33d30cc71324c24c74d7575d7bfaebd578607122cc581f093267a9c511da044b

Sharing

Copy URL Twitter E-mail

General

Target

33d30cc71324c24c74d7575d7bfaebd578607122cc581f093267a9c511da044b
Size

2.4MB
MD5

112a05f34b6a6d2ddcb861c0e574a2ce
SHA1

becb7e24b304cef0d840bd6527fbc367e391fde8
SHA256

33d30cc71324c24c74d7575d7bfaebd578607122cc581f093267a9c511da044b
SHA512

8a7da017c47cbfe3925dd7b02cc49e26e0284a0c996400f3ef72e65cc415fc032ee85bdba632756cafc036c4c2a56a8f77cd39b02d4f99ae556085cc16d2ad3a
SSDEEP

49152:yr7GlciQhaohBSd3vwpCmSPOxZ0lGZM33yo:yr7NaHotxC7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33d30cc71324c24c74d7575d7bfaebd578607122cc581f093267a9c511da044b

Files

33d30cc71324c24c74d7575d7bfaebd578607122cc581f093267a9c511da044b
.exe windows:5 windows x86 arch:x86

381490391a9f657ba89287a0e25a7f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Builds\13810\Tools\procexp_master\bin\Win32\Release\procexp.pdb

Imports

shlwapi

ColorHLSToRGB
ColorRGBToHLS
ord176
UrlUnescapeW

ws2_32

ntohs
htonl
htons
gethostbyaddr
getservbyport
WSAStartup
ntohl

mpr

WNetGetConnectionW

comctl32

ord17
PropertySheetW
CreateStatusWindowW
CreatePropertySheetPageW
ord410
CreateToolbarEx
ord413
ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ImageList_Create

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

kernel32

GetProcessAffinityMask
GetCurrentProcessId
SetThreadAffinityMask
SetFilePointer
GetSystemDirectoryW
DeleteFileW
SearchPathW
OpenThread
GetThreadContext
SuspendThread
ResumeThread
Thread32First
Thread32Next
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
VirtualQueryEx
GlobalMemoryStatus
SetProcessWorkingSetSize
TerminateProcess
GetProcessId
PulseEvent
SetPriorityClass
GetComputerNameW
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
DeviceIoControl
DuplicateHandle
OutputDebugStringW
GetDriveTypeW
GetCurrentDirectoryW
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemInfo
ExpandEnvironmentStringsA
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
IsProcessorFeaturePresent
EncodePointer
RtlUnwind
IsDebuggerPresent
lstrlenA
GetEnvironmentVariableW
lstrcmpiW
lstrcmpW
ReadProcessMemory
OpenEventW
SetLastError
IsBadStringPtrW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
DeleteCriticalSection
Module32NextW
Module32FirstW
TerminateThread
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
FindResourceExW
FindResourceW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetCommandLineW
LocalAlloc
FormatMessageW
GlobalAddAtomW
GetTickCount
MulDiv
GetFileSizeEx
GetExitCodeThread
CreateThread
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
EnterCriticalSection
GetCurrentThread
LeaveCriticalSection
FindNextFileW
FindClose
MultiByteToWideChar
GetModuleHandleW
ReadFile
LoadLibraryExW
FreeLibrary
GetPrivateProfileStringW
FindFirstFileW
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateFileW
GetFullPathNameW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
CreateProcessW
GetModuleFileNameW
LoadLibraryW
CreateFileMappingW
TlsSetValue
TlsAlloc
lstrlenW
UnmapViewOfFile
MapViewOfFile
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
WriteFile
GetStdHandle
GetFileSize
Sleep
InitializeCriticalSection
SetErrorMode
GetLastError
ExitThread
GetCurrentProcess
OpenProcess
LocalFree
GetVersion
GetProcAddress
InterlockedDecrement
InterlockedIncrement
TlsGetValue
CompareStringW
LCMapStringW
SetFilePointerEx
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableA

user32

GetWindow
GetDesktopWindow
IsWindowEnabled
KillTimer
MsgWaitForMultipleObjects
GetDlgCtrlID
CheckRadioButton
SendMessageTimeoutW
PeekMessageW
GetUserObjectSecurity
SetUserObjectSecurity
IsDialogMessageW
DrawIconEx
CheckMenuRadioItem
WindowFromPoint
RedrawWindow
TrackPopupMenu
RemoveMenu
CreateMenu
DrawMenuBar
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
GetDlgItemTextW
CreateDialogParamW
IsWindow
PostQuitMessage
ExitWindowsEx
DispatchMessageW
TranslateMessage
GetMessageW
DrawEdge
RegisterWindowMessageW
GetWindowDC
SetMenuItemInfoW
IsIconic
ShowWindowAsync
SystemParametersInfoW
EnumWindows
SetClassLongW
GetWindowTextW
InvalidateRgn
TrackPopupMenuEx
ModifyMenuW
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetWindowPlacement
LoadImageW
SetWindowPlacement
RegisterClassW
DefMDIChildProcW
DefFrameProcW
CreateIconIndirect
FrameRect
ClientToScreen
IsWindowVisible
DestroyWindow
GetClassNameW
EnumChildWindows
PtInRect
UnionRect
CopyRect
ScreenToClient
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
ChildWindowFromPoint
SetDlgItemTextW
DialogBoxParamW
MoveWindow
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetScrollInfo
SetScrollInfo
GetParent
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetCursorPos
GetWindowRect
GetClientRect
GetPropW
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
GetSystemMetrics
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetKeyState
DeleteMenu
SetForegroundWindow
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
LoadCursorW
LoadIconW
DestroyIcon
EnumDisplaySettingsW
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
LoadStringW
ReleaseDC
GetDC
DefDlgProcW

gdi32

GetTextMetricsW
SetTextColor
RectInRegion
SelectClipRgn
SelectObject
SetBkColor
Polyline
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
SetBkMode
MoveToEx
SetROP2
SaveDC
RestoreDC
Rectangle
LineTo
ExtTextOutW
SetTextAlign
GetTextExtentPoint32W
CreateDIBSection
GetObjectW
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
GetBkColor
GetBkMode
GetDeviceCaps
GetStockObject
CreateFontIndirectW

comdlg32

PrintDlgW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
FindTextW
ChooseFontW

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeNameW
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetKernelObjectSecurity
CreateProcessAsUserW
RegConnectRegistryW
FlushTraceW
ConvertSidToStringSidW
LsaEnumerateAccountRights
RegCloseKey
LsaOpenPolicy
LsaClose
LsaFreeMemory
SetSecurityInfo
GetSecurityInfo
AddAccessAllowedAce
GetAce
AddAce
InitializeAcl
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
SetTokenInformation
QueryServiceConfigW
CopySid
RevertToSelf
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
GetLengthSid
CloseTrace
ProcessTrace
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
MapGenericMask
RegCreateKeyW
RegDeleteValueW
FreeSid
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ControlService
QueryServiceStatus
StartServiceW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc
Shell_NotifyIconW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

ole32

CoMarshalInterThreadInterfaceInStream
CoSetProxyBlanket
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound

winhttp

WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData

psapi

GetModuleFileNameExW

Sections

.text
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

381490391a9f657ba89287a0e25a7f4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

Sections

.text Size: 695KB - Virtual size: 694KB

.rdata Size: 151KB - Virtual size: 150KB

.data Size: 36KB - Virtual size: 181KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 46KB - Virtual size: 46KB

.text
Size: 695KB - Virtual size: 694KB

.rdata
Size: 151KB - Virtual size: 150KB

.data
Size: 36KB - Virtual size: 181KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 46KB - Virtual size: 46KB