63262b1439536891f81a2fd882fc5c1c81f4d84817a7da754c816b00eb0984e3

Sharing

Copy URL Twitter E-mail

General

Target

63262b1439536891f81a2fd882fc5c1c81f4d84817a7da754c816b00eb0984e3
Size

268KB
MD5

d173a3a6141cc19dccd975433cba15a5
SHA1

31d9fdf6b2e4098dbf3b8b857582993c4e4b608a
SHA256

63262b1439536891f81a2fd882fc5c1c81f4d84817a7da754c816b00eb0984e3
SHA512

c90792605435ec9ac04b48b9785f46adadedc10249513d663a3ed667206b78cff9ce3321971bc83d4a3d746af5bc069ce93a0b97880c0f119fee5b6c08ef00ce
SSDEEP

3072:xJ3A3H1raL0+iQPZZwz3/sXQE3vC/wAQSFvk+qF5Mj2lJnMcKxrSl98JVopJ9Tzh:/3A3VzzIX7lS2+2RMN2n8JV6J9r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63262b1439536891f81a2fd882fc5c1c81f4d84817a7da754c816b00eb0984e3

Files

63262b1439536891f81a2fd882fc5c1c81f4d84817a7da754c816b00eb0984e3
.exe windows:4 windows x86 arch:x86

80c80430063d2906c83996d248b879ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\400\Release\ashMaiSv.pdb

Imports

wsock32

gethostbyname
ioctlsocket
htons
WSACleanup
htonl
inet_addr
gethostname
WSAStartup
select
closesocket
shutdown
recv
send
setsockopt
inet_ntoa
connect
bind
socket
accept
listen
ntohs
getsockname
WSAGetLastError

ashuint

_usiVirusWarn@4
_usiInitLibrary@4
_usiFreeLibrary@0
_usiGetVPSLabel@12
_usiMessage@20

ashbase

_basProductInfo@0
_basInitLibrary@4
_basCreateOSString@12
_basInitThreadLocale@0
_basLoadLanguage@4
_notInit@0
_notAddEvent@12
_notRemEvent@4
_notFree@0
_basFreeLibrary@0
_basGetProfileInt@12
_basGetProfileStringA@20
_basGetLanguagePath@0
_basGetDWORDValue@12
_basWriteProfileStringA@12

aavm4h

AavmCallVirusWarnMessage
AavmGetVpsProperty
AavmFree
AavmCheckRecvFileDlgSpecifyProcessID
AavmCheckFile
AavmCheckRecvFile
AavmCheckFileDlg
AavmCheckRecvFileDlg
AavmCheckFileDlgSpecifyProcessID

aswcmnb

fsGetAvastDataPath
??1CStr@@QAE@XZ
??0CStr@@QAE@PBD@Z
??BCStr@@QBEPBDXZ
?GetTempFile@CStr@@QAEKPAK@Z
??0CStr@@QAE@XZ
fsGetAvastLogPath

ahresmai

g_sConfigData
g_hProvider
GetState
x_SetServiceStateDirect

aswcmns

MD5Init
MD5Update
MD5Final
svcServiceInstallEx
base64Decode
base64Encode
svcServiceStart
svcServiceUninstall

aswcmnos

dep_fsCreateFolder
dep_secGetPublicDirSecurity
dep_osIsBasedOnNT
dep_strOemToAnsi

kernel32

HeapFree
OpenProcess
GetFileAttributesA
LoadLibraryExA
CreateThread
TerminateThread
GetExitCodeThread
WaitForSingleObject
lstrlenA
MapViewOfFile
UnmapViewOfFile
WriteFile
SetFilePointer
CreateFileA
GetFileSize
ReadFile
OpenEventA
GetModuleFileNameA
InitializeCriticalSection
CreateEventA
GetTimeFormatA
GetDateFormatA
GetLocalTime
GetSystemTime
ReleaseMutex
FormatMessageA
DeviceIoControl
LocalFree
ExitProcess
ResetEvent
GetVersionExA
CreateMutexA
WaitForMultipleObjects
GetShortPathNameA
DeleteFileA
MoveFileA
GetProcessHeap
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
CreateFileMappingA
GetModuleHandleA
lstrcpyA
LoadLibraryA
GetProcAddress
GetCurrentProcess
SetProcessWorkingSetSize
FindFirstChangeNotificationA
Sleep
FindNextChangeNotification
FindCloseChangeNotification
FreeLibrary
CloseHandle
GetLastError
HeapAlloc
SetEvent
lstrcatA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
DeleteCriticalSection

user32

MessageBoxA
DialogBoxParamA
EndDialog
SetForegroundWindow
SetTimer
PostMessageA
DestroyIcon
RegisterClassA
CreateWindowExA
LoadImageA
DefWindowProcA
PostQuitMessage
wsprintfA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
LoadStringA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenServiceA
StartServiceA
OpenSCManagerA
CloseServiceHandle

shell32

Shell_NotifyIconA

msvcp71

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

msvcr71

_mbsupr
time
_mbsstr
_mbsicmp
_mbsnbcmp
memchr
sprintf
_ismbcdigit
_ismbcalnum
_ismbcalpha
isdigit
strncmp
memmove
strstr
_strnicmp
_mbsinc
ftell
fseek
fgets
strrchr
strchr
fwrite
fread
difftime
localtime
strncat
_except_handler3
free
_mbctype
_getmbcp
_mbsrev
_mbscpy
memcmp
_open
strtoul
memset
_purecall
memcpy
strlen
malloc
_unlink
_errno
printf
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_strdup
_stricmp
_close
_write
_lseek
_read
_mbschr
_mbscspn
_mbsrchr
_mbsspn
_mbscmp
_mbsnbicmp
_mbsdec
_snprintf
fflush
fprintf
_strtime
_strdate
vfprintf
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
atoi
fclose
_CxxThrowException
??0exception@@QAE@ABV0@@Z
isalnum
_ismbblead
fopen
??_V@YAXPAX@Z
strncpy

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vadplle
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80c80430063d2906c83996d248b879ab

Headers

File Characteristics

PDB Paths

Imports

wsock32

ashuint

ashbase

aavm4h

aswcmnb

ahresmai

aswcmns

aswcmnos

kernel32

user32

advapi32

shell32

msvcp71

msvcr71

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 36KB - Virtual size: 36KB

vadplle Size: - Virtual size: 4KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 36KB - Virtual size: 36KB

vadplle
Size: - Virtual size: 4KB