8c6dbae6d6c2f835b538b7e3dc4a63cfae1e58843e94fd15f52aff433bc52106

Sharing

Copy URL

Twitter E-mail

General

Target

8c6dbae6d6c2f835b538b7e3dc4a63cfae1e58843e94fd15f52aff433bc52106
Size

2.5MB
MD5

ed5f7fc9a206ba956ce2476f5d951605
SHA1

04df43cdf51331eee7d2716a02586bf449a931c3
SHA256

8c6dbae6d6c2f835b538b7e3dc4a63cfae1e58843e94fd15f52aff433bc52106
SHA512

f32becd6dd647008cd227ecba466be92ac4428bdd5cd2105f7837e86f112009074ea31707ae9e51e5f19fad59bd8e99b408e03610ec235d3afc72865a0ad0ee7
SSDEEP

49152:MT7Qs13XHMRdgpaAbDiPH7PDPVChquRVlbnXf9gPTTW7H1GXC:aF13XYdg/DiPbPDPVChzRVlbnP9WXW7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c6dbae6d6c2f835b538b7e3dc4a63cfae1e58843e94fd15f52aff433bc52106

Files

8c6dbae6d6c2f835b538b7e3dc4a63cfae1e58843e94fd15f52aff433bc52106
.exe windows:4 windows x86 arch:x86

e29afbfb52dc8426384a65d4695b86ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\pptview\x86\ship\0\pptview.pdb

Imports

msvcr80

_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_fpreset
rand
wcsstr
wcstod
_wcsnicmp
iswspace
wcschr
memmove
_wtoi
_configthreadlocale
_CIasin
_CIacos
_CIsinh
_CIcosh
_CItanh
floor
_CIexp
_CIlog
_CIsqrt
_CIatan
_CItan
_finite
_CIpow
_CIcos
_CIsin
_wcsicmp
strncmp
ceil
wcsncmp
_set_purecall_handler
_CxxThrowException
memset
memcpy
__setusermatherr
_CIfmod
vswprintf_s
_vscwprintf
_fpclass
_CIatan2
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_crt_debugger_hook
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
_adjust_fdiv

kernel32

FindFirstFileW
GetTempPathW
WriteFile
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
ResetEvent
WaitForMultipleObjects
SetEvent
GetCurrentThread
SetThreadPriority
CreateEventW
ResumeThread
CreateThread
GetPrivateProfileStringA
Sleep
GetUserDefaultLCID
lstrcmpW
LocalFree
GetLocalTime
GetFullPathNameW
FindResourceExA
EnumCalendarInfoA
GetUserDefaultLangID
GetLocaleInfoW
GetLocaleInfoA
EnumTimeFormatsA
EnumDateFormatsA
EnumTimeFormatsW
EnumDateFormatsW
GetSystemDefaultLCID
IsValidCodePage
GetOEMCP
VirtualProtect
FindClose
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
lstrlenW
DeleteFileW
SetErrorMode
GetStartupInfoW
CreateProcessW
GetTempFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
WaitForSingleObject
GetTickCount
CreateEventA
GetCurrentThreadId
GetCommandLineW
CreateFileW
GetFileSize
ReadFile
SetFilePointer
GetCurrentDirectoryW
GetLongPathNameW
SetCurrentDirectoryW
CloseHandle
GetVersionExA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
LoadLibraryA
GetACP
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiA
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetVersion
FindResourceW
SizeofResource
LoadResource
LockResource
GetStringTypeExW
GetSystemDefaultLangID
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
GlobalAlloc
GlobalSize
RaiseException
GlobalUnlock
GlobalLock
GlobalFree
GlobalMemoryStatus
IsValidLocale
TlsAlloc
FormatMessageW
TlsSetValue
TlsGetValue
TlsFree
FoldStringW
GetStringTypeW
CompareStringW
HeapSize
HeapFree
HeapAlloc
LocalAlloc
QueryPerformanceCounter

