9ca4d29f09db1464381ccaedc9609bd852ad1f6bed1676b282facef355de67a0

Sharing

Copy URL Twitter E-mail

General

Target

9ca4d29f09db1464381ccaedc9609bd852ad1f6bed1676b282facef355de67a0
Size

9.6MB
MD5

131d4515a0b9ce2126e5e639f0ba87d6
SHA1

71d12ef53f82bff32d141f35e5bf439e69a63902
SHA256

9ca4d29f09db1464381ccaedc9609bd852ad1f6bed1676b282facef355de67a0
SHA512

447c0768a1211dc2459e9f05449b131336f9830b20bdf2822de1357ebc9cc0ff461c55ac2a9bdb28a5cdbac1f4e7c719846515891715140de39933aaaf629cbf
SSDEEP

196608:wUDqkccy54plBoWxHK2OA85gQoLFOHvGdXMYLllKR6nlfXe:Gcy54plNxHK2OA853jQTKRgfXe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ca4d29f09db1464381ccaedc9609bd852ad1f6bed1676b282facef355de67a0

Files

9ca4d29f09db1464381ccaedc9609bd852ad1f6bed1676b282facef355de67a0
.exe windows:5 windows x86 arch:x86

83681b84621de97eaba76f1636d81c2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\STTool-Git-Develop\STTool\MPProgram_V5\Output\release\MPALL_F1_00_v200_00.pdb

Imports

inpout32

ord2
ord1

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
CM_Get_DevNode_Registry_Property_ExA
CM_Disconnect_Machine
CM_Locate_DevNodeA
CM_Get_DevNode_Registry_PropertyA
CM_Get_Child
CM_Get_Sibling
CM_Get_Parent
CM_Get_Device_IDA
CM_Request_Device_EjectA
CM_Connect_MachineA
SetupDiGetClassDevsA
CM_Get_Sibling_Ex
CM_Get_Child_Ex

shlwapi

StrToIntExA
PathFileExistsA
StrToInt64ExA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetFileTime
GetLocalTime
CreateEventA
SetCommMask
GetCommState
SetCommState
SetCommTimeouts
SignalObjectAndWait
WaitCommEvent
GetCommMask
SetLastError
ReleaseMutex
TerminateThread
lstrlenA
GetFileSizeEx
QueryPerformanceFrequency
QueryPerformanceCounter
SetHandleCount
HeapCreate
HeapSize
SetStdHandle
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
GetFileType
GetDriveTypeW
HeapAlloc
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
InterlockedIncrement
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalUnlock
GlobalLock
GetFileAttributesA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GetModuleFileNameW
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
GetFullPathNameA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SuspendThread
SetThreadPriority
FormatMessageA
LocalFree
MulDiv
GetVersionExA
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
GetExitCodeProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetFullPathNameW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStdHandle
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetCurrentThreadId
WideCharToMultiByte
SizeofResource
LockResource
SetCurrentDirectoryA
GetCurrentProcess
GetModuleHandleA
GetWindowsDirectoryA
WinExec
WaitForMultipleObjects
GetTempPathA
SetThreadLocale
SetFileAttributesA
CreatePipe
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersion
InterlockedDecrement
GetTickCount
GetModuleFileNameA
GetShortPathNameA
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSection
GetComputerNameA
GlobalFree
GlobalAlloc
lstrcmpA
WriteFile
GetFileAttributesW
CreateProcessA
SetVolumeLabelA
VirtualFree
VirtualAlloc
DeviceIoControl
SetFilePointer
GetFileSize
ReadFile
FindNextFileA
GetLogicalDrives
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
GetDriveTypeA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateFileA
GetDiskFreeSpaceA
GetVolumeInformationA
GetDiskFreeSpaceExA
ResumeThread
WaitForSingleObject
CreateDirectoryA
Sleep
DeleteFileA
UnmapViewOfFile
CloseHandle
MapViewOfFile
OpenFileMappingA
CopyFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
OutputDebugStringA
OutputDebugStringW
MultiByteToWideChar
LocalAlloc
FindResourceA
LoadResource

winscard

SCardConnectA
SCardBeginTransaction
SCardTransmit
SCardEndTransaction
SCardStatusA
SCardEstablishContext
SCardListReadersA
SCardDisconnect

ws2_32

send
sendto
recv
recvfrom
select
__WSAFDIsSet
connect
WSAGetLastError
listen
bind
setsockopt
socket
getsockname
closesocket
shutdown
accept
gethostname
ntohl
gethostbyname
inet_addr
getservbyname
htons
htonl
ntohs
WSACleanup
WSAStartup
getpeername
inet_ntoa

rpcrt4

UuidCreateSequential

bch_sdk

BCH_1023_278_Decode

user32

RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextLengthA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
IsDialogMessageA
SetWindowTextA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
ValidateRect
GetLastActivePopup
IsWindowEnabled
GetMenuState
ShowWindow
CheckMenuItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetMenuItemID
BeginPaint
EndPaint
EndDialog
CreateDialogIndirectParamA
PostQuitMessage
GetSysColorBrush
LoadCursorA
UnregisterClassA
GetMenuItemCount
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DrawEdge
GetClassLongA
WindowFromDC
SendMessageTimeoutA
GetDesktopWindow
SetActiveWindow
SetFocus
SetForegroundWindow
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetDlgItem
GetCursorPos
MsgWaitForMultipleObjects
DrawIcon
GetSystemMetrics
IsIconic
RegisterDeviceNotificationA
LoadIconA
GetWindowTextA
GetClassNameA
PeekMessageA
IsWindow
UpdateWindow
RedrawWindow
MessageBoxA
KillTimer
PtInRect
ScreenToClient
GetMessagePos
SetTimer
FrameRect
wsprintfW
SendMessageA
PostMessageA
wsprintfA
CharUpperA
TranslateMessage
ReleaseDC
GetDC
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
DrawFocusRect
InflateRect
CopyRect
TrackPopupMenuEx
GetSubMenu
GetWindowRect
GetActiveWindow
WindowFromPoint
ClientToScreen
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyMenu
DestroyCursor
EnableWindow
FindWindowA
DispatchMessageA

gdi32

PtVisible
RectVisible
TextOutA
Escape
GetDeviceCaps
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetMapMode
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
GetTextExtentPoint32A
ExtTextOutA
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreatePen
CreateRectRgn
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
CreateFontA
SetViewportOrgEx
GetViewportOrgEx
CreateFontIndirectA
Rectangle
CreateSolidBrush
CreateDIBSection
DeleteObject
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

CryptAcquireContextA
RegOpenKeyA
RegQueryValueExA
RegQueryValueA
RegEnumKeyA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
RegDeleteKeyA
RegFlushKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
SHCreateDirectoryExA

comctl32

_TrackMouseEvent

ole32

OleRun
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
GetErrorInfo
SysAllocString

gdiplus

GdipSaveImageToFile
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83681b84621de97eaba76f1636d81c2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

inpout32

setupapi

shlwapi

version

netapi32

kernel32

winscard

ws2_32

rpcrt4

bch_sdk

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 137KB - Virtual size: 1.4MB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 137KB - Virtual size: 1.4MB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB