7606194fc6625628ff0702e1dd94dddf316c00abeb6e13e90461132231319443

Sharing

Copy URL

Twitter E-mail

General

Target

7606194fc6625628ff0702e1dd94dddf316c00abeb6e13e90461132231319443
Size

212KB
MD5

185f1a0adc48c835bd7f5d1807f63a74
SHA1

1d4e9b0c33974650da98f3ffc0c0f8527b9b92e8
SHA256

7606194fc6625628ff0702e1dd94dddf316c00abeb6e13e90461132231319443
SHA512

81f8a6cedf6e0c307397985b52baebf45d6be8556f71ceb10b36d06851c36e209c8764573575ddd39b416f9b3dfb5a932a36fd8803bd7ce505be9f4cc8a628f4
SSDEEP

3072:C3MBTvdWeOh2NCFX+5iJJRHibqnAQW4CVwbqhtvMpO:C+Jm0CFX+5iIbqNCabqYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7606194fc6625628ff0702e1dd94dddf316c00abeb6e13e90461132231319443

Files

7606194fc6625628ff0702e1dd94dddf316c00abeb6e13e90461132231319443
.exe windows:4 windows x86 arch:x86

50e41286d0b107f61b4e0e11965457a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\jenkins\workspace\cms\build-cms-sdk-mfc\cmpc\runimage\win32\release\InstHelpApp.pdb

Imports

rpcrt4

UuidCreate

psapi

GetModuleFileNameExW

kernel32

SetEvent
GetSystemDirectoryW
Process32FirstW
GetNativeSystemInfo
WideCharToMultiByte
OutputDebugStringA
MultiByteToWideChar
HeapDestroy
HeapCreate
LoadLibraryA
GetModuleFileNameW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
FindFirstFileW
HeapAlloc
OpenProcess
FindClose
FileTimeToSystemTime
CreateProcessW
GetPrivateProfileStringW
FreeLibrary
WritePrivateProfileStringW
TerminateProcess
WaitForSingleObject
GetProcAddress
OpenEventW
GetProcessHeap
GetLastError
GetTickCount
Sleep
GetModuleHandleW
CreateToolhelp32Snapshot
Process32NextW
HeapFree
OutputDebugStringW
GetSystemTime
GetCurrentProcess
LoadLibraryW
GetVersionExW
CloseHandle
MoveFileExW
FindNextFileW
SystemTimeToFileTime
GetACP
GetOEMCP
IsValidLocale
EnumSystemLocalesA
GetCurrentThreadId
GetUserDefaultLCID
GetLocaleInfoA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
SetLastError
TlsFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetVersionExA
GetStartupInfoW
GetStringTypeA
GetStringTypeW
RtlUnwind
RaiseException
GetCPInfo
LCMapStringA
LCMapStringW
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
IsValidCodePage

user32

GetWindowLongW
GetClassNameW
GetDesktopWindow
PostMessageW
GetWindowTextW
EnumWindows
EnableWindow
GetDlgItem
FindWindowExW
GetWindowThreadProcessId
wsprintfW
MessageBoxW
ChangeDisplaySettingsW

advapi32

InitializeSecurityDescriptor
RegOpenKeyW
RegSetValueExA
SetNamedSecurityInfoW
CopySid
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
SetSecurityDescriptorDacl
FreeSid
RegQueryValueExA
RegSetValueExW
GetLengthSid
AllocateAndInitializeSid
CreateServiceW
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
OpenServiceW
OpenSCManagerW
AddAccessAllowedAce
AddAccessAllowedAceEx
RegCreateKeyA
RegCreateKeyW
StartServiceW
RegQueryValueExW
InitializeAcl
RegCreateKeyExW
QueryServiceStatusEx
CloseServiceHandle

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize

log4cplusu

?forcedLog@Logger@log4cplus@@QBEXHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBDH@Z
??1Logger@log4cplus@@UAE@XZ
?isEnabledFor@Logger@log4cplus@@QBE_NH@Z
?getInstance@Logger@log4cplus@@SA?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

libelclogu

?DoConfigure@LibElcLog@ElcComponent@@YAXPB_W@Z

ws2_32

WSCEnumProtocols
WSCInstallProvider
WSACleanup
WSCWriteProviderOrder
WSCDeinstallProvider
WSAStartup

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50e41286d0b107f61b4e0e11965457a2

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

psapi

kernel32

user32

advapi32

shell32

ole32

log4cplusu

libelclogu

ws2_32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB