926686165619f0d3af26ff0c8231fcee13bc94c0ecab726e2cb314099ac49c9c

Sharing

Copy URL

Twitter E-mail

General

Target

926686165619f0d3af26ff0c8231fcee13bc94c0ecab726e2cb314099ac49c9c
Size

1.3MB
MD5

ccf9fbe9a76ebe5c976fbf6e055ee696
SHA1

3abc498e2b7356318aa6a738ff2885eab604c046
SHA256

926686165619f0d3af26ff0c8231fcee13bc94c0ecab726e2cb314099ac49c9c
SHA512

185cef7019f9e97ccc1775f2cb2b12540b9554e89ee2cc48c8e4a2b395f8dbd68f63a76af37d312e1c73176b5ee6f16197932efd284c6163c2e59d64995132ed
SSDEEP

24576:d4oTPkCgwCbae/Fk6OvgctX7bHsMQ4/O6yMLprOInyT/Swl8Mi9:moTcwSFke4XvYMLprznyDSga9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
926686165619f0d3af26ff0c8231fcee13bc94c0ecab726e2cb314099ac49c9c

Files

926686165619f0d3af26ff0c8231fcee13bc94c0ecab726e2cb314099ac49c9c
.exe windows:4 windows x86 arch:x86

58bf17dce8ec446d2eda40e985282a1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\cag\x86\ship\0\mstordb.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_crt_debugger_hook
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
fopen_s
fwprintf_s
fclose
vsprintf_s
vswprintf_s
wcsncpy_s
_beginthreadex
_wtol
_resetstkoflw
wcscpy_s
swscanf_s
_wcsdup
_setjmp3
longjmp
wcsstr
strncmp
_wsplitpath_s
_wcsnicmp
_CIsqrt
realloc
_vsnwprintf
_wtoi64
_wtoi
wcstod
_wcsicmp
_recalloc
wcstoul
wcsncmp
memmove
_CIpow
strtod
__iob_func
fprintf
fread
fflush
fwrite
strncpy
abort
sprintf
_CxxThrowException
memmove_s
free
malloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
memcpy_s
wcsrchr
wcschr
memset
__CxxFrameHandler3
calloc
memcpy

msvcp80

?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Xlen@_String_base@std@@SAXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?_Copy_s@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPA_WIII@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IABV12@@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@II@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z
?_Xran@_String_base@std@@SAXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

kernel32

lstrcmpiW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
GetTempPathA
GetTempFileNameA
CreateProcessA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualProtect
LoadLibraryA
FormatMessageA
LocalFree
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
LockFile
LockFileEx
UnlockFileEx
UnlockFile
GetFileInformationByHandle
SetEndOfFile
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
ExitProcess
GetCommandLineW
GetCurrentThreadId
Sleep
CreateThread
RaiseException
WaitForSingleObject
SetEvent
CreateEventW
CompareStringW
FlushFileBuffers
GetDiskFreeSpaceExW
GlobalAlloc
GlobalFree
LocalAlloc
MultiByteToWideChar
SystemTimeToFileTime
HeapCreate
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
WriteFile
GetTempPathW
GetTempFileNameW
GlobalLock
GlobalUnlock
MoveFileW
DeleteFileW
SetFilePointer
ReadFile
CloseHandle
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GetUserDefaultLCID
LCMapStringW
GetLastError

user32

UnregisterClassA
MessageBoxA
ReleaseDC
GetDC
GetDesktopWindow
LoadImageW
FindWindowA
LoadStringW
PostThreadMessageW
CharNextW
DispatchMessageW
GetMessageW
SetTimer

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoTaskMemFree
CLSIDFromString

gdi32

GetDIBits
GetObjectW
DeleteObject

oleaut32

VarUI4FromStr
SafeArrayDestroy
VarBstrCmp
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString

wininet

InternetGetConnectedState
InternetErrorDlg
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58bf17dce8ec446d2eda40e985282a1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

msvcp80

kernel32

user32

advapi32

ole32

gdi32

oleaut32

wininet

Sections

.text Size: 713KB - Virtual size: 712KB

.data Size: 34KB - Virtual size: 40KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 612KB - Virtual size: 616KB

.text
Size: 713KB - Virtual size: 712KB

.data
Size: 34KB - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 612KB - Virtual size: 616KB