d83b5b48461f2fdfda46821453fc49a6222129c04e2127f81513c73a8a7c8ba5

Sharing

Copy URL Twitter E-mail

General

Target

d83b5b48461f2fdfda46821453fc49a6222129c04e2127f81513c73a8a7c8ba5
Size

647KB
MD5

1f50f1d74b6d51dc2646469027fb4f55
SHA1

27a893eb36269d079de8fcadc396bef6a1d95a74
SHA256

d83b5b48461f2fdfda46821453fc49a6222129c04e2127f81513c73a8a7c8ba5
SHA512

7eddd4a1fe1d62f6a3f3a0927bd3dae7a98a97a1113f576855e307fce364a19d4ba9b8a4dcbf330aec7293a3abf22f49bc9dd9fef62b133dcdddca1f3c768a77
SSDEEP

12288:V0QwsdJk9haY8ByHZ37tw0+kfcpUQVy/nI/+1IdSMNB8j0x+XiJq9Kjbv3Klrb3V:aQwGJk9haY8Bw3a0hfcpUQVy/IBGS+X3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d83b5b48461f2fdfda46821453fc49a6222129c04e2127f81513c73a8a7c8ba5

Files

d83b5b48461f2fdfda46821453fc49a6222129c04e2127f81513c73a8a7c8ba5
.dll windows:5 windows x86 arch:x86

b0086e24f63975321ea9cf204c1ef622

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\192.168.2.24-SmartECGNet\SDK\Trunk\ECGView\ECGViewerOCX\Release\plugins\ECGStrip.pdb

Imports

mfc100u

ord796
ord341
ord8599
ord3428
ord293
ord6870
ord2062
ord7211
ord3493
ord12182
ord4138
ord3174
ord1474
ord12867
ord1721
ord1720
ord870
ord1271
ord4207
ord7228
ord2185
ord5855
ord4355
ord430
ord985
ord4512
ord7876
ord2629
ord285
ord5264
ord2614
ord6975
ord9140
ord9139
ord10185
ord8151
ord10164
ord8659
ord10750
ord8062
ord8070
ord10159
ord8657
ord9080
ord9075
ord8645
ord8655
ord8640
ord10307
ord10304
ord7474
ord5557
ord12608
ord11167
ord4437
ord4438
ord4441
ord4439
ord4440
ord6155
ord2337
ord11115
ord2765
ord8363
ord280
ord11494
ord12186
ord4802
ord8509
ord11997
ord5801
ord5862
ord3446
ord4290
ord1987
ord337
ord3978
ord12951
ord7973
ord11080
ord4805
ord3397
ord10904
ord6159
ord12413
ord1212
ord788
ord9557
ord11998
ord3261
ord917
ord5802
ord8264
ord2746
ord3746
ord1246
ord897
ord6102
ord9333
ord5468
ord5143
ord11159
ord2852
ord2951
ord2946
ord2847
ord8276
ord6125
ord1274
ord5811
ord8347
ord5303
ord11163
ord2417
ord12606
ord5556
ord2756
ord2980
ord2981
ord3627
ord9525
ord10412
ord10057
ord8178
ord11123
ord948
ord2184
ord374
ord4782
ord4767
ord804
ord1224
ord806
ord11801
ord11838
ord7524
ord12154
ord1440
ord12801
ord290
ord4151
ord7914
ord1312
ord4478
ord1476
ord1479
ord11683
ord4150
ord13220
ord13214
ord13208
ord2952
ord11940
ord11116
ord2339
ord5276
ord12557
ord10725
ord6156
ord13388
ord7109
ord13382
ord2665
ord3992
ord14067
ord3999
ord4416
ord4383
ord4379
ord4413
ord4434
ord4392
ord4430
ord4400
ord4404
ord4408
ord4396
ord4425
ord4388
ord1519
ord1512
ord1514
ord1508
ord1501
ord6096
ord7929
ord6869
ord890
ord11244
ord11246
ord12724
ord2853
ord8393
ord10045
ord6247
ord11210
ord8112
ord13380
ord7967
ord7529
ord919
ord945
ord11982
ord5799
ord6080
ord6858
ord11999
ord12871
ord3703
ord6722
ord4139
ord908
ord13605
ord2091
ord322
ord2055
ord2053
ord2080
ord1984
ord2045
ord3413
ord408
ord1953
ord2090
ord2088
ord1945
ord1873
ord323
ord1301
ord13168
ord2119
ord4197
ord981
ord423
ord4606
ord11936
ord12940
ord11933
ord12930
ord8036
ord12933
ord12548
ord12007
ord11786
ord11870
ord11511
ord11493
ord12628
ord12157
ord5826
ord2064
ord2068
ord1313
ord745
ord11503
ord744
ord1326
ord2898
ord781
ord782
ord1346
ord1334
ord2201
ord7300
ord7074
ord277
ord1480
ord421
ord979
ord11704
ord4890
ord4888
ord5852
ord417
ord10960
ord5231
ord11333
ord2528
ord11682
ord10937
ord3402
ord11081
ord8277
ord14060
ord14059
ord14132
ord14149
ord14145
ord14147
ord14148
ord14146
ord2418
ord7385
ord2884
ord2887
ord12610
ord5558
ord2831
ord6373
ord1450
ord286
ord5229
ord902
ord296
ord7624
ord7548
ord11784
ord13854
ord4744
ord2164
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord265
ord12153
ord7179
ord13570
ord13567
ord13572
ord13569
ord13571
ord13568
ord3416
ord5261
ord11228
ord11236
ord7391
ord9498
ord11240
ord11209
ord11845
ord4642
ord4923
ord5115
ord4421
ord8821
ord1270
ord869
ord7006
ord1310
ord266
ord1292
ord7176
ord4360
ord1934
ord1298
ord8483
ord4901
ord5118
ord4645
ord4794
ord4623
ord6931
ord6932
ord6922
ord4792
ord7393
ord9328
ord5677
ord3491
ord4356
ord12525
ord13398
ord8346
ord6140
ord4086
ord13047
ord12135
ord12347
ord4450
ord1300

