1f3b424c2ff347fe1236994f7db2daeed0ff3305cde2b11e464c6fdfe8a4f1e8

Sharing

Copy URL

Twitter E-mail

General

Target

1f3b424c2ff347fe1236994f7db2daeed0ff3305cde2b11e464c6fdfe8a4f1e8
Size

296KB
MD5

5601367d32b4ac5c8251b238cc3f1c73
SHA1

7c3413c57a9c3549b341fdbae87c818c4667c32e
SHA256

1f3b424c2ff347fe1236994f7db2daeed0ff3305cde2b11e464c6fdfe8a4f1e8
SHA512

3dde6458ab9c50785d85bdcd126c44b6fef92ce48369510666774c7dcd8adb8aa26f9fe88781baa5219d86c6b3969f74519b3bd89fbdd77bf2564fcd0a80f9d6
SSDEEP

6144:MOYBPmp/c56Af9Kc13dUaJFEV1mqA22ESDSiLzZq:H+PWi6oVDFE/piLc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f3b424c2ff347fe1236994f7db2daeed0ff3305cde2b11e464c6fdfe8a4f1e8

Files

1f3b424c2ff347fe1236994f7db2daeed0ff3305cde2b11e464c6fdfe8a4f1e8
.exe windows:4 windows x86 arch:x86

6824b4e4902e8b19ec2e203c29f3df6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\client\source\updateClient\release\DrMain.pdb

Imports

ws2_32

ntohl
htons
htonl
ntohs

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

version

GetFileVersionInfoW
VerQueryValueW

drreport

CreateDrReport

msimg32

TransparentBlt

kernel32

GetLastError
CreateFileMappingW
GetExitCodeThread
SetCurrentDirectoryW
CloseHandle
DeleteFileW
CreateThread
WaitForSingleObject
SetEvent
GetTickCount
CreateEventW
GetTempFileNameW
SearchPathW
FindFirstFileW
SetFilePointer
SetEndOfFile
CreateProcessW
GetCurrentProcess
SetFileTime
GetExitCodeProcess
GetTempPathW
GetCurrentDirectoryW
GetProcAddress
FindClose
LocalAlloc
FindNextFileW
GetCurrentProcessId
ResetEvent
SystemTimeToFileTime
CreateDirectoryW
WideCharToMultiByte
GetFileAttributesW
ReadFile
MultiByteToWideChar
LocalFileTimeToFileTime
GetLocalTime
QueryPerformanceCounter
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ReleaseMutex
GetVersion
GetConsoleOutputCP
OutputDebugStringW
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateFileW
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetOEMCP
GetACP
LoadLibraryA
GetModuleFileNameA
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleW
GetModuleHandleA
LocalFree
lstrlenA
InterlockedExchange
InterlockedIncrement
FlushFileBuffers
GetConsoleCP
GetConsoleMode
VirtualAlloc
GetLocaleInfoA
HeapReAlloc
GetModuleFileNameW
TerminateProcess
CopyFileW
Sleep
TerminateThread
OpenProcess
WriteFile
InterlockedDecrement
UnmapViewOfFile
MapViewOfFile
CreateMutexW
ExitProcess
GetSystemDefaultLangID
WriteConsoleA
SetStdHandle
VirtualFree
CreateFileA
RemoveDirectoryW

user32

CallNextHookEx
GetMenuBarInfo
GetDC
DrawIconEx
IsZoomed
FillRect
IsIconic
GetWindowDC
GetSystemMenu
GetMenuStringW
SetWindowRgn
GetMenu
AppendMenuW
SystemParametersInfoW
ReleaseDC
GetSysColor
SetMenuInfo
GetMenuItemCount
SetMenuDefaultItem
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
SetWindowTextW
SetMenuItemInfoW
GetWindowTextLengthW
GetClassNameW
BeginPaint
GetWindowRect
DrawTextW
KillTimer
GetParent
IsWindowEnabled
GetClientRect
InvalidateRect
GetWindowTextW
GetCursorPos
LoadBitmapW
MoveWindow
SetWindowLongW
IsWindow
CallWindowProcW
PostMessageW
ExitWindowsEx
wsprintfW
DialogBoxParamW
GetWindowLongW
GetDlgItem
EndDialog
SetWindowPos
FindWindowExW
GetMessageW
PostQuitMessage
LoadCursorW
TranslateMessage
ShowWindow
GetSysColorBrush
CreateWindowExW
RegisterClassW
SendMessageW
DefWindowProcW
DispatchMessageW
MessageBoxW
ScreenToClient
EndPaint
LoadImageW
SetTimer
RemoveMenu

gdi32

StretchBlt
CreateFontIndirectW
BitBlt
CombineRgn
CreateCompatibleBitmap
OffsetRgn
CreateRectRgn
CreatePatternBrush
GetPixel
SetTextColor
DeleteDC
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
SetStretchBltMode
GetStockObject
CreateSolidBrush

advapi32

LookupPrivilegeValueW
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
GetTokenInformation
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
SetSecurityInfo
RegQueryValueExW
FreeSid
CloseServiceHandle

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringByteLen
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysFreeString
SysAllocString

shlwapi

PathSkipRootW
PathAddBackslashW
PathRemoveFileSpecW
PathStripToRootW
PathFileExistsW
StrStrW
PathAppendW

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6824b4e4902e8b19ec2e203c29f3df6f

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

version

drreport

msimg32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 216KB - Virtual size: 214KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 20KB - Virtual size: 16KB