gdi32

LPtoDP
CreateBitmap
CreateCompatibleBitmap
GetTextAlign
DeleteMetaFile
DeleteEnhMetaFile
CopyMetaFileA
GetMetaFileW
CopyEnhMetaFileA
SetStretchBltMode
StretchDIBits
CreateFontA
EnumFontFamiliesExA
GetBitmapBits
TextOutW
GetGlyphOutlineW
GetCharABCWidthsA
GetKerningPairsA
Escape
GetViewportExtEx
GetWindowExtEx
CreatePen
IntersectClipRect
RestoreDC
GetEnhMetaFileW
GetTextFaceA
GetFontData
CreateFontIndirectW
CreateHalftonePalette
EndPage
StartPage
EndDoc
StartDocW
GetCharWidthA
GetCharWidthW
GetTextCharset
ExtTextOutW
StretchBlt
OffsetViewportOrgEx
CreateDIBSection
CreateCompatibleDC
GetClipBox
MoveToEx
LineTo
GetCurrentObject
AnimatePalette
Pie
GdiFlush
Rectangle
Polygon
Ellipse
GetViewportOrgEx
SetTextAlign
SetBkMode
SetTextColor
EnumMetaFile
EnumEnhMetaFile
PlayMetaFileRecord
PlayEnhMetaFileRecord
CreateSolidBrush
BitBlt
CreateDCW
SetMapMode
SetWindowOrgEx
DeleteDC
GetRasterizerCaps
GetObjectW
CreatePalette
GetSystemPaletteUse
GetSystemPaletteEntries
GetPaletteEntries
UpdateColors
GetRgnBox
SelectPalette
RealizePalette
GetTextColor
SelectClipRgn
GetStockObject
SetBkColor
ExtTextOutA
CreateRectRgn
OffsetRgn
CreateRectRgnIndirect
CombineRgn
SetViewportOrgEx
GetTextMetricsA
GetDeviceCaps
SelectObject
CreateFontIndirectA
GetObjectA
DeleteObject
EnumFontFamiliesExW
GetOutlineTextMetricsW
GetTextMetricsW
GetTextFaceW
GetTextCharsetInfo
SaveDC

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
CryptGenRandom
RegQueryValueExW

ole32

CoCreateInstance
OleLockRunning
StgOpenStorageOnILockBytes
GetHGlobalFromStream
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
GetHGlobalFromILockBytes
CreateStreamOnHGlobal
StgOpenStorage
CoInitialize
CoUninitialize
StringFromGUID2

oleaut32

SysFreeString
VariantInit
SysAllocString
SysStringLen
VariantCopy
SysAllocStringLen
GetErrorInfo
VarR8FromStr
VariantChangeTypeEx
VariantClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

mpr

WNetGetConnectionW

Exports

Exports

_MsoDeletePx@12
_MsoEmptyPx@4
_MsoFCompactPx@8
_MsoFGrowPx@8
_MsoFInitPx@12
_MsoFInsertPx@12
_MsoFIsDefault@8
_MsoFIsNinch@8
_MsoFIsValidOpid@4
_MsoFIsValidValue@8
_MsoFLookupPx@16
_MsoFRemovePx@12
_MsoFResizePx@12
_MsoGetPropSetDefault@8
_MsoIAppendPx@8
_MsoPopinfoGet@4
_MsoPopsinfoGet@4

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 640KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e29afbfb52dc8426384a65d4695b86ec

Headers

File Characteristics

PDB Paths

Imports

msvcr80

kernel32

gdi32

advapi32

ole32

oleaut32

version

urlmon

mpr

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 39KB - Virtual size: 319KB

.tls Size: 512B - Virtual size: 21B

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 640KB - Virtual size: 644KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 39KB - Virtual size: 319KB

.tls
Size: 512B - Virtual size: 21B

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 640KB - Virtual size: 644KB