msvcr100

memcpy_s
_crt_debugger_hook
_snwscanf_s
strncpy
fputc
_vsnprintf_s
fopen_s
fread
fprintf
ferror
ftell
fseek
strncmp
isspace
strchr
isalnum
tolower
isalpha
wcsncpy_s
_waccess
_wtol
modf
_itow_s
_wtof
_wtoi
fclose
fwrite
fopen
sprintf
wcscpy_s
_purecall
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
wcsrchr
_CxxThrowException
memmove
??1exception@std@@UAE@XZ
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
atoi
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
wcscat_s
memcpy
memset
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z

kernel32

WriteFile
CreateFileW
lstrlenW
GetFileAttributesW
CloseHandle
MultiByteToWideChar
DeleteFileW
GetModuleFileNameW
GlobalFree
FreeResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceW
LocalFree
LocalAlloc
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WaitForSingleObject
lstrcmpW
IsProcessorFeaturePresent
GetModuleHandleW
lstrcpyW
GetCurrentThreadId
MulDiv
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocalTime
WideCharToMultiByte
GetTickCount
lstrcmpiW
GetProcessHeap
HeapFree
HeapAlloc
GlobalUnlock
GlobalLock

user32

TabbedTextOutW
DrawTextExW
GrayStringW
GetDesktopWindow
SetRect
DrawTextW
GetCursorPos
GetCapture
ReleaseCapture
SetCursor
GetSysColor
KillTimer
SetTimer
PtInRect
DestroyIcon
DrawStateW
FillRect
CopyRect
MessageBoxW
wsprintfW
SetWindowTextW
TranslateMessage
PeekMessageW
DispatchMessageW
GetWindowLongW
GetWindowTextW
GetClassNameW
EnumChildWindows
GetDlgCtrlID
GetSystemMetrics
GetDC
ReleaseDC
SetScrollRange
GetParent
GetClientRect
SetScrollPos
GetScrollPos
InvalidateRect
SendMessageW
EnableWindow
GetWindowRect
IsWindow

gdi32

GetTextColor
FrameRgn
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreatePen
Polyline
Rectangle
Ellipse
CreateRoundRectRgn
CreateRectRgn
CreateFontW
CreateSolidBrush
EndDoc
EndPage
StartPage
StartDocW
DeleteDC
DeleteObject
ResetDCW
CreateFontIndirectW
GetDeviceCaps
CreateDIBSection
GetCurrentObject
SetPixel
GetDIBits
RealizePalette
SelectPalette
CreateDCW
SelectObject
ExtTextOutW
PtVisible
Escape
RectVisible
TextOutW
GetObjectW
GetStockObject
PatBlt
BitBlt
FillRgn

msimg32

AlphaBlend

winspool.drv

EnumPrintersW
ord204
ord203

ole32

CoCreateGuid
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
OleLoadPicture

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

gdiplus

GdipDisposeImage
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipCloneImage

shell32

ShellExecuteExA
SHCreateDirectoryExW

shlwapi

PathFileExistsW

rpcrt4

RpcStringFreeW
UuidToStringW

Exports

Exports

CreateView
DeleteView
GetECGStripView
ResetGPLanguage
SetECGStripDllPara
ShowView

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0086e24f63975321ea9cf204c1ef622

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100u

msvcr100

kernel32

user32

gdi32

msimg32

winspool.drv

ole32

oleaut32

msvcp100

gdiplus

shell32

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 439KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 79KB - Virtual size: 78KB

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 79KB - Virtual size: 78KB