b5a4e6bd8131e3f1c909bb50c03b7957c16b690aee73fd2134f4ebfe611e1c06

Sharing

Copy URL Twitter E-mail

General

Target

b5a4e6bd8131e3f1c909bb50c03b7957c16b690aee73fd2134f4ebfe611e1c06
Size

3.4MB
MD5

1a70ffc14ca9f9f1bdc52fafcbf05829
SHA1

e55f280d46eb9e04064db9ba5597109682aef28a
SHA256

b5a4e6bd8131e3f1c909bb50c03b7957c16b690aee73fd2134f4ebfe611e1c06
SHA512

9e72285b8a0f8fb480db60b7540c875172eb5bd4cdeb82dd855847e7a59dd1a9bbee450ed87e2ce88869a082110e0772b7dcfb632a1431dc56940b6be1e36ea6
SSDEEP

98304:GrzvZI+pegjhnw78e4ykbNZGeF2Xb1oI+JDCbsW0Zel79KrR7x3JfbXzdQw:czvZIDgjO7QcMWuCsW0a+R7x3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5a4e6bd8131e3f1c909bb50c03b7957c16b690aee73fd2134f4ebfe611e1c06

Files

b5a4e6bd8131e3f1c909bb50c03b7957c16b690aee73fd2134f4ebfe611e1c06
.exe windows:6 windows x86 arch:x86

8798cd08016a6289a3b87991aa66d1c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\svn\Onicon_Software\branches\Seametrics_FlowInspector_v2.5_bschaefer\collineardevteam-flowinspector-8bb565657024\Release\FInsp.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetDriveTypeW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
GetTimeZoneInformation
GetStdHandle
ExitProcess
QueryPerformanceFrequency
HeapQueryInformation
FindNextFileW
GetFileType
SetStdHandle
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
SetCurrentDirectoryW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
LocalUnlock
LocalLock
SearchPathA
SetEnvironmentVariableW
GetProfileIntA
GetTempPathA
FindResourceExW
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
SetErrorMode
SetFileAttributesA
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetAtomNameA
InitializeCriticalSection
lstrcpyA
GetACP
GlobalFlags
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFileTime
GetFileAttributesA
GetDiskFreeSpaceA
SystemTimeToTzSpecificLocalTime
FindNextFileA
FileTimeToLocalFileTime
GetStringTypeExA
GetThreadLocale
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
DeleteFileA
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetCurrentThread
GetVersionExA
lstrcmpA
SystemTimeToFileTime
FormatMessageA
MulDiv
LocalFree
GlobalSize
GlobalAlloc
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
WaitForSingleObject
SetEvent
GetCurrentProcessId
GlobalFree
GlobalLock
GlobalUnlock
CompareStringA
MultiByteToWideChar
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
OutputDebugStringW
FileTimeToSystemTime
CopyFileA
SetCommTimeouts
SetCommState
PurgeComm
GetCommState
GetLastError
CloseHandle
OutputDebugStringA
GetDriveTypeA
FindFirstFileA
FindClose
CreateFileA
GetLocaleInfoA
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
WriteConsoleW
Sleep
WriteFile
ReadFile
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW

