f10d82f5d6629cbc7261b3bd6fb2d598884745ae42570659e9ceb9157d06c538

Sharing

Copy URL

Twitter E-mail

General

Target

f10d82f5d6629cbc7261b3bd6fb2d598884745ae42570659e9ceb9157d06c538
Size

675KB
MD5

d7d2bdfa03c2632eb91dca0c8f76142b
SHA1

352476675784ff5e82e4be2dbda8e08f55627646
SHA256

f10d82f5d6629cbc7261b3bd6fb2d598884745ae42570659e9ceb9157d06c538
SHA512

44038c93392c7c569e916af960038f65cfa4b6215eb0add8e1ba211f54d8998c5a8cac655cb515b1d2376d1cc9fb0042125b1c2eca3b4c263a640a3242c5af1f
SSDEEP

6144:fTV2ucDjWPxTT7JjOo4KPAyAoIIIIHm5MWTBwcOu48EDUR+wBqTEsEVC991XI0Z5:M8xwMRq+WTe0+wBIEsEI1HZg0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f10d82f5d6629cbc7261b3bd6fb2d598884745ae42570659e9ceb9157d06c538

Files

f10d82f5d6629cbc7261b3bd6fb2d598884745ae42570659e9ceb9157d06c538
.exe windows:4 windows x86 arch:x86

ce0a6e4e2baf090c22d6a48c0f1877b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\deskcalcode\deskcal2\output\bin32\pdb\dkreport.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

OpenThread
Module32NextW
Module32FirstW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
MultiByteToWideChar
MoveFileExW
GetLastError
WideCharToMultiByte
GetVolumeInformationW
GlobalFree
GlobalAlloc
CompareStringW
lstrlenW
lstrcmpiW
MulDiv
GetTickCount
GetVersion
GetVersionExW
GetCommandLineW
GetProcessHeap
HeapAlloc
LoadLibraryExW
FreeLibrary
GetThreadSelectorEntry
VirtualQueryEx
ReadProcessMemory
CreateFileW
OpenProcess
Sleep
GetPrivateProfileIntW
DeleteFileW
GetVersionExA
InterlockedCompareExchange
HeapFree
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
CreateFileMappingW
MapViewOfFile
SetLastError
GetCurrentProcess
GetProcAddress
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
UnmapViewOfFile
CloseHandle
OutputDebugStringW
GlobalMemoryStatus
GetStdHandle
GetFileType
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA

user32

LoadCursorW
DefWindowProcW
SendMessageW
SetWindowLongW
CallWindowProcW
GetWindowLongW
SetWindowTextW
GetWindowTextLengthW
GetDlgItem
SetWindowPos
MapWindowPoints
EndDialog
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
GetKeyState
GetActiveWindow
GetSysColor
MessageBoxW
DrawTextW
CreateWindowExW
GetWindowTextW
MoveWindow
ScreenToClient
EnableWindow
IsWindow
OffsetRect
CharNextW
EnumChildWindows
ShowWindow
BeginPaint
EndPaint
DialogBoxParamW
GetClientRect
ReleaseCapture
GetSystemMetrics
LoadImageW
RedrawWindow
IsWindowVisible
GetFocus
GetCapture
GetDC
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
GetClassNameW
SetRectEmpty
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
ReleaseDC
DestroyWindow

gdi32

CreateFontIndirectW
SelectObject
DeleteDC
CreateFontW
ExtTextOutW
GetStockObject
SetTextColor
SetBkMode
SetBkColor
DeleteObject
GetObjectW

advapi32

RegCloseKey
RegOpenKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoInitialize
OleInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

atl80

ord43
ord23
ord61
ord30
ord44
ord64

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

dkcore

?CreateInstanceFromClassFactory@@YAJABU_GUID@@PAPAXPAUIUnknown@@@Z
?GetService@Service@Util@@YAJABU_GUID@@PAPAX@Z

msvcr80

realloc
getenv
_vsnprintf
vfprintf
__iob_func
abort
qsort
memchr
_time64
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
ferror
fflush
fopen
_setmode
ftell
fseek
_errno
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
fprintf
fputc
_fdopen
strtoul
?what@exception@std@@UBEPBDXZ
_initterm_e
_initterm
_wcmdln
??3@YAXPAX@Z
memcpy_s
free
_invalid_parameter_noinfo
_CxxThrowException
memset
wcscmp
_wcsicmp
wcsrchr
_vscwprintf
vswprintf_s
wcslen
??0exception@std@@QAE@ABQBD@Z
_fileno
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
memmove_s
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
_recalloc
_waccess_s
setlocale
_snwprintf_s
fclose
fgetws
_wfopen_s
_wcslwr_s
wcsncmp
_wcsnicmp
wcstol
iswdigit
calloc
malloc
fwprintf_s
fputws
wcsspn
wcscspn
memcpy
vsprintf_s
wcscpy_s
strlen
wcschr
_wtoi
strncpy_s
_strlwr_s
strcat_s
wcsstr
fwrite
fgets
fread
_wstat64i32
strcmp
feof
_wstat32
strcpy_s
_waccess
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit

dbghelp

SymSetOptions
SymInitialize
SymLoadModule64
SymFromAddr
SymGetLineFromAddr
SymUnloadModule64
SymCleanup
SymGetModuleBase
SymFunctionTableAccess
StackWalk
MiniDumpWriteDump

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

wininet

HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetOpenA

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 125KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 302KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce0a6e4e2baf090c22d6a48c0f1877b1

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl80

shlwapi

comctl32

msvcp80

dkcore

msvcr80

dbghelp

version

psapi

wininet

Sections

.text Size: 175KB - Virtual size: 175KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 125KB - Virtual size: 132KB

.rsrc Size: 302KB - Virtual size: 304KB

.text
Size: 175KB - Virtual size: 175KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 125KB - Virtual size: 132KB

.rsrc
Size: 302KB - Virtual size: 304KB