f0ebfae31298155271145994b872146a5fed51ec856cf8804870e093574ab444

Sharing

Copy URL Twitter E-mail

General

Target

f0ebfae31298155271145994b872146a5fed51ec856cf8804870e093574ab444
Size

1.2MB
MD5

5dc4a6c384f4881b06fc3d0aecd6fc68
SHA1

3977e5872ae3d78bea1e367cd890c83479c7ac4b
SHA256

f0ebfae31298155271145994b872146a5fed51ec856cf8804870e093574ab444
SHA512

06a9b4b253c9d923411c2c87dd3eb9aa6e08d4dbfb3b06cc59d51bd1ca5f5b06fa86064a609bc70cba73130729d9eee2be488a4745fadbb186e01c5589faba9f
SSDEEP

24576:crBGrgOtgNyxohdEG0SeqqGirnqtKZTbzS3MWc6NK:crBGrgOtgNyxuwqAzS3MWXU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0ebfae31298155271145994b872146a5fed51ec856cf8804870e093574ab444

Files

f0ebfae31298155271145994b872146a5fed51ec856cf8804870e093574ab444
.exe windows:4 windows x86 arch:x86

460d22428db6fd532e0e3af32729e2a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\mtz_zip\product\win32\dbginfo\installer.pdb

Imports

imm32

ImmDisableIME

kernel32

GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
lstrcpyW
GetWindowsDirectoryW
SetFileAttributesW
GetComputerNameA
GetDiskFreeSpaceExW
CreateFileA
CreateProcessW
GetCommandLineW
GetCurrentProcessId
GetPrivateProfileStringW
GetPrivateProfileIntW
InterlockedExchange
FreeResource
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
FlushInstructionCache
RaiseException
lstrcmpiW
OutputDebugStringW
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetDriveTypeW
WritePrivateProfileStringW
MapViewOfFileEx
LoadLibraryExW
SetThreadPriority
SleepEx
DuplicateHandle
ReleaseMutex
CreateMutexW
GetExitCodeThread
FormatMessageW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetModuleFileNameA
HeapCreate
GetStartupInfoA
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
FindFirstFileA
GetDriveTypeA
GetStartupInfoW
ExitProcess
VirtualQuery
GetModuleHandleA
VirtualProtect
ExitThread
GetFileType
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetFileAttributesW
DeleteFileW
GetLastError
CreateDirectoryW
FindClose
RemoveDirectoryW
CreateFileW
CloseHandle
WriteFile
lstrlenW
WideCharToMultiByte
GetFileSize
ReadFile
lstrlenA
FileTimeToLocalFileTime
GetLocalTime
SetFilePointer
FileTimeToSystemTime
GetSystemTimeAsFileTime
FlushFileBuffers
SetEndOfFile
SetCurrentDirectoryW
CreateFileMappingW
MoveFileW
SetLastError
GetCurrentDirectoryW
GetTempPathW
CopyFileW
GetTickCount
MoveFileExW
UnmapViewOfFile
MapViewOfFile
GetTempFileNameW
GetSystemInfo
InterlockedCompareExchange
LocalFree
LocalAlloc
GetVersionExW
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
WaitForSingleObject
CreateThread
TerminateThread
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
ExpandEnvironmentStringsW
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
OpenProcess
QueryDosDeviceW
GetLogicalDriveStringsW
MultiByteToWideChar

user32

LoadImageW
ReleaseDC
SetWindowLongW
ClientToScreen
IntersectRect
GetCursorPos
ScreenToClient
LoadBitmapW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CharLowerW
CharUpperW
GetDesktopWindow
GetKeyState
WindowFromPoint
GetScrollPos
GetFocus
IsChild
GetDC
IsDialogMessageW
GetMonitorInfoW
MonitorFromWindow
CopyRect
SetWindowRgn
CreateWindowExW
DefWindowProcW
LoadCursorW
RegisterClassExW
IsWindow
GetWindowRect
UpdateLayeredWindow
SetCapture
ReleaseCapture
CharNextW
LoadStringW
FindWindowW
PtInRect
SetCursor
InflateRect
LoadIconW
DestroyIcon
IsWindowEnabled
SendMessageW
RegisterWindowMessageW
SetTimer
KillTimer
SetRectEmpty
SetRect
GetDlgCtrlID
ShowWindow
EqualRect
SetWindowPos
IsWindowVisible
InvalidateRect
GetDlgItem
GetParent
OffsetRect
IsIconic
IsRectEmpty
MoveWindow
DestroyWindow
DrawTextW
CallWindowProcW
DrawIconEx
GetClassInfoExW
PostThreadMessageW
GetActiveWindow
EnableWindow
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
AttachThreadInput
SetForegroundWindow
SetActiveWindow
EndPaint
UnregisterClassA
BeginPaint
GetWindow
GetWindowLongW
GetClientRect
MapWindowPoints
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
SetFocus
GetNextDlgTabItem

