5687099629a0e58dae42c54850461ab84e3fbbac2e254d285e90a50b79372ab9

Sharing

Copy URL Twitter E-mail

General

Target

5687099629a0e58dae42c54850461ab84e3fbbac2e254d285e90a50b79372ab9
Size

287KB
MD5

e72f451c1d07bcd0ce39ee786e499938
SHA1

1de0642b32beac1a8c91037ba503f2302e02e52b
SHA256

5687099629a0e58dae42c54850461ab84e3fbbac2e254d285e90a50b79372ab9
SHA512

57e6dba07d4211151dac3e3e947e0bcaab2e2e35194b1495b62ec3e9ed1240388771d76ecfef0d626e6af4b2fa7625649418e077ae4942f899369ae20faaeaf1
SSDEEP

3072:7b2ByYsfQFyZYMojJktJ9SWN7yUCoyRXaHU0ZirexzeNLctzd0lfIGOK+kxBOrW:7CmINfJEv7U0krECcOfIGOK+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5687099629a0e58dae42c54850461ab84e3fbbac2e254d285e90a50b79372ab9

Files

5687099629a0e58dae42c54850461ab84e3fbbac2e254d285e90a50b79372ab9
.dll windows:5 windows x86 arch:x86

f926fe2d61790694275705c56d0917da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Company\Holter\HolterSystem\trunk\HolterSystem\Release\PLG_BPNP.pdb

Imports

mfc90u

ord6019
ord5680
ord4997
ord4347
ord5677
ord5674
ord3217
ord2087
ord9400
ord6945
ord7216
ord9560
ord524
ord744
ord6868
ord7161
ord10143
ord10136
ord1855
ord7087
ord11137
ord12783
ord9673
ord6187
ord10797
ord10759
ord2263
ord9644
ord6493
ord2360
ord337
ord613
ord6577
ord12525
ord9679
ord7538
ord4351
ord10884
ord11466
ord9403
ord7219
ord6949
ord7991
ord517
ord12159
ord8570
ord7052
ord7266
ord10714
ord10832
ord11041
ord3543
ord10423
ord13072
ord12264
ord9274
ord8582
ord8579
ord8599
ord8611
ord8588
ord8602
ord8608
ord8593
ord8595
ord8597
ord8591
ord8605
ord8585
ord7385
ord7381
ord7377
ord11670
ord12293
ord7804
ord13246
ord11748
ord7924
ord8331
ord10420
ord8436
ord9749
ord9737
ord10701
ord12308
ord7845
ord10227
ord12542
ord10769
ord10760
ord11049
ord8132
ord11059
ord10435
ord10567
ord11810
ord10449
ord11833
ord12320
ord9001
ord9650
ord7554
ord10554
ord7949
ord10614
ord13211
ord9902
ord10266
ord11777
ord9888
ord6164
ord4322
ord4444
ord2106
ord1183
ord3537
ord753
ord539
ord3907
ord3188
ord3673
ord1553
ord2501
ord2490
ord665
ord406
ord4212
ord4476
ord834
ord12923
ord1268
ord810
ord8525
ord7493
ord7506
ord8334
ord7462
ord6950
ord516
ord846
ord12729
ord13076
ord8370
ord8385
ord904
ord2694
ord698
ord446
ord6170
ord310
ord601
ord899
ord5979
ord6697
ord6698
ord6013
ord4405
ord1599
ord3319
ord5876
ord901
ord4473
ord695
ord443
ord5851
ord2702
ord286
ord5919
ord2537
ord285
ord3220
ord1607
ord811
ord935
ord1315
ord938
ord1329
ord4477
ord5583
ord2525
ord6813
ord5580
ord5578
ord1248
ord1552
ord5770
ord3187
ord5535
ord663
ord404
ord2448
ord2809
ord3015
ord3018
ord5663
ord1100
ord1065
ord3952
ord5869
ord3017
ord4442
ord796
ord593
ord266
ord4631
ord5653
ord5167
ord4527
ord2596
ord4000
ord639
ord374
ord3794
ord2478
ord5510
ord5509
ord5511
ord5508
ord5231
ord5047
ord5301
ord5277
ord5632
ord5168
ord5324
ord6171
ord6514
ord905
ord5880
ord6727
ord571
ord580
ord1254
ord582
ord2208
ord1810
ord1809
ord784
ord3500
ord1250
ord447
ord699
ord782
ord265
ord799
ord3355
ord6411
ord1754
ord1751
ord4345
ord1493
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord3115
ord3235
ord1603
ord4905
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord1675
ord3353
ord6408
ord1492
ord5661
ord5152
ord4682
ord4608
ord4632
ord6385
ord6579
ord4131
ord10178
ord6065
ord2904
ord5008
ord4026
ord6659
ord7624
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4681
ord3674
ord813
ord280
ord2069
ord6604
ord2597
ord1727
ord1220
ord1137
ord4044
ord797
ord595
ord2326
ord296
ord600
ord9862
ord801

