df0b120e9aabe451bd2d25495f23ea42

General

Target

df0b120e9aabe451bd2d25495f23ea42
Size

738KB
MD5

df0b120e9aabe451bd2d25495f23ea42
SHA1

25981bc4f226d9e1e9e2b9259d9793b02a38cb0c
SHA256

07df00b66639b727513cea5aba9c3d79ec05464d528442a02730158747306a7d
SHA512

2006eb61472fc3aa7f03973f385c2ed273119525e7f67112f86ac8332fa13553c0cc96d78bfb4729f5dbf1153bf248a9d1f52f9d2b844d5ee9114b4879391add
SSDEEP

12288:hMB1ewVPS9jsAfIuEePu/rv8+ig/Yp1vrzBC8tMGyq6XXpZV1aGbUwm:0lVPqsAAuECu/bn/YLDzBCxGyq6XN1Nm

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/20120906[0].vc52
unpack001/20120906[6].vc52

Files

df0b120e9aabe451bd2d25495f23ea42
.zip
20120906[0].vc52
.exe windows:4 windows x86 arch:x86

b11c6cec0512d0ec2f8b6ce8f94efb61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libnsr

spawn

liblocal

lggethostname
utf8_unlink
lgsprintf
tokenize

kernel32

FreeLibrary
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCommandLineA
HeapCreate
UnhandledExceptionFilter
GetModuleFileNameA
SetEndOfFile
SetFilePointer
ReadFile
CloseHandle
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
FlushFileBuffers
SetStdHandle
HeapFree
HeapAlloc
GetStartupInfoA
GetVersion
ExitProcess
HeapDestroy
MultiByteToWideChar
VirtualFree
VirtualAlloc
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
WriteFile
GetStringTypeW
FreeEnvironmentStringsA
GetCPInfo
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType

advapi32

OpenSCManagerA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
CloseServiceHandle

user32

RegisterWindowMessageA
CharNextA
PostMessageA
LoadStringA
MessageBoxA

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
20120906[6].vc52
.exe windows:4 windows x86 arch:x86

72f16c3451313b22fb6f87f29f232d2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetDriveTypeA
GetCurrentProcessId
LocalFree
IsBadStringPtrW
ReleaseMutex
GetCurrentThreadId
GlobalFlags
GetPrivateProfileStringA
GetEnvironmentVariableW
HeapCreate
InitializeCriticalSection
TlsGetValue
FindAtomA
GetFileTime
LoadLibraryW
ReleaseMutex
CreateEventW
WriteFile
FindClose

user32

CreateWindowExA
IsWindow
EndDialog
GetSysColor
DispatchMessageA
GetClassInfoA
CallWindowProcW
GetSysColor
DrawTextA
GetKeyboardType
DrawStateW
SetFocus
GetClientRect

rastapi

DeviceDone
DeviceDone
DeviceDone
DeviceDone
DeviceDone

clbcatq

DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b11c6cec0512d0ec2f8b6ce8f94efb61

Headers

File Characteristics

Imports

libnsr

liblocal

kernel32

advapi32

user32

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 15KB

.rsrc Size: 19KB - Virtual size: 18KB

72f16c3451313b22fb6f87f29f232d2a

Headers

File Characteristics

Imports

kernel32

user32

rastapi

clbcatq

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1.2MB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 731KB - Virtual size: 730KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 15KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1.2MB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 731KB - Virtual size: 730KB