c3892b69f4a64f8a497271a50375fddbdf210df2be3039c5bf22bc65f81a051f

Sharing

Copy URL Twitter E-mail

General

Target

c3892b69f4a64f8a497271a50375fddbdf210df2be3039c5bf22bc65f81a051f
Size

8.9MB
MD5

6338dac13dc27d08cc6477280b0a9377
SHA1

336cf52d64750f3b890e241345cba12cadacb4ce
SHA256

c3892b69f4a64f8a497271a50375fddbdf210df2be3039c5bf22bc65f81a051f
SHA512

bb6679465718078caab26c59be6a1eddf490d70af057ad9a6c3a4f3a3257ce48b897f61a4c3b9d7bb809cb7e7b4b7fe6f2d9853c9c487f75bd1590ab94e01108
SSDEEP

98304:p6LXP/kJdcoDI6qLwewCkxag90ZKHXcemCipmQzD0AnZRs9MLV7nXOQ4OcF3v2z3:gbgr9u2hm1nZ7LpXOQvA+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3892b69f4a64f8a497271a50375fddbdf210df2be3039c5bf22bc65f81a051f

Files

c3892b69f4a64f8a497271a50375fddbdf210df2be3039c5bf22bc65f81a051f
.dll regsvr32 windows:4 windows x86 arch:x86

d107cc766c91f5ac80f8a3ddd54fb124

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

tcuiext

MatchCbItemData
TcSmartAppendBackslash
LoadMenuA
lstrchr
TcCalcColWidth
TcGetUserName
_GetCurItemDataCb@8
GetTempPathA
TcGetUserFullName
EnableControlArray
GrectToRect
RectToGrect
MyLoadString
InitCheckDialogEntries
CheckDialogEntries
DispCheckResult
StripString
GetCurItemDataCbEx
MatchCbExItemData
InWordVector
TcDebugOut
InitResourceDialogStrings
PutMessage
ShowControlArray

comscore

MakeTimeAbs
_LongToSec@4
SysTimeToLong
_SecToLong@4
GetUnitString
OleCharToAnsi
LongToDateTimeLc
_SecToDateTimeDiff@12

tdasuie

_ReportErrorUi
Createdasachk
TDasDrawCaption
IsSaverisSbe
TDasCreateCaptionFont
TdasuieGetGradientUnitString
DisplayUnitOf
__tdTransformLikeUnitItem@20
DisplayUnitOf2
AlrtConditionToText2
__tdInversTransformLikeUnitItem@20
DoActivateAl
DoActivateA2agrp
FormatSlotName
GetDefaultProbeConditions
GetDefaultProbeSysAlarmConditions
GetPrjPrefsSec
SmsNumberIsValid
IsSaverisMailTestSendAvailable
DoSaverisMailTestSend
SetRecipientDefaults
TdasuieAddAuditAndSign

