88eb94177d6e8eec7cd7262665b5fe3803eaa6563ea67d20d06dbd5e51729fd7

Sharing

Copy URL Twitter E-mail

General

Target

88eb94177d6e8eec7cd7262665b5fe3803eaa6563ea67d20d06dbd5e51729fd7
Size

288KB
MD5

5c468e49c1804f4460aca8c4ee9f99a9
SHA1

31bef471b2e95cca884144d7c892295a5d7db973
SHA256

88eb94177d6e8eec7cd7262665b5fe3803eaa6563ea67d20d06dbd5e51729fd7
SHA512

52c718e4218e8136359870e5be085d25e179761a1dc6fa8fc78099a4e0a12c441e155559f34388a1519e4356280a42da775da46ac736ae11e58af7dba5d7740b
SSDEEP

6144:UTE141eOXlTTHFciCvEe8Ers5s9D9nUn10c47R+a6o63OK2WnnnnE:UTE141e8TWJ8Hf06

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88eb94177d6e8eec7cd7262665b5fe3803eaa6563ea67d20d06dbd5e51729fd7

Files

88eb94177d6e8eec7cd7262665b5fe3803eaa6563ea67d20d06dbd5e51729fd7
.dll windows:5 windows x86 arch:x86

2b1d6a27e75b4642e26c63bd5627a337

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Company\Holter\HolterSystem\trunk\HolterSystem\Release\Plugin\PLG_VLPs.pdb

Imports

holtersystem.exe

ord170
ord168
ord171
ord167
ord52
ord174
ord173
ord146
ord1
ord18
ord147
ord145
ord81
ord95
ord69
ord213
ord152
ord100
ord102
ord87
ord206
ord169
ord212
ord125
ord114
ord111
ord122
ord116
ord121
ord130
ord185
ord113
ord120
ord128
ord115
ord166
ord73
ord158
ord149
ord155
ord153
ord126
ord129
ord172
ord165
ord75
ord19
ord127
ord104
ord85
ord70
ord109
ord110
ord196
ord176
ord57
ord136
ord76

opengl32

wglCreateContext
glShadeModel
glClearColor
glClearDepth
glEnable
glDepthFunc
glHint
glGenLists
wglUseFontOutlinesW
glDeleteLists
glBegin
glVertex3d
glEnd
glLineWidth
glLineStipple
glDisable
glPushAttrib
glPolygonMode
glListBase
glPushMatrix
glColor3f
wglMakeCurrent
glTranslated
glPopMatrix
glRasterPos2f
glScaled
glRotatef
glCallLists
glPopAttrib
glViewport
glMatrixMode
glLoadIdentity
glClear
glTranslatef
glColor3ub
glFlush
glFinish
wglDeleteContext

glu32

gluPerspective

mfc90u

ord4527
ord799
ord337
ord2539
ord4774
ord1137
ord601
ord316
ord5167
ord4631
ord813
ord280
ord811
ord6065
ord4543
ord3637
ord6089
ord3528
ord654
ord2326
ord404
ord663
ord5535
ord3187
ord1552
ord5770
ord6579
ord6353
ord6813
ord4992
ord4131
ord4512
ord2282
ord3577
ord2130
ord1357
ord1599
ord3220
ord285
ord1607
ord1314
ord390
ord652
ord6511
ord2286
ord1786
ord1722
ord3286
ord3661
ord785
ord4036
ord6577
ord6807
ord4268
ord6604
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord4516
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4658
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord2280
ord639
ord374
ord3794
ord600
ord296
ord801
ord4654
ord265
ord266
ord5322
ord2597
ord6311
ord2758
ord286
ord6547
ord6183
ord4410
ord4541
ord6095
ord6096
ord6802
ord333
ord6091
ord1353
ord3486
ord636
ord367
ord3622
ord525
ord744
ord524
ord4044
ord1354
ord3543
ord2106
ord1183
ord3537
ord778
ord3654
ord4660
ord1719
ord2283
ord3933
ord2695
ord4444
ord1667
ord2277
ord4510
ord1601
ord2103
ord693
ord595
ord3563
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord3252
ord2764
ord2893
ord2774
ord3140
ord2966
ord4728
ord3112
ord2983
ord2771
ord5650
ord1727
ord1791
ord1792
ord2139
ord5625
ord1442
ord5632
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1492
ord4664
ord4682
ord6187
ord4741
ord5653
ord2904
ord2360
ord5008
ord2069
ord4000
ord1938
ord6355
ord2537
ord615
ord2640
ord3496
ord3226
ord6376
ord5404
ord3682
ord6804
ord4663
ord4174
ord3488

msvcr90

_CxxThrowException
memset
_CIsqrt
_CIsin
__CxxFrameHandler3
_CIcos
_CIpow
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
free
rand_s
_time64
srand
wcsftime
ldiv
_localtime64_s
_purecall
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
memmove_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
memcpy

kernel32

InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
IsDebuggerPresent

user32

ReleaseCapture
GetSysColor
GetDlgItem
ScreenToClient
GetParent
GetDlgCtrlID
GetWindowRect
CopyRect
GetClientRect
EnumChildWindows
GetSystemMetrics
CreateWindowExW
SetWindowPos
ShowWindow
GetWindowPlacement
IsWindowVisible
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
EnableWindow
SendMessageW
InvalidateRect
TrackPopupMenu
AppendMenuW
CreateMenu
GetCursorPos
PtInRect
DrawTextW
SetRect
DispatchMessageW
SetCursor
GetMessageW
GetCapture
SetCapture
LoadCursorW
FillRect

gdi32

CreatePolygonRgn
Rectangle
GetDeviceCaps
SwapBuffers
SetPixelFormat
ChoosePixelFormat
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
GetStockObject
GetRgnBox

msimg32

GradientFill

msvcp90

??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??_F?$complex@M@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z

uxtheme

DrawThemeParentBackground

gdiplus

GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateSolidFill
GdipDeleteBrush
GdipSetPageUnit
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipGetFontHeight
GdipCreatePen1
GdipDeletePen
GdipSetPenWidth
GdipDrawRectangle
GdipDrawString

Exports

Exports

GetPlugInterface

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b1d6a27e75b4642e26c63bd5627a337

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

holtersystem.exe

opengl32

glu32

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

msvcp90

uxtheme

gdiplus

Exports

Exports

Sections

.text Size: 131KB - Virtual size: 131KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 1KB - Virtual size: 309KB

.rsrc Size: 110KB - Virtual size: 109KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 1KB - Virtual size: 309KB

.rsrc
Size: 110KB - Virtual size: 109KB

.reloc
Size: 14KB - Virtual size: 14KB