gdi32

SelectObject
GetTextExtentPoint32W
GetTextMetricsW
SetStretchBltMode
CreateRoundRectRgn
OffsetRgn
ExtSelectClipRgn
SetViewportOrgEx
GetViewportOrgEx
RectInRegion
CreateRectRgnIndirect
SetBkColor
TextOutW
RoundRect
Rectangle
GetClipRgn
GetTextColor
RestoreDC
SaveDC
GetCurrentObject
SelectClipRgn
SetBkMode
LineTo
MoveToEx
CreatePen
CreateFontIndirectW
GetStockObject
GetDeviceCaps
SetTextColor
CreateBitmap
CreateCompatibleBitmap
CreateDIBSection
DeleteObject
CombineRgn
CreateRectRgn
GetObjectW
StretchBlt
BitBlt
DeleteDC
ExtTextOutW
CreateCompatibleDC

advapi32

RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
RegDeleteValueW
RegQueryInfoKeyW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
DeleteAce
GetAce
GetNamedSecurityInfoW
CreateProcessAsUserW
RegEnumKeyExW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegSetValueExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW
SHFileOperationW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
SysStringLen
VariantCopy
VariantClear

shlwapi

StrToIntA
StrToIntW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathIsDirectoryW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

gdiplus

GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipScaleWorldTransform
GdipDrawLine
GdipDrawRectangleI
GdipDrawPath
GdipGraphicsClear
GdipFillRectangle
GdipFillPath
GdipDrawImageI
GdipDrawImageRectI
GdipGetFamily
GdipGetFontSize
GdipCreateBitmapFromScan0
GdipDrawImagePointsRectI
GdipLoadImageFromStream
GdipGetImagePixelFormat
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapArea
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromFile
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDeleteFontFamily
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipAddPathStringI
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipSetClipPath
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipDrawLinesI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathPieI
GdipAddPathRectangleI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipAddPathArcI
GdipSetPenMode
GdipSetPenDashStyle
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreateLineBrushFromRectWithAngleI
GdiplusShutdown
GdipCloneFontFamily
GdiplusStartup
GdipNewPrivateFontCollection

Exports

Exports

??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@ABU012@@Z
??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxThreadBase@VLocker@kbase@@@kbase@@QAE@XZ
??0ReportHelper@business_publish@@AAE@XZ
??1?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAE@XZ
??1?$kxThreadBase@VLocker@kbase@@@kbase@@UAE@XZ
??1ReportHelper@business_publish@@UAE@XZ
??4?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEAAU012@ABU012@@Z
??_7?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxThreadBase@VLocker@kbase@@@kbase@@6B@
??_7ReportHelper@business_publish@@6B?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
??_7ReportHelper@business_publish@@6B?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AfterThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXH@Z
?AfterThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXH@Z
?BeginThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXXZ
?BeginThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXXZ
?GetHandle@?$kxThreadBase@VLocker@kbase@@@kbase@@QBEPAXXZ
?GetInstance@ReportHelper@business_publish@@SAPAV12@XZ
?Init@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXPAU?$_CallBack@VKSimpleDirectInfoc@@@12@K@Z
?Initialzie@ReportHelper@business_publish@@QAE_NW4ReportType@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Insert@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE_NABVKSimpleDirectInfoc@@@Z
?IsRunning@?$kxThreadBase@VLocker@kbase@@@kbase@@QAE_NXZ
?KCreateThread@?$kxThreadBase@VLocker@kbase@@@kbase@@SAPAXHP6GKPAX@Z0PAK0II@Z
?Kill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHXZ
?Kill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHXZ
?QueueThreadCallback@ReportHelper@business_publish@@MAEHKAAVKSimpleDirectInfoc@@@Z
?Report@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?ReportDirect@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?SetPriority@?$kxThreadBase@VLocker@kbase@@@kbase@@QAEHH@Z
?SetTimeOut@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXK@Z
?Start@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEHXZ
?StartThread@?$kxThreadBase@VLocker@kbase@@@kbase@@IAEHPAX@Z
?Thread@?$kxThreadBase@VLocker@kbase@@@kbase@@AAEIPAX@Z
?Uninitialize@ReportHelper@business_publish@@QAEXXZ
?WaitKill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHK@Z
?WaitKill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHK@Z
?size@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEIXZ
?threadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@CGIPAX@Z
?threadFunImpl@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEHKPAX@Z

Sections

.text
Size: 680KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

460d22428db6fd532e0e3af32729e2a3

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

wtsapi32

gdiplus

Exports

Exports

Sections

.text Size: 680KB - Virtual size: 678KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 20KB - Virtual size: 36KB

.rsrc Size: 364KB - Virtual size: 363KB

.text
Size: 680KB - Virtual size: 678KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 364KB - Virtual size: 363KB