e248c1c059afa642933e464ff7ac9b59

Sharing

Copy URL Twitter E-mail

General

Target

e248c1c059afa642933e464ff7ac9b59
Size

1.0MB
MD5

e248c1c059afa642933e464ff7ac9b59
SHA1

7716d527c234b2809f27d16f288da90b95857735
SHA256

e75f1b2f70a84aa33f9a5dbd139b779cc5d68a1e4c5d809838b0e556c39bbb34
SHA512

b96a2903f9d12b1cbe8a3422e39c69fd79affd7e642349ffe7ae2605eb35aaa924a2f91ee88437b6746effcec493acee46ebf1072d8c3d1da9811316ee2add4a
SSDEEP

24576:Se1Mq2xbS4+A0kUKmBYuZSOX8O+oAF4+:/13gbS4+A0kZ2HQOMdJF4+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e248c1c059afa642933e464ff7ac9b59

Files

e248c1c059afa642933e464ff7ac9b59
.dll regsvr32 windows:4 windows x86 arch:x86

c756f8c6074aa5d8e150aafee92920ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Dvlp\vs7.hb5\client\app\smrtshpr\1.0.11.0\SmrtShpr\Release_SmartShopper\SmrtShpr.pdb

Imports

kernel32

LockResource
CompareStringA
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
SetLastError
VirtualQuery
RaiseException
GetThreadLocale
GetDriveTypeA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleFileNameA
LoadLibraryA
GetTickCount
GetCurrentThreadId
GetProcessHeap
HeapFree
LoadResource
SizeofResource
FreeLibrary
GetLocaleInfoA
SetEnvironmentVariableA
SetConsoleCtrlHandler
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetDateFormatA
GetTimeFormatA
GetACP
InterlockedDecrement
UnhandledExceptionFilter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
QueryPerformanceCounter
FatalAppExitA
VirtualFree
HeapCreate
GetSystemInfo
VirtualAlloc
VirtualProtect
GetLocalTime
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
lstrcpynA
GlobalHandle
GlobalFree
MulDiv
CreateFileA
DeleteFileA
SystemTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
FlushInstructionCache
MapViewOfFile
ReadFile
FlushFileBuffers
SetEndOfFile
ReleaseMutex
WaitForMultipleObjects
PulseEvent
ResetEvent
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
LocalAlloc
GetLastError
DeleteCriticalSection
LCMapStringA
InitializeCriticalSection
GetTimeZoneInformation
InterlockedExchange
lstrlenA
LocalFree
CloseHandle
WaitForSingleObject
FileTimeToSystemTime
FindClose
GetSystemTime
WriteFile
SetFilePointer
GetCurrentProcessId
UnmapViewOfFile
SetFileTime
GetFileSize
GetFileTime
SetUnhandledExceptionFilter
IsBadWritePtr
GetCurrentThread
GetCurrentProcess
ResumeThread
SetThreadPriority
TerminateThread
Sleep
CreateThread
ReleaseSemaphore
SetEvent
GetFullPathNameA

advapi32

RegNotifyChangeKeyValue
RegCloseKey

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW

sensapi

IsNetworkAlive

iphlpapi

GetAdaptersInfo

ole32

CreateStreamOnHGlobal
CoCreateGuid
CoMarshalInterface
CoReleaseMarshalData
CoUninitialize
CLSIDFromString
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CoInitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
CoCreateInstance
StringFromCLSID
StringFromGUID2
CoGetClassObject
CoUnmarshalInterface
OleRun

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetVartype
VectorFromBstr
BstrFromVector
OleCreateFontIndirect
VarUdateFromDate
SafeArrayPutElement
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCopy
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayLock
VariantCopy
VarBstrCmp
DispCallFunc
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocStringLen
VarBstrCat
SysStringByteLen
SysAllocString

shlwapi

StrToIntW
StrRChrW
PathFindExtensionW

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptQueryObject

comctl32

ord17

user32

GetSysColor
UnregisterClassA
EnumChildWindows
MapDialogRect
SetWindowContextHelpId
MsgWaitForMultipleObjectsEx
RedrawWindow
DestroyAcceleratorTable
IsChild
SetFocus
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
KillTimer
SetTimer
GetParent
TranslateMessage
MsgWaitForMultipleObjects
GetWindowThreadProcessId
EnumWindows
GetWindowRect
GetClientRect
ShowWindow
GetWindow
GetFocus
SetWindowPos
DestroyWindow
IsWindow
UpdateWindow
ReplyMessage
GetTopWindow
GetDlgItem
InvalidateRect
ReleaseCapture
SetCapture
FillRect
GetDC
ReleaseDC

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetStockObject
CreateSolidBrush
SelectObject

Exports

Exports

CpyCk2Rgstry
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetCountry
SendIds

Sections

.text
Size: 704KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c756f8c6074aa5d8e150aafee92920ff

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

version

sensapi

iphlpapi

ole32

oleaut32

shlwapi

crypt32

comctl32

user32

gdi32

Exports

Exports

Sections

.text Size: 704KB - Virtual size: 702KB

.rdata Size: 200KB - Virtual size: 196KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 56KB - Virtual size: 52KB

.text
Size: 704KB - Virtual size: 702KB

.rdata
Size: 200KB - Virtual size: 196KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 56KB - Virtual size: 52KB