62713f15cf77b7c84bb8f93abdce7d4cbf8bde6417605f81ad87a3f749ca1bcb

Sharing

Copy URL Twitter E-mail

General

Target

62713f15cf77b7c84bb8f93abdce7d4cbf8bde6417605f81ad87a3f749ca1bcb
Size

4.3MB
MD5

43f65a29ccb384814aa8b59e03e43df7
SHA1

536b19b7bc3fb07e0c641cb46d3c3a308ac4bb77
SHA256

62713f15cf77b7c84bb8f93abdce7d4cbf8bde6417605f81ad87a3f749ca1bcb
SHA512

4961fb1eecdbfa2ab65bb0e725f30700370c3e0e659707f7042f448029316e09d9a3905e6ddd323f3420fbba1d7d64c9f53042b7cf3a9eacf900c8d6d61c302f
SSDEEP

98304:a0vAYGacePTKLRaL6EHooRoDWWVrKoRoDWWVrCoRoDWWVr9:NAYV+FFqooRoDWWV2oRoDWWVOoRoDWWb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62713f15cf77b7c84bb8f93abdce7d4cbf8bde6417605f81ad87a3f749ca1bcb

Files

62713f15cf77b7c84bb8f93abdce7d4cbf8bde6417605f81ad87a3f749ca1bcb
.exe windows:4 windows x86 arch:x86

fc630c6bd2df87c0df20d23bde266bdf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Tools\DMR_CPS\CS800D\trunk\CPS\release\cs800d.pdb

Imports

kernel32

SetStdHandle
GetFileType
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTimeZoneInformation
GetACP
GetOEMCP
ExitProcess
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapReAlloc
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentDirectoryW
SetErrorMode
GetFileTime
GetFileAttributesW
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetProfileIntW
FileTimeToLocalFileTime
InterlockedIncrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetStringTypeExW
lstrcmpA
GetCurrentProcessId
GlobalGetAtomNameW
GetModuleHandleA
CloseHandle
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FileTimeToSystemTime
FreeLibrary
InterlockedDecrement
GlobalFree
CopyFileW
GlobalAlloc
FormatMessageW
LocalFree
GetTickCount
GlobalUnlock
GlobalLock
GlobalSize
GlobalReAlloc
WideCharToMultiByte
Beep
InitializeCriticalSection
CreateThread
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
GetModuleFileNameW
Sleep
GetLocalTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
MulDiv
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
lstrcmpiW
lstrlenW
FreeResource
GetCPInfo
lstrlenA
GetVersionExW
GetVersion
LockResource
SizeofResource
LoadResource
FindResourceW

user32

EndDialog
CreateDialogIndirectParamW
CharUpperW
PostQuitMessage
RegisterClipboardFormatW
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
CharNextW
UnregisterClassW
PostThreadMessageW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
UnhookWindowsHookEx
GetMenuStringW
ChildWindowFromPointEx
LoadStringW
GetDlgCtrlID
GetDoubleClickTime
GetCapture
ClipCursor
InvertRect
GetMessagePos
IsClipboardFormatAvailable
ScreenToClient
IntersectRect
DefWindowProcW
wsprintfW
GetDCEx
ReleaseCapture
RedrawWindow
SetCapture
GetClassLongW
IsRectEmpty
EndDeferWindowPos
BeginDeferWindowPos
GetKeyState
GetCursorPos
IsChild
LockWindowUpdate
GetClassInfoW
DrawMenuBar
IsZoomed
GetMenu
SetTimer
GetSystemMenu
TranslateMDISysAccel
CheckMenuItem
EnableMenuItem
IsWindowVisible
SetParent
SetFocus
IsWindow
IsWindowEnabled
GetFocus
UpdateWindow
GetComboBoxInfo
LoadCursorW
FrameRect
LoadImageW
DrawStateW
OffsetRect
DrawFocusRect
InflateRect
GetWindowRect
GetActiveWindow
WindowFromPoint
ClientToScreen
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
GetWindowLongW
DestroyCursor
GetSubMenu
DeleteMenu
LoadBitmapW
GetSysColorBrush
FillRect
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
AppendMenuW
ReleaseDC
GetDC
GetDesktopWindow
GetSystemMetrics
DestroyIcon
LoadIconW
UnregisterClassA
EndPaint
BeginPaint
GetWindowDC
ShowWindow
MoveWindow
DrawIconEx
SystemParametersInfoW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetMenuItemInfoW
SetRect
DrawEdge
CopyRect
GetSysColor
GetAsyncKeyState
EnableWindow
SendMessageW
PostMessageW
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
GetWindowThreadProcessId
InvalidateRect
GetClientRect
GetWindow
GetTopWindow
LoadAcceleratorsW
InsertMenuItemW
SetRectEmpty
BringWindowToTop
SetMenu
PtInRect
TranslateAcceleratorW
SetWindowTextW
IsDialogMessageW
SetWindowRgn
DrawIcon
FindWindowW
GetMessageW
TranslateMessage
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
DestroyWindow
GetMessageTime
PeekMessageW
MapWindowPoints
KillTimer
ScrollWindow
CallNextHookEx

gdi32

SetPixel
PatBlt
Rectangle
GetStockObject
CreateBitmap
SetBkColor
SetTextColor
GetTextColor
GetBkColor
GetCurrentObject
CreateFontW
GetTextMetricsW
Polygon
CopyMetaFileW
GetClipBox
CreateEllipticRgn
DPtoLP
LPtoDP
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
CreateSolidBrush
SelectClipRgn
GetPixel
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetCharWidthW
StretchDIBits
GetRgnBox
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
Ellipse
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontIndirectW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetBkMode
CreatePen
GetObjectW
DeleteDC
DeleteObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExA
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

ShellExecuteW
DragFinish
DragQueryFileW
ShellExecuteExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleSetClipboard
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDuplicateData
CoTaskMemAlloc
OleFlushClipboard
CoTaskMemFree
OleGetClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal

oleaut32

VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocString
OleCreateFontIndirect
VariantCopy
SysAllocStringLen
SafeArrayDestroy
VarUdateFromDate
SystemTimeToVariantTime
VariantClear
VariantTimeToSystemTime

rcdb_interface

_RCDB_InsertModule@16
_RCDB_Delete@12
_SetFileBuffAddr@4
_RCDB_WriteBytes@16
_RCDB_ReadBytes@16
_RCDB_DeleteBigZoneModule@20
_RCDB_AddMoudle@12
_RCDB_DeleteModule@16

massstorage

Open_MassStorage_Dev
Enum_MassStorage_Dev
ReadMassStorage
WriteMassStorage

cmd_pack

?PC_RX_RAP_COMMAND_CHECK@@YAGPAEGG@Z
?Rap_Payload_Package@@YAGPAE0G0G@Z
?Rap_Command_Package@@YAGPAEG0G@Z

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 110.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc630c6bd2df87c0df20d23bde266bdf

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

rcdb_interface

massstorage

cmd_pack

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 20KB - Virtual size: 110.1MB

.rsrc Size: 2.5MB - Virtual size: 2.4MB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 20KB - Virtual size: 110.1MB

.rsrc
Size: 2.5MB - Virtual size: 2.4MB