tccom

SimpHttpCtrl

mfc42

ord2860
ord3874
ord823
ord2080
ord3317
ord1086
ord5601
ord3610
ord656
ord2763
ord6199
ord2089
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord3386
ord4431
ord771
ord1008
ord496
ord6176
ord4715
ord1133
ord1907
ord5161
ord5160
ord4905
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord489
ord4976
ord4742
ord768
ord4258
ord5162
ord5951
ord3095
ord5933
ord2033
ord2988
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord4622
ord3681
ord446
ord743
ord4252
ord1226
ord1212
ord5431
ord3348
ord4351
ord2989
ord3579
ord2625
ord297
ord619
ord4538
ord6031
ord2642
ord3286
ord6007
ord3918
ord6888
ord6283
ord6282
ord6675
ord3547
ord3719
ord793
ord4299
ord2114
ord4092
ord5856
ord3287
ord4021
ord6008
ord4000
ord6905
ord755
ord5875
ord470
ord1176
ord539
ord861
ord1085
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord6467
ord1227
ord3573
ord2575
ord4396
ord3574
ord609
ord2078
ord4275
ord616
ord3582
ord3402
ord4398
ord2578
ord4218
ord2023
ord2411
ord6880
ord1233
ord860
ord818
ord3742
ord2645
ord537
ord6394
ord6383
ord5440
ord5450
ord858
ord3089
ord6907
ord2107
ord3910
ord3293
ord2379
ord542
ord802
ord5148
ord4694
ord4243
ord2841
ord2729
ord2730
ord2727
ord746
ord449
ord4625
ord3379
ord4438
ord5286
ord6371
ord4713
ord5011
ord4843
ord4672
ord4570
ord4014
ord1892
ord6215
ord3663
ord1146
ord1641
ord2096
ord2862
ord2414
ord3626
ord3571
ord2302
ord3092
ord5981
ord384
ord810
ord686
ord3733
ord3398
ord535
ord2864
ord6334
ord2818
ord4224
ord4234
ord2938
ord540
ord3097
ord1099
ord2614
ord941
ord939
ord2737
ord4055
ord3301
ord5953
ord1783
ord3998
ord1779
ord1574
ord1168
ord5802
ord6242
ord3996
ord4710
ord693
ord800
ord825
ord324
ord567
ord641
ord3640
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3370
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord1776
ord4078
ord6055
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1116
ord1651
ord2867
ord6197
ord6379
ord2112
ord4284
ord3520
ord6401
ord3870
ord2463
ord4083
ord3711
ord783
ord1816
ord326
ord6453
ord614
ord1949
ord6442
ord2859
ord3797
ord3138
ord816
ord562
ord5787
ord283
ord6625
ord4160
ord5053
ord955
ord4287
ord2919
ord2623
ord6877
ord536
ord940
ord4020
ord1601
ord6605
ord1140
ord1175
ord3887
ord2830
ord4222
ord5467
ord1581
ord2918
ord1989
ord2805
ord960
ord6314
ord4179
ord6389
ord5445
ord3318
ord2582
ord5775
ord2603
ord5186
ord3180
ord3183
ord3176
ord3508
ord3652
ord403
ord703
ord1643
ord1979
ord5442
ord665
ord354
ord2454
ord1567
ord857
ord268
ord3728
ord543
ord803
ord6307
ord521
ord4167
ord5934
ord837
ord2448
ord1945
ord640
ord4123
ord2754
ord5785
ord1640
ord323
ord2634
ord6128
ord613
ord289
ord6129
ord3753
ord3754
ord3756
ord936
ord3880
ord3425
ord3055
ord928
ord932
ord920
ord3810
ord919
ord921
ord2380
ord2652
ord1669
ord3054
ord3758
ord3408
ord3227
ord2044
ord5834
ord801
ord541
ord4133
ord4297
ord812
ord559
ord2814
ord2764
ord934
ord938
ord282
ord836
ord922
ord924
ord6143
ord6144
ord879
ord2740
ord882
ord2801
ord4129
ord5683
ord4204
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord1847
ord4124
ord3920
ord3258
ord4003
ord3237
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3706
ord5781
ord3693
ord2405
ord3220
ord2567
ord2753
ord2713
ord6648
ord1171
ord1232
ord5572
ord3517
ord3496
ord3495
ord2452
ord5788
ord3909
ord764
ord3028
ord6270
ord2863
ord4220
ord2584
ord3654
ord2438
ord824
ord1795
ord2714
ord1799
ord2868
ord290
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389

msvcrt

_ismbcprint
_ismbcalpha
_mbslwr
wcslen
wcscmp
wcsstr
_wcslwr
strtol
_mbsnbicmp
strtod
_mbslen
sscanf
_mbctoupper
strchr
_CIacos
ceil
_wcsdup
_wcsicmp
swscanf
isspace
iswspace
_mbsnbcpy
wcsncmp
longjmp
_setjmp3
_mbctype
_wtol
isdigit
rand
_mbsstr
_mbsncpy
_ismbcdigit
_ismbcspace
_ismbcalnum
isxdigit
calloc
wcsncpy
_itoa
floor
_CIpow
atol
_mbsnbcmp
qsort
_mbschr
_mbsicmp
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_wtoi
_snprintf
_mbscmp
setlocale
atof
sprintf
_CxxThrowException
memmove
_ftol
modf
_purecall
_snwprintf
realloc
wcschr
atoi
free
__CxxFrameHandler

