97fc9ae65aa7ea420cc1b4c9b38b590f15de9d20be248b40386c4a151bcb9236

Sharing

Copy URL Twitter E-mail

General

Target

97fc9ae65aa7ea420cc1b4c9b38b590f15de9d20be248b40386c4a151bcb9236
Size

365KB
MD5

14e0c543a7e6ae2ce3e656fa70d862ed
SHA1

f1c30444eba49d60fa3654f11f9f9f317eb10bec
SHA256

97fc9ae65aa7ea420cc1b4c9b38b590f15de9d20be248b40386c4a151bcb9236
SHA512

7d54651657f5cd1fed271ec5df71d6ce96ec5df13699b1ccc3ea28a72dc905995c2d51a4268e418dc21d33becd5fd8dd657dc9ce56f24745448ae75690ce2fa6
SSDEEP

6144:gxbtTx5Ubr3kMXz+dUCCiB1TdTBB4YUQaY2KMcDN7Y7tcqsDXyxHkpiFg5X1AM05:g3TbeHEDXBxdT74Y+aMcp7YJhsryZkp+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97fc9ae65aa7ea420cc1b4c9b38b590f15de9d20be248b40386c4a151bcb9236

Files

97fc9ae65aa7ea420cc1b4c9b38b590f15de9d20be248b40386c4a151bcb9236
.exe windows:5 windows x86 arch:x86

b613936fb14f959dfc8cf6d22330ff0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\code\misc\bugreport-master\bugreport\Output\PdbFinal\bugreport.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

dbghelp

SymLoadModule
SymInitialize
SymSetOptions
SymCleanup
SymGetModuleInfoW

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetOpenUrlA
InternetOpenA

psapi

GetModuleFileNameExW
GetModuleFileNameExA

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

tinyxml

?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?GetText@TiXmlElement@@QBEPBDXZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?Value@TiXmlNode@@QBEPBDXZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
??1TiXmlDocument@@UAE@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
??0TiXmlDocument@@QAE@XZ

kernel32

GetProcessTimes
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
DeviceIoControl
OutputDebugStringW
QueryPerformanceCounter
LeaveCriticalSection
GetSystemTimeAsFileTime
GetStartupInfoW
SetFileAttributesW
InitializeSListHead
GetProcAddress
EnterCriticalSection
InitializeCriticalSection
MoveFileW
GetCurrentThreadId
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetThreadSelectorEntry
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileSize
GetVersionExW
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
GetModuleHandleW
HeapDestroy
HeapSize
HeapReAlloc
SetErrorMode
MultiByteToWideChar
GetCommandLineW
GetTickCount
SetCurrentDirectoryW
ReadProcessMemory
WriteProcessMemory
CloseHandle
OpenProcess
GetLastError
VirtualQueryEx
CreateFileA
GetWindowsDirectoryW
GetModuleFileNameW
OpenThread
CreateThread
GetLocalTime
TerminateProcess
SetEvent
CreateProcessW
FreeLibrary
WaitForSingleObject
lstrlenW
lstrcatW
DeleteFileW
CopyFileW
LoadLibraryW
FindFirstFileW
FindNextFileW
FindClose
lstrcpyW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
Sleep
IsDBCSLeadByte
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ResumeThread
FreeResource
CreateEventW
GetFileAttributesW
CreateFileW
CreateDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WriteFile
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
GetPrivateProfileSectionW
GetSystemDefaultLCID
ReadFile
SetFilePointer
GetTempPathW

user32

DestroyWindow
CreateWindowExW
GetDlgItem
EndDialog
LoadIconW
SendMessageW
SetWindowTextW
SetWindowPos
LoadImageW
ShowWindow
GetClientRect
DrawIconEx
GetWindowThreadProcessId
GetWindowTextW
GetClassNameW
EnumWindows
GetWindowLongW
EnumChildWindows
PostMessageW
GetDesktopWindow
GetWindowTextLengthW
GetKeyState
CallWindowProcW
SetTimer
SendDlgItemMessageW
EnableWindow
GetSystemMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
SetDlgItemTextW
GetSysColorBrush
KillTimer
ClientToScreen
SetWindowLongW
MapWindowPoints
GetWindowRect
MapDialogRect
InvalidateRect
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DialogBoxParamW
BeginPaint
EndPaint
GetDC
DrawTextW
ReleaseDC
GetGuiResources
IsWindow
CreatePopupMenu
TrackPopupMenu
DestroyMenu
DefWindowProcW
RegisterClassExW
GetClassInfoExW

gdi32

SetBkMode
DeleteObject
CreateFontW
SelectObject
GetStockObject
SetTextColor

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey

shell32

SHGetDesktopFolder
SHGetFileInfoW
SHBindToParent
ord155
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleInitialize
DoDragDrop
CreateStreamOnHGlobal
OleUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen

gdiplus

GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipImageSelectActiveFrame
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipDisposeImage
GdipCloneImage

shlwapi

PathFileExistsW

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

vcruntime140

memset
memcpy
__std_terminate
memmove
_purecall
wcsrchr
wcschr
wcsstr
memcmp
strchr
strrchr
memchr
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

wcscmp
_wcslwr_s
wcsncpy
strnlen
wcsnlen
tolower
wmemcpy_s
wcsncmp
_wcsicmp
iswspace
strcmp
strncpy_s
strlen
wcscpy
wcscat
iswalnum
wcscpy_s
wcslen
iswdigit
wcscat_s
towlower
strncmp
isalnum
isspace
iswalpha

api-ms-win-crt-runtime-l1-1-0

terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_beginthreadex
_configure_wide_argv
__p___wargv
__p___argc
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
_get_wide_winmain_command_line
_controlfp_s
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_invalid_parameter_noinfo

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__p__commode
fwrite
fread
ftell
fseek
_wfopen
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vswscanf
_set_fmode
__stdio_common_vsprintf
fclose

api-ms-win-crt-time-l1-1-0

_time64
_gmtime32
_time32

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbslwr_s
_mbscmp
_mbsstr
_mbsicmp
_mbsrchr

api-ms-win-crt-convert-l1-1-0

strtoul
_wtoi
atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b613936fb14f959dfc8cf6d22330ff0f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

dbghelp

wininet

psapi

comctl32

tinyxml

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

msvcp140

wtsapi32

crypt32

wintrust

iphlpapi

netapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 142KB - Virtual size: 141KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 3KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 88B

.rsrc Size: 62KB - Virtual size: 62KB

.reloc Size: 80KB - Virtual size: 84KB

.text
Size: 142KB - Virtual size: 141KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 3KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 88B

.rsrc
Size: 62KB - Virtual size: 62KB

.reloc
Size: 80KB - Virtual size: 84KB