msvcr90

memcpy
strlen
strchr
isalnum
strcmp
strcpy
wcslen
wcscpy
__CxxFrameHandler3
fprintf
__iob_func
memcmp
strncpy
sscanf
sprintf
strncmp
_stricmp
memmove_s
memset
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_purecall
rand
_mktime64
malloc
swprintf_s
_localtime64_s
wcsftime
wprintf
_wtoi
?what@exception@std@@UBEPBDXZ
ldiv
_recalloc
calloc
swscanf_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
free
??0exception@std@@QAE@XZ
memcpy_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_time64
_CxxThrowException

kernel32

GetFileAttributesW
CreateDirectoryW
CreateProcessW
CloseHandle
lstrlenW
WideCharToMultiByte
GetLastError
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
WaitForSingleObject
CreateThread
GetModuleFileNameW
ResumeThread
Sleep
MoveFileExW
InterlockedExchange
RemoveDirectoryW
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CreateFileMappingW
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
InterlockedIncrement
InterlockedDecrement
SetFilePointer
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
ReleaseMutex
WaitForMultipleObjects
SetEvent
MapViewOfFile
CreateEventW
UnmapViewOfFile
DuplicateHandle
OpenProcess
GetSystemInfo
CreateMutexW
InitializeCriticalSection
InterlockedCompareExchange
OutputDebugStringW

user32

SendMessageTimeoutW
PostMessageW
GetPropW
EnableWindow
FindWindowW
SetPropW
IsWindow
GetWindowRect
SendMessageW
GetSystemMenu
RemoveMenu
SetTimer
KillTimer
LoadImageW
DestroyIcon
GetDesktopWindow
GetSystemMetrics
EqualRect
GetParent
IsRectEmpty
DrawFocusRect
FillRect
RedrawWindow
DefWindowProcW
InflateRect
EnableScrollBar
GetClientRect
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxW

gdi32

GetTextExtentPoint32W
GetStockObject
GetTextMetricsW
SelectObject

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegFlushKey

oleaut32

VariantClear

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

sqlite3

sqlite3_column_type
sqlite3_column_int
sqlite3_column_text16
sqlite3_column_count
sqlite3_prepare16
sqlite3_busy_timeout
sqlite3_finalize
sqlite3_step
sqlite3_close
sqlite3_errmsg16
sqlite3_open16

holtersystem.exe

ord104
ord77
ord57

ws2_32

listen
closesocket
bind
setsockopt
htons
htonl
gethostbyname
WSAGetLastError
socket
accept
connect
recv
select
send
shutdown
inet_ntoa
getpeername
gethostname
WSAStartup

xmllite

CreateXmlWriter
CreateXmlReader
CreateXmlWriterOutputWithEncodingName

Exports

Exports

GetCustomPlugInterface

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f926fe2d61790694275705c56d0917da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

oleaut32

msvcp90

sqlite3

holtersystem.exe

ws2_32

xmllite

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 2KB - Virtual size: 581KB

.rsrc Size: 71KB - Virtual size: 70KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 581KB

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 19KB - Virtual size: 19KB