kernel32

GetLocalTime
GetTickCount
SetFilePointer
WideCharToMultiByte
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
HeapFree
HeapAlloc
GetProcessHeap
GetTimeZoneInformation
GetUserDefaultLCID
GlobalReAlloc
InterlockedExchange
TlsAlloc
TlsSetValue
TlsGetValue
FormatMessageA
GlobalSize
FileTimeToSystemTime
SystemTimeToFileTime
DeleteFileA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetTempFileNameA
GetPrivateProfileStringA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OutputDebugStringA
ExitProcess
TlsFree
CreateDirectoryA
SetFileAttributesA
GetCurrentDirectoryA
CompareStringA
GetCurrentProcessId
LocalFileTimeToFileTime
SetFileTime
GetUserDefaultLangID
MulDiv
GetFileAttributesA
Sleep
GetCurrentThreadId
GetFileSize
LocalAlloc
LocalFree
lstrcpynA
lstrcpyW
WriteFile
InterlockedDecrement
InterlockedIncrement
lstrcatA
CreateFileA
CloseHandle
SystemTimeToTzSpecificLocalTime
GetTimeFormatA
GetDateFormatA
MultiByteToWideChar
lstrcmpiA
lstrcmpW
GetSystemTime
lstrcpyA
GlobalLock
GlobalUnlock
GetLocaleInfoA
lstrcmpA
lstrcmpiW
lstrlenA
lstrcpynW
lstrlenW
ReadFile
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalFree
GetLastError
CreateThread
CreateEventA
SetThreadPriority
ResumeThread
GetCPInfo
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetOEMCP
GetVersionExA

user32

GetForegroundWindow
DefWindowProcA
GetWindowTextA
GetWindowTextLengthA
DestroyIcon
DrawIconEx
PostQuitMessage
ValidateRect
TabbedTextOutA
GrayStringA
GetSysColorBrush
WindowFromPoint
GetIconInfo
GetCursor
SetWindowRgn
DrawStateA
EqualRect
SetClassLongA
GetClassLongA
SetClipboardData
EmptyClipboard
ShowCaret
HideCaret
RegisterClipboardFormatA
LoadImageA
CreateIconFromResourceEx
CopyIcon
CreateIconIndirect
DrawFocusRect
LookupIconIdFromDirectoryEx
GetMenuStringW
GetMenuStringA
IsClipboardFormatAvailable
GetDlgCtrlID
SetFocus
GetMenuItemID
GetTopWindow
GetTabbedTextExtentA
GetDoubleClickTime
GetWindow
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
WaitMessage
GetMenuItemInfoA
IsMenu
IsChild
GetWindowRgn
SetParent
SetMenu
GetMenuState
GetMenuDefaultItem
GetSystemMenu
GetMenu
CopyAcceleratorTableA
IsIconic
IsWindowEnabled
GetLastActivePopup
GetKeyNameTextA
MapVirtualKeyExA
GetKeyboardLayout
ToAsciiEx
GetKeyboardState
GetKeyboardLayoutList
CharUpperA
BringWindowToTop
SetCursorPos
CreatePopupMenu
AdjustWindowRectEx
SetWindowLongW
GetWindowLongW
IsWindowUnicode
CallWindowProcA
IsZoomed
GetActiveWindow
MessageBoxA
IsDialogMessageA
DestroyWindow
CreateWindowExA
GetWindowThreadProcessId
GetClipboardFormatNameA
SendMessageTimeoutA
SendMessageA
GetDlgItem
GetClientRect
GetSystemMetrics
EnableWindow
RedrawWindow
SetCapture
SetRect
GetCapture
GetMessageA
ReleaseCapture
GetDC
ReleaseDC
GetNextDlgTabItem
SetRectEmpty
SetCursor
GetClassNameA
SetWindowLongA
SetWindowPos
IsRectEmpty
OffsetRect
MessageBeep
ShowWindow
LoadBitmapA
MapWindowPoints
GetMessagePos
GetFocus
GetParent
GetWindowLongA
GetKeyState
PtInRect
PostMessageA
DrawFrameControl
GetDialogBaseUnits
IntersectRect
GetDesktopWindow
LockWindowUpdate
GetDCEx
InvertRect
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
InflateRect
FrameRect
FillRect
KillTimer
SetTimer
EnableScrollBar
GetClassInfoA
PostThreadMessageA
PeekMessageA
CopyRect
SystemParametersInfoA
mouse_event
IsCharLowerA
IsWindowVisible
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UpdateWindow
ClientToScreen
DrawTextA
GetSysColor
UnionRect
DrawEdge
wsprintfA
GetSubMenu
EnableMenuItem
IsWindow
InvalidateRect
LoadCursorA
GetWindowRect
DispatchMessageA
TranslateMessage
CloseClipboard
GetClipboardData
OpenClipboard
RegisterWindowMessageA
LoadIconA
ScreenToClient
GetCursorPos
AppendMenuA
DeleteMenu
GetMenuItemCount
DestroyMenu
TrackPopupMenu
MapVirtualKeyA

