c83f0b20e00e79c9f40037e2e11b7987b8c4703e3dff8b31919ed9c3cf81866f

Sharing

Copy URL Twitter E-mail

General

Target

c83f0b20e00e79c9f40037e2e11b7987b8c4703e3dff8b31919ed9c3cf81866f
Size

729KB
MD5

5fb1f060f37b0fa5e7f92a22f29fc6f8
SHA1

142d7fe9f372ae5a2389021a748a759ab4c54a74
SHA256

c83f0b20e00e79c9f40037e2e11b7987b8c4703e3dff8b31919ed9c3cf81866f
SHA512

8a73de430b69edd81d17e5576b9d568dca9bef0ef0c98954bb33ae96596ffae4593e3eee2f83f7b3767a5ab7393d768013126b2579f441a417553d19965436b3
SSDEEP

6144:ytTglHtSG/7bj20q1LCxAbA+bj2pDg2Lhs8NVO6HzLLS7Fj+wtF24o9jWsmiRv8G:e+SG/TTeA+fYe8NE6Hz67Fj+SFTIkm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c83f0b20e00e79c9f40037e2e11b7987b8c4703e3dff8b31919ed9c3cf81866f

Files

c83f0b20e00e79c9f40037e2e11b7987b8c4703e3dff8b31919ed9c3cf81866f
.exe windows:5 windows x86 arch:x86

5fc9fbc1357fe44e34f799e57ed06379

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_NetFilterApps\PrivDog\Current\BIN\Win32\Release\PrivDog.pdb

Imports

kernel32

GetFileAttributesW
GetFileSizeEx
GetFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
lstrlenA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
GlobalFindAtomW
GetVersionExW
LoadLibraryW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
GlobalUnlock
ReleaseMutex
lstrlenW
WritePrivateProfileStringW
GlobalFree
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
SetLastError
GetModuleHandleW
GetProcAddress
GetTempPathW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
Sleep
ReleaseSemaphore
CreateSemaphoreW
WaitForSingleObject
SetEvent
FreeResource
FindResourceExW
SizeofResource
LockResource
LoadResource
FindResourceW
AllocConsole
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThreadId
CreateThread
CloseHandle
InterlockedDecrement
InterlockedIncrement
CreateMutexW
HeapDestroy
GetLastError

user32

RegisterClipboardFormatW
CopyAcceleratorTableW
CharNextW
ReleaseCapture
SetCapture
UnregisterClassW
GetWindowDC
ReleaseDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetTopWindow
GetMessageTime
GetMessagePos
SetMenu
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetSysColor
EqualRect
CallWindowProcW
CopyRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextW
SetFocus
SetWindowLongW
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
UnhookWindowsHookEx
DestroyIcon
DrawIconEx
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
GetDlgCtrlID
GetWindow
MoveWindow
AdjustWindowRectEx
DestroyMenu
CharUpperW
GetSysColorBrush
ClientToScreen
EndPaint
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
IsRectEmpty
BeginPaint
GetDC
IsZoomed
GetKeyboardLayout
MapVirtualKeyExW
LoadCursorW
MapWindowPoints
DefWindowProcW
PostQuitMessage
DestroyWindow
GetParent
EnableWindow
SetForegroundWindow
SwitchToThisWindow
AttachThreadInput
GetForegroundWindow
SetRect
GetMonitorInfoW
MonitorFromPoint
SetWindowRgn
IsWindowVisible
GetCursorPos
GetWindowRect
IsWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PostMessageW
SystemParametersInfoW
BringWindowToTop
LoadIconW
PtInRect
SetWindowPos
ShowWindow
GetWindowThreadProcessId
GetClassNameW
RegisterClassW
GetClassInfoW
SendMessageW
FindWindowExW
FindWindowW

gdi32

ExtSelectClipRgn
GetStockObject
PtVisible
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetBkColor
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
GetTextColor
CreateRoundRectRgn
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteDC
GetObjectW
DeleteObject
CreateCompatibleDC
CreateFontW
GetDeviceCaps
CreateICW
GetTextExtentPointA
GetTextMetricsA
SelectObject
RectVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
SetSecurityInfo
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoUninitialize
CoInitializeEx
CoUnmarshalInterface
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoCreateInstance

oleaut32

GetErrorInfo
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString

sciter-x

SciterSetElementText
SciterInsertElement
SciterGetExpando
SciterCloneElement
SciterGetValue
SciterGetElementIntrinsicWidths
SciterSetCallback
SciterDataReady
SciterLoadHtml
SciterProcND
SciterSetupDebugOutput
SciterCall
SciterDetachElement
SciterSetElementState
SciterGetElementState
SciterSelectParent
SciterGetElementTextCB
SciterSetStyleAttribute
SciterGetStyleAttribute
SciterSetAttributeByName
SciterGetAttributeByName
SciterGetElementIndex
SciterGetParentElement
SciterGetNthChild
SciterGetChildrenCount
SciterWindowAttachEventHandler
ValueEnumElements
ValueElementsCount
ValueToString
ValueStringData
ValueStringDataSet
ValueIntDataSet
ValueCopy
ValueClear
ValueInit
SciterUpdateElement
SciterSelectElements
Sciter_UnuseElement
Sciter_UseElement
SciterGetElementLocation
SciterGetElementIntrinsicHeight
SciterGetRootElement

utilsdll

?OpenMessageTopicW@@YA?AV?$SmartHandle@$1?CloseMessageTopicW@@YGHPAX@Z@@PB_W@Z
?TopicUnsubscribeW@@YAJPAXAAVIMessageHandlerW@@K@Z
?CreateMessageTopicW@@YA?AV?$SmartHandle@$1?CloseMessageTopicW@@YGHPAX@Z@@PB_W@Z
?TopicSubscribeW@@YAJPAXAAVIMessageHandlerW@@@Z
?THPCreateThreadPool@@YAPAXPB_W@Z
?THPCreateCategory@@YAJPAXKABVTHPCategoryOptions@@H@Z
?THPQueueWork@@YAJPAXKKAAVITHPWorkItem@@ABV?$HashMessageTW@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@@W4ScheduleOption@1@PAPAX@Z
?THPCancelWork@@YAJPAXKW4OperationType@IThreadPool@@@Z
?THPCloseThreadpool@@YGHPAX@Z
?TopicSendMessageW@@YAJPAXAAVMessageW@@10@Z

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipSaveImageToFile
GdipImageRotateFlip
GdipCreateBitmapFromScan0
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHICON
GdiplusShutdown

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fc9fbc1357fe44e34f799e57ed06379

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

sciter-x

utilsdll

version

gdiplus

Sections

.text Size: 329KB - Virtual size: 328KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 13KB - Virtual size: 29KB

.rsrc Size: 245KB - Virtual size: 245KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 329KB - Virtual size: 328KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 245KB - Virtual size: 245KB

.reloc
Size: 48KB - Virtual size: 47KB