mail

General

Target

d6f693d73f23b84a223c66b7bba368f5
Size

641KB
MD5

d6f693d73f23b84a223c66b7bba368f5
SHA1

7029a27a390b61301c9f27d0979847a55cb3903b
SHA256

22f6fef50a1e906c7373425219f79a455723443e36ad0b9d1b85cd4e72dfbada
SHA512

9f8caf188291167aea3463086dcd50f248d96ecbd65441fffb7916ca79948ebc4ecc3fe32d6280e9d813a9c1ff430c902814398f642df39799dc0588163cf05a
SSDEEP

6144:rsuP9LxGXh7GzUm/CPzvCF3abQKqHRpdYpTavpxeYUUsUU369PSfTX0lQRlsMFu4:rdP9LxGaqvCBabqHZY9sxorNUB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6f693d73f23b84a223c66b7bba368f5

Files

d6f693d73f23b84a223c66b7bba368f5
.exe windows:4 windows x86 arch:x86

6f3da5e17118fa46d0b64f0f23b3b51d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PCC16\Src\Installer\Launcher\Remove\Win32\Release_L10N\Remove.pdb

Imports

kernel32

GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
HeapSize
ExitProcess
RtlUnwind
RaiseException
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
SetErrorMode
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalFlags
GetModuleHandleA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
InterlockedExchange
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
GetCurrentThreadId
HeapFree
GetProcessHeap
HeapAlloc
GetExitCodeProcess
CreateProcessW
GetVersionExW
OpenMutexW
ReleaseMutex
CreateMutexW
WaitForSingleObject
LoadLibraryW
WideCharToMultiByte
FreeLibrary
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
MultiByteToWideChar
lstrlenA
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
LockResource
SizeofResource
LoadResource
FindResourceW
lstrlenW
GetLastError
SetFileAttributesW
GetFileAttributesW
SetLastError
MoveFileExW
Sleep
GetTickCount
TerminateProcess
GetProcAddress
GetLongPathNameW
CreateDirectoryW
GetTempPathW
GetModuleHandleW
FindClose
GetSystemDirectoryW
FindNextFileW
FindFirstFileW
CloseHandle
GetWindowsDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameW
LocalFree
CopyFileW
IsValidCodePage

user32

ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetPropW
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
UnregisterClassW
DestroyMenu
GetClassInfoExW
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
GetCursorPos
ValidateRect
PostMessageW
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
MessageBoxW
CopyRect
UnregisterClassA

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
DeleteObject
PtVisible

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
GetSecurityDescriptorOwner
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetAclInformation
AddAce
InitializeAcl
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
IsValidSid
MakeSelfRelativeSD
GetLengthSid
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegFlushKey
RegCloseKey
CopySid
RegQueryValueExW

shlwapi

PathFindFileNameA
PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hhqg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6f3da5e17118fa46d0b64f0f23b3b51d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

.text Size: 180KB - Virtual size: 177KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 388KB - Virtual size: 386KB

.hhqg Size: 4KB - Virtual size: 4KB

.text
Size: 180KB - Virtual size: 177KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 388KB - Virtual size: 386KB

.hhqg
Size: 4KB - Virtual size: 4KB