gdi32

CombineRgn
PtInRegion
ExtSelectClipRgn
CreateRectRgn
GetClipRgn
IntersectClipRect
GetTextAlign
GetCurrentPositionEx
GetCharWidthA
ExtTextOutW
GetTextExtentPoint32W
GetClipBox
PolyBezierTo
CloseFigure
StrokeAndFillPath
FillPath
Polyline
GetWindowExtEx
GetViewportExtEx
OffsetViewportOrgEx
GetTextMetricsA
CreatePatternBrush
CreatePolygonRgn
FillRgn
FrameRgn
CreateDCA
GetMapMode
GetViewportOrgEx
CreateRoundRectRgn
GetWindowOrgEx
GetCurrentObject
DPtoLP
CreateFontIndirectA
GetDIBits
SetStretchBltMode
StretchBlt
DeleteDC
ExtCreateRegion
GetBitmapBits
BeginPath
EndPath
StrokePath
Escape
ExtTextOutA
RectVisible
PtVisible
CreateBitmap
CreateBrushIndirect
SetBkColor
Rectangle
Polygon
GetTextColor
GetBkMode
GetBkColor
EnumFontFamiliesExA
CreatePen
CreateRectRgnIndirect
GetPixel
Ellipse
SetPixel
BitBlt
CreateCompatibleDC
GetRgnBox
ExtFloodFill
SetBrushOrgEx
CreateCompatibleBitmap
GetObjectA
GetBitmapDimensionEx
SetTextColor
SetBkMode
CreateSolidBrush
GetDeviceCaps
GetTextExtentPoint32A
TextOutA
MoveToEx
LineTo
GetStockObject
SelectObject
CreateDIBSection
PatBlt
RoundRect
SetTextAlign
DeleteObject

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
IsTextUnicode
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

shell32

SHGetPathFromIDListA
SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA

comctl32

ImageList_GetIcon
_TrackMouseEvent
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw

ole32

OleRun
CoInitialize
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysStringLen
VariantCopy
VariantInit
SystemTimeToVariantTime
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantChangeTypeEx
DosDateTimeToVariantTime
OleLoadPicturePath
VariantChangeType
GetErrorInfo

shlwapi

PathCombineA
PathRemoveFileSpecA

winmm

PlaySoundA

gdiplus

GdipSetCompositingQuality
GdipCreateLineBrush
GdipSetLineBlend
GdipCreateLineBrushI
GdipAddPathEllipseI
GdipCreatePathGradientFromPath
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipDeleteFont
GdipDeleteBrush
GdipDeleteStringFormat
GdipDrawString
GdipSetPathGradientCenterColor
GdipSetStringFormatTrimming
GdipCreateStringFormat
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipFillRectangle
GdipCreateSolidFill
GdipSetStringFormatLineAlign
GdipSetCompositingMode
GdipCreateFromHDC
GdipAlloc
GdipCloneBrush
GdipFree
GdipCreatePath
GdipDeletePath
GdipFillRectangleI
GdipSetSmoothingMode
GdipFillPieI
GdipGetPathGradientPointCount
GdipSetPathGradientBlend
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterPointI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.6MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d107cc766c91f5ac80f8a3ddd54fb124

Headers

File Characteristics

Imports

tcuiext

comscore

tdasuie

tccom

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

shlwapi

winmm

gdiplus

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 432KB - Virtual size: 431KB

.data Size: 104KB - Virtual size: 118KB

.rsrc Size: 5.6MB - Virtual size: 5.5MB

.reloc Size: 248KB - Virtual size: 244KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 432KB - Virtual size: 431KB

.data
Size: 104KB - Virtual size: 118KB

.rsrc
Size: 5.6MB - Virtual size: 5.5MB

.reloc
Size: 248KB - Virtual size: 244KB