197261e7102ee766944a9d25b5eb153f899542c0bb58fb89cd6500e9a6ac02d7

Sharing

Copy URL Twitter E-mail

General

Target

197261e7102ee766944a9d25b5eb153f899542c0bb58fb89cd6500e9a6ac02d7
Size

318KB
MD5

1b4205d7da8cbcb25e30f701ded1978a
SHA1

54e82b0b6221d123dc0be8aba376a7c40d216741
SHA256

197261e7102ee766944a9d25b5eb153f899542c0bb58fb89cd6500e9a6ac02d7
SHA512

c99e949b45baa8473b5865050a2840324c915336a1e92b8bc925b224f4dd62811bb0b89669a2380ffd295c1a7a8c2ac93ee32a4a9868d05e5d511a4433e4b7d6
SSDEEP

6144:5d6fjqHLIrB2yRAKdGfThS2uROK3T/hRi:5sFQyNGS2uDni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
197261e7102ee766944a9d25b5eb153f899542c0bb58fb89cd6500e9a6ac02d7

Files

197261e7102ee766944a9d25b5eb153f899542c0bb58fb89cd6500e9a6ac02d7
.dll windows:5 windows x86 arch:x86

ebc89ea5386a93ea7c7e2ddcf3b509c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Company\Holter\HolterSystem\trunk\HolterSystem\Release\Plugin\PLG_QTd.pdb

Imports

holtersystem.exe

ord110
ord113
ord126
ord178
ord114
ord121
ord125
ord129
ord19
ord75
ord172
ord165
ord169
ord170
ord168
ord171
ord167
ord52
ord174
ord173
ord146
ord1
ord18
ord147
ord152
ord91
ord92
ord143
ord96
ord56
ord190
ord200
ord88
ord103
ord132
ord133
ord186
ord187
ord122
ord116
ord120
ord118
ord161
ord124
ord166
ord158
ord149
ord160
ord155
ord76
ord95
ord145
ord212
ord57
ord117
ord216
ord185
ord206
ord154
ord162
ord68
ord196
ord207
ord148
ord199
ord128
ord136
ord213
ord208
ord82
ord69
ord90
ord104

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
Sleep
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange

user32

SetRect
SendMessageW
EnableWindow
GetSysColor
GetDlgItem
ScreenToClient
GetParent
GetDlgCtrlID
GetWindowRect
CopyRect
EnumChildWindows
GetSystemMetrics
CreateWindowExW
SetWindowPos
ShowWindow
GetWindowLongW
GetWindowPlacement
IsWindowVisible
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
InvalidateRect
InflateRect
FillRect
LoadIconW
GetClientRect

gdi32

CreateSolidBrush
GetDeviceCaps
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
CreateFontW
GetPixel
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetPixel
GetStockObject
SelectObject
GetTextColor

mfc90u

ord4660
ord3286
ord3654
ord778
ord4044
ord6868
ord7161
ord4131
ord2593
ord971
ord909
ord524
ord744
ord280
ord1714
ord4664
ord3642
ord767
ord2103
ord1601
ord4510
ord2277
ord1667
ord4654
ord3496
ord615
ord3488
ord1183
ord2537
ord2106
ord3543
ord1938
ord1354
ord811
ord5653
ord5322
ord286
ord6355
ord4741
ord265
ord266
ord799
ord4682
ord1492
ord6408
ord3353
ord1809
ord1810
ord2208
ord5324
ord4631
ord5632
ord3220
ord285
ord1607
ord4444
ord2904
ord4516
ord525
ord3622
ord6095
ord4541
ord4410
ord9673
ord3537
ord813
ord404
ord663
ord5535
ord6813
ord1552
ord2084
ord5770
ord3187
ord3406
ord1675
ord1599
ord6867
ord6857
ord7152
ord8477
ord5650
ord2470
ord4527
ord367
ord636
ord1353
ord1719
ord6091
ord333
ord2758
ord3794
ord374
ord639
ord2057
ord4000
ord5008
ord6760
ord2597
ord5167
ord938
ord935
ord2274
ord1665
ord4652
ord3489
ord611
ord6065
ord4543
ord6604
ord3528
ord654
ord4351
ord6579
ord4992
ord2286
ord1786
ord1722
ord4663
ord3661
ord785
ord4036
ord6577
ord6807
ord4268
ord6311
ord6040
ord6096
ord6547
ord2469
ord5974
ord4530
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4658
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord2280
ord3842
ord801
ord1727
ord1791
ord1792
ord2139
ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord2283
ord3933
ord600
ord296
ord3185
ord2069
ord4010
ord693
ord595
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord2764
ord2893
ord2774
ord3140
ord2966
ord4728
ord2983
ord3112
ord3486
ord2771
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2263
ord2615
ord6187

msvcr90

__clean_type_info_names_internal
__CxxFrameHandler3
memset
_CIsqrt
memcpy
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
calloc
_purecall
ldiv
_localtime64_s
wcsftime
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
memmove_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException

comctl32

_TrackMouseEvent

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

gdiplus

GdipDrawRectangleI
GdipDrawLines
GdipGetPenWidth
GdipDrawString
GdipGetFontHeight
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFromLogfontW
GdipDrawLineI
GdipDrawLine
GdipSetPenColor
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipSetPageUnit
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipFillRectangle

uxtheme

DrawThemeParentBackground

Exports

Exports

GetPlugInterface

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebc89ea5386a93ea7c7e2ddcf3b509c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

holtersystem.exe

kernel32

user32

gdi32

mfc90u

msvcr90

comctl32

msvcp90

gdiplus

uxtheme

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 34KB

.rsrc Size: 117KB - Virtual size: 116KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 34KB

.rsrc
Size: 117KB - Virtual size: 116KB

.reloc
Size: 17KB - Virtual size: 17KB