e5c66155d54ca065b767da7177e2396945492a3f4b20b592229376413a0e80d7

Sharing

Copy URL Twitter E-mail

General

Target

e5c66155d54ca065b767da7177e2396945492a3f4b20b592229376413a0e80d7
Size

426KB
MD5

74f8dc5657d5a662ea2a579a379b8cc3
SHA1

a9d2d45a82e008381e770fb3a948a8af3f0d5a9f
SHA256

e5c66155d54ca065b767da7177e2396945492a3f4b20b592229376413a0e80d7
SHA512

bb660b148f214ddca291cc4737d45887d8ccd8f36eb48468e019a66046943bfe22e051b63280463aa4a46130245f6e38ca05837d848a8094cdf15c85484ee12f
SSDEEP

6144:lCsPffWeYQsD/y8dSYs9Qj1mpTA70atJ//gJB1CseKONQlyLCU/bU:Is+eYFD//F1mJP0/yaTLCU/bU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5c66155d54ca065b767da7177e2396945492a3f4b20b592229376413a0e80d7

Files

e5c66155d54ca065b767da7177e2396945492a3f4b20b592229376413a0e80d7
.exe windows:5 windows x86 arch:x86

32248588093cdcd87bb328b5d288714e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\EDSM-Git\edsmclient-common\ApplyChangePriv\bin\Release\ApplyCenter.pdb

Imports

mfc90u

ord2615
ord2635
ord2619
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5653
ord4603
ord6800
ord5512
ord2074
ord5602
ord4664
ord1492
ord4345
ord1751
ord1754
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord6408
ord3353
ord1675
ord1809
ord5650
ord3140
ord1810
ord5324
ord5632
ord6693
ord6699
ord821
ord601
ord310
ord4910
ord4682
ord3515
ord5167
ord2479
ord316
ord265
ord6579
ord266
ord5182
ord744
ord524
ord2069
ord4527
ord4324
ord4442
ord2596
ord5008
ord1108
ord4000
ord374
ord820
ord2695
ord939
ord5938
ord5867
ord2478
ord5979
ord4494
ord6687
ord6698
ord6013
ord4405
ord12404
ord13194
ord9972
ord10457
ord10304
ord13136
ord12165
ord12617
ord7766
ord9965
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord9272
ord1603
ord5851
ord639
ord2208
ord4519
ord799
ord2537
ord811
ord6482
ord1098
ord1137
ord4211
ord285
ord3220
ord1607
ord280
ord909
ord938
ord3185
ord3736
ord2694
ord899
ord1314
ord3794
ord6577
ord6808
ord403
ord663
ord1166
ord290
ord2326
ord580
ord782
ord404
ord5535
ord5770
ord1552
ord1248
ord6514
ord6170
ord814
ord6171
ord6604
ord1599
ord4490
ord6630
ord813
ord286
ord600
ord4631
ord2539
ord296
ord7332
ord7138
ord4043
ord3737
ord3186
ord911
ord287
ord935
ord1272
ord4967
ord801

msvcr90

memset
memcpy
_configthreadlocale
_CxxThrowException
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_CIsqrt
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
wcsncat_s
wcsncpy_s
wcsrchr
__argc
__wargv
_wfopen
fgets
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
fclose
wcscpy_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_vsnwprintf
swscanf_s
sscanf_s
_vsnprintf_s
memcpy_s
_wtoi
_errno
atoi
_time64
wcsftime
_localtime64_s
strchr
free
memmove_s
sscanf
malloc
sprintf_s
_purecall
strpbrk
wcschr
_wcsnicmp
strerror
wcstol
fread
ftell
wcsncmp
fseek
_amsg_exit
__wgetmainargs
_cexit
_exit

kernel32

WritePrivateProfileStringW
GetProcessHeap
HeapFree
GetLocalTime
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
CreateThread
UnhandledExceptionFilter
IsDebuggerPresent
lstrlenW
OutputDebugStringA
GetPrivateProfileStringW
GetModuleHandleW
WideCharToMultiByte
GetPrivateProfileIntW
InterlockedDecrement
SetUnhandledExceptionFilter
CreateMutexW
FindNextFileW
FindFirstFileW
MultiByteToWideChar
lstrlenA
CloseHandle
lstrcmpW
LoadLibraryExW
GetLastError
SetDllDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
TerminateProcess
SetErrorMode
GetModuleFileNameW
FreeLibrary
LoadLibraryW
OutputDebugStringW
GetProcAddress
SetCurrentDirectoryW

user32

DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetWindowRect
EnableWindow
ShowWindow
DestroyWindow
MoveWindow
GetWindowRgn
GetParent
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
SetWindowPos

gdi32

PtInRegion
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

RegGetValueW
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
GetUserNameW
RegQueryValueExW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW

oleaut32

SysAllocString
SysFreeString

msvcp90

??0?$allocator@_W@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?length@?$char_traits@D@std@@SAIPBD@Z

ws2_32

htons
WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup
socket
select
closesocket
WSAStringToAddressA
bind
ioctlsocket
connect
getsockopt

crypt32

CryptStringToBinaryA

enseccore

ECoreGetEnFileInfoExW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32248588093cdcd87bb328b5d288714e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oleaut32

msvcp90

ws2_32

crypt32

enseccore

dbghelp

Sections

.text Size: 213KB - Virtual size: 212KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 213KB - Virtual size: 212KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 19KB - Virtual size: 18KB