9d70880c0dce0abed8ea5d0749c7b3c35b72823a2747fabd7a4d4be515722e40

Sharing

Copy URL

Twitter E-mail

General

Target

9d70880c0dce0abed8ea5d0749c7b3c35b72823a2747fabd7a4d4be515722e40
Size

3.5MB
MD5

84a3ca805bffe691a3caa37765c4ae85
SHA1

b1c492eabba80d55f4ca4fd736dfcde12f545ff1
SHA256

9d70880c0dce0abed8ea5d0749c7b3c35b72823a2747fabd7a4d4be515722e40
SHA512

8b889a4f62c351d16c8f283726c63790e08b26742ee6dd7e86ad0de156cb16cee9a58979c4f0b2c3ef0e4cf599b9890250b16dadb43688f2b6f5c665f9511729
SSDEEP

98304:GzwcfKlwrY7UO7A8G4pd38L/nHIWuvlcL:tcfK5AxOd8oW0lcL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d70880c0dce0abed8ea5d0749c7b3c35b72823a2747fabd7a4d4be515722e40

Files

9d70880c0dce0abed8ea5d0749c7b3c35b72823a2747fabd7a4d4be515722e40
.exe windows:6 windows x86 arch:x86

b6e30be7aa5b22d6663fb9d1116d1f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ThirdFlash\Release\Updater.pdb

Imports

shlwapi

PathFileExistsA
PathFileExistsW

kernel32

VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
SetLastError
WaitForMultipleObjects
GetSystemTime
ConvertThreadToFiberEx
ConvertFiberToThread
FindFirstFileW
CreateFiberEx
DeleteFiber
SwitchToFiber
FormatMessageA
LoadLibraryA
GetSystemDirectoryA
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
ReadConsoleA
SetConsoleMode
GetEnvironmentVariableW
WriteConsoleW
HeapSize
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
SetConsoleCtrlHandler
SetStdHandle
GetFullPathNameW
FlushFileBuffers
HeapReAlloc
GetFileSizeEx
HeapAlloc
PeekNamedPipe
GetConsoleCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
RaiseException
RtlUnwind
UnregisterWaitEx
QueryDepthSList
GetEnvironmentVariableA
GetSystemTimeAsFileTime
CompareFileTime
WaitForSingleObjectEx
MoveFileExW
QueryPerformanceCounter
FreeLibrary
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
GetLocalTime
CreateDirectoryW
DosDateTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
SetFileTime
SetFilePointer
GetFileType
MulDiv
GetLastError
CreateFileW
CloseHandle
ReadFile
GetFileSize
GetCurrentDirectoryW
GetModuleHandleW
LoadLibraryW
GetTickCount
GetProcAddress
GetACP
DeleteFileW
CreateEventW
WaitForSingleObject
FindResourceW
LoadResource
LockResource
SetEvent
Sleep
FreeResource
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
TerminateProcess
WriteFile
GetStdHandle
GetCurrentProcess
SizeofResource
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
DeleteFileA
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThread
SwitchToThread
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetCurrentThreadId
HeapFree
TryEnterCriticalSection

user32

GetParent
GetWindow
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
SetWindowLongW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
IsIconic
SendMessageW
IsRectEmpty
IntersectRect
MapWindowPoints
GetCursorPos
GetWindowRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
GetClientRect
ScreenToClient
GetWindowLongW
wvsprintfW
SetCursor
UnionRect
OffsetRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
PostMessageW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
PtInRect

gdi32

SetBkColor
ExtSelectClipRgn
SelectClipRgn
StretchBlt
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
SetBkMode
GdiFlush
GetDeviceCaps
CreatePatternBrush
RoundRect

advapi32

CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptSignHashW
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptEnumProvidersW

ole32

CoInitialize
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

gdiplus

GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdiplusStartup
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipFree
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipAlloc

comctl32

ord17
_TrackMouseEvent

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetEnhancedKeyUsage
CertOpenSystemStoreW
CertFindCertificateInStore
CertGetIntendedKeyUsage
CertGetCertificateContextProperty
CertOpenStore

ws2_32

inet_ntoa
gethostbyaddr
getservbyname
shutdown
WSAEnumNetworkEvents
inet_addr
gethostbyname
WSACreateEvent
getservbyport
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
send
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSACloseEvent

wldap32

ord46
ord301
ord147
ord133
ord79
ord142
ord219
ord127
ord27
ord14
ord216
ord208
ord145
ord167
ord41
ord26
ord117

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 695KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

J��u
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b6e30be7aa5b22d6663fb9d1116d1f48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

comctl32

imm32

crypt32

ws2_32

wldap32

bcrypt

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 695KB - Virtual size: 695KB

.data Size: 28KB - Virtual size: 50KB

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 130KB - Virtual size: 130KB

J����u Size: 16KB - Virtual size: 20KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 695KB - Virtual size: 695KB

.data
Size: 28KB - Virtual size: 50KB

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 130KB - Virtual size: 130KB

J��u
Size: 16KB - Virtual size: 20KB