user32

ClientToScreen
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
IsZoomed
GetSystemMetrics
CharUpperA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
ShowOwnedPopups
PostQuitMessage
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuState
GetMenuStringA
MapVirtualKeyA
GetKeyNameTextA
GetCursorPos
TranslateMessage
GetMessageA
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
LoadImageA
DestroyIcon
GetWindowThreadProcessId
IntersectRect
InsertMenuItemA
DestroyMenu
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
BringWindowToTop
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
IsWindowEnabled
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
RemovePropA
GetPropA
DestroyCursor
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
WindowFromPoint
UnionRect
IsRectEmpty
SendMessageA
EnableWindow
SetTimer
wsprintfA
UpdateWindow
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RealChildWindowFromPoint
TrackMouseEvent
LoadImageW
GetSysColorBrush
GetMenuItemInfoA
SystemParametersInfoA
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
GetSystemMenu
DeleteMenu
SetParent
LoadAcceleratorsW
LoadMenuW
PostThreadMessageA
CharNextA
SetCapture
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
SetLayeredWindowAttributes
MessageBeep
SetRect
PeekMessageA
KillTimer
CheckMenuItem
InvalidateRect
MessageBoxA
FindWindowA
GetDC
ReleaseDC
GetClientRect
SetCursor
FillRect
InflateRect
OffsetRect
SetClassLongA
LoadCursorA
LoadCursorW
GetKeyState
UnregisterClassA
SetFocus
SetScrollPos
GetScrollPos
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
GetWindow
SendDlgItemMessageA
SetRectEmpty
GetParent
GetFocus
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
DispatchMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
DrawIcon
SetWindowRgn
GetTabbedTextExtentW
InSendMessage
WindowFromDC
CreateMenu
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
GetTabbedTextExtentA
GetWindowRgn
MonitorFromRect
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
EnumChildWindows
SendNotifyMessageA
GetUpdateRect
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
IsClipboardFormatAvailable
WaitMessage
LockWindowUpdate
GetDCEx
FrameRect
CopyIcon
SetCursorPos
DrawFrameControl
DrawEdge
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetPropA

gdi32

CopyMetaFileA
CreateDCA
CreateFontIndirectA
BitBlt
CreateDIBPatternBrushPt
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutA
ExtTextOutA
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
PatBlt
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
GetMapMode
SetRectRgn
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetViewportOrgEx
GetBkColor
CreateFontA
GetCharWidthA
StretchDIBits
GetTextColor
GetRgnBox
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
GetTextFaceA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
EnumFontFamiliesExA
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
DPtoLP
GetTextMetricsA
Rectangle
GetTextExtentPoint32A
GetPixel
GetDeviceCaps
CreateSolidBrush
OffsetViewportOrgEx
SelectObject
CreatePen

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetJobA

advapi32

RegEnumKeyExA
RegEnumValueA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExW
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegCloseKey

shell32

SHGetPathFromIDListA
DragAcceptFiles
DragQueryFileA
DragFinish
ShellExecuteExA
SHAppBarMessage
SHGetFileInfoA
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
ExtractIconA
SHAddToRecentDocs

shlwapi

PathFindExtensionA
PathFindFileNameA
StrFormatKBSizeA
PathRemoveExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA

uxtheme

IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetThemePartSize
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeParentBackground

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleRegGetMiscStatus
OleRegEnumVerbs
OleQueryCreateFromData
OleQueryLinkFromData
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
WriteClassStm
CreateDataAdviseHolder
CreateGenericComposite
CreateItemMoniker
OleSaveToStream
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoDisconnectObject
StringFromGUID2
CreateOleAdviseHolder
CoLockObjectExternal
PropVariantCopy
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateGuid
CoInitializeEx
CoUninitialize
OleRun
CLSIDFromString
CoCreateInstance
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CLSIDFromProgID
GetRunningObjectTable
OleIsRunning
CoGetMalloc
GetHGlobalFromILockBytes
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSetContainedObject
OleLockRunning
OleGetIconOfClass
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleSetMenuDescriptor

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VarDateFromStr
SysAllocString
SysStringLen
SysReAllocStringLen
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
RegisterTypeLi
OleCreateFontIndirect
VariantClear
GetActiveObject
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
SafeArrayLock
SysFreeString

oledlg

ord8

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdiplusShutdown
GdipAlloc

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8798cd08016a6289a3b87991aa66d1c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

setupapi

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 606KB - Virtual size: 606KB

.data Size: 38KB - Virtual size: 58KB

.rsrc Size: 46KB - Virtual size: 45KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 606KB - Virtual size: 606KB

.data
Size: 38KB - Virtual size: 58KB

.rsrc
Size: 46KB - Virtual size: 45KB