50a5b490f411c1cd8305f905abf6c2fdfe2776741e19d2c91eb5ca914a6bd2da

Sharing

Copy URL Twitter E-mail

General

Target

50a5b490f411c1cd8305f905abf6c2fdfe2776741e19d2c91eb5ca914a6bd2da
Size

645KB
MD5

46e55dfe7a1384aa9d58951fc61ad759
SHA1

634f1311e596d01c2e121f543f9806d66ff1a89f
SHA256

50a5b490f411c1cd8305f905abf6c2fdfe2776741e19d2c91eb5ca914a6bd2da
SHA512

a5d9f2296d132b92f0fa39d33b789ad7e302bf1efa8c0a48df12e2fffa0f01a81c5cae4f46badab10f8ae5635a4169f6c2441c478d385efd82be056c91b4c3c4
SSDEEP

12288:MJf8+CwCgjqLXQlEB/FK7off2+EiIZU/IGARMwL8fsiql5jjR7HO9:MBWwCgujFKNZU/YRV8fs5nRa9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50a5b490f411c1cd8305f905abf6c2fdfe2776741e19d2c91eb5ca914a6bd2da

Files

50a5b490f411c1cd8305f905abf6c2fdfe2776741e19d2c91eb5ca914a6bd2da
.exe windows:4 windows x86 arch:x86

2bb2259ecc1873c349a54ad2489b4458

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\PCGMR_BUILD\Build\Build_Src\sysoptasst\sysoptasst\product\win32\dbginfo\asopcenter.pdb

Imports

kernel32

WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateEventW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
ReleaseMutex
GetLocalTime
GetCurrentProcessId
GetFileSizeEx
SetEndOfFile
GetTickCount
InterlockedCompareExchange
OutputDebugStringW
GetWindowsDirectoryW
OpenEventW
ResetEvent
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
SetFilePointer
WritePrivateProfileStringW
WriteFile
SystemTimeToFileTime
DeleteFileW
GetFileAttributesW
GetPrivateProfileStringW
CreateDirectoryW
Sleep
LoadLibraryExW
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
lstrcmpiW
GetProcAddress
CreateMutexW
OpenMutexW
GlobalLock
LoadLibraryW
lstrlenA
GlobalUnlock
GetModuleHandleW
GlobalFree
MultiByteToWideChar
GetModuleFileNameW
GetLastError
LocalFree
FreeLibrary
GetCurrentThreadId
FindResourceExW
LoadResource
CloseHandle
FreeResource
LockResource
GetVersionExW
SizeofResource
GetCurrentProcess
CreateFileW
GetFileSize
FindResourceW
WideCharToMultiByte
ReadFile
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntW
InitializeCriticalSection
RaiseException
InterlockedExchange
SetLastError
GlobalAlloc
FlushInstructionCache

user32

IsWindow
RegisterClassExW
IsWindowEnabled
AttachThreadInput
SetActiveWindow
RegisterWindowMessageW
SetForegroundWindow
ReleaseDC
DestroyWindow
MoveWindow
LoadCursorW
GetWindowLongW
GetClassInfoExW
LoadImageW
FindWindowW
CharNextW
TranslateMessage
GetMessageW
PostThreadMessageW
DispatchMessageW
PeekMessageW
SetTimer
KillTimer
MonitorFromWindow
IntersectRect
GetMonitorInfoW
GetFocus
DrawFrameControl
OffsetRect
IsChild
GetWindowThreadProcessId
IsDialogMessageW
GetCursorPos
UpdateLayeredWindow
EndPaint
SetRectEmpty
SetFocus
DrawTextW
BeginPaint
EqualRect
ClientToScreen
SetCapture
IsRectEmpty
GetNextDlgTabItem
IsIconic
SetRect
ReleaseCapture
DrawIconEx
IsWindowVisible
GetDlgCtrlID
SetWindowRgn
LoadIconW
PtInRect
ScreenToClient
DestroyIcon
SetCursor
FindWindowExW
SendMessageTimeoutW
InvalidateRect
PostMessageW
GetForegroundWindow
GetClientRect
GetParent
MapWindowPoints
SetWindowLongW
GetActiveWindow
GetWindowRect
GetWindow
GetDlgItem
EnableWindow
CreateWindowExW
ShowWindow
LoadBitmapW
SystemParametersInfoW
GetDesktopWindow
SetWindowPos
DefWindowProcW
GetDC
CopyRect
CallWindowProcW
SendMessageW
UnregisterClassA
InflateRect

gdi32

SetStretchBltMode
SaveDC
CreateRectRgn
CreateRoundRectRgn
CreateFontIndirectW
CreateRectRgnIndirect
CombineRgn
GetCurrentObject
GetTextExtentPoint32W
MoveToEx
StretchBlt
GetTextColor
GetClipRgn
RectInRegion
SetBkMode
RoundRect
SetViewportOrgEx
TextOutW
ExtSelectClipRgn
GetViewportOrgEx
OffsetRgn
GetStockObject
ExtTextOutW
GetObjectW
SetBkColor
CreateBitmap
RestoreDC
SelectClipRgn
SetTextColor
CreateDIBSection
SelectObject
CreatePen
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
BitBlt
LineTo
Rectangle

advapi32

SetSecurityDescriptorSacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
GetSecurityDescriptorSacl
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
RegCreateKeyExW

shell32

ShellExecuteExW
ShellExecuteW
ord680

ole32

CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

StrToIntW
PathAddBackslashW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
StrToIntA

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

msvcp80

?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z

gdiplus

GdipDrawPath
GdipDeleteStringFormat
GdipDeletePath
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipAddPathArcI
GdipSetPenEndCap
GdipSetStringFormatAlign
GdipClosePathFigure
GdipSetPenStartCap
GdipFillRectangle
GdipSetPenDashStyle
GdipSetStringFormatLineAlign
GdipFillRectangleI
GdipSetPenMode
GdipSetStringFormatTrimming
GdipFillPath
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipDrawLine
GdipDrawString
GdipTranslateWorldTransform
GdipSetPixelOffsetMode
GdipDrawRectangleI
GdipRotateWorldTransform
GdipGetFamily
GdipResetWorldTransform
GdipCreateFont
GdipAddPathStringI
GdipGetFontSize
GdipDrawImageI
GdipDeleteFont
GdipDrawLinesI
GdipCreateFontFromLogfontW
GdipCloneBrush
GdipNewPrivateFontCollection
GdipMeasureString
GdipCreatePen1
GdipDeleteBrush
GdipDeletePrivateFontCollection
GdipAddPathPieI
GdipPrivateAddFontFile
GdipCreateLineBrushFromRectWithAngleI
GdipGetFontCollectionFamilyCount
GdipSetSmoothingMode
GdipDeletePen
GdipCreateStringFormat
GdipCreatePath
GdipSetClipPath
GdipDrawImageRectRect
GdipDeleteFontFamily
GdipDisposeImageAttributes
GdipDisposeImage
GdipDrawImagePointsRectI
GdipLoadImageFromStream
GdipSetImageAttributesColorMatrix
GdipGetImageWidth
GdipGetImageHeight
GdipLoadImageFromFile
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipFree
GdipCreateHBITMAPFromBitmap
GdipGetImagePixelFormat
GdipAlloc
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipDeleteGraphics
GdipDrawImageRectI
GdipCreateFromHDC
GdiplusShutdown
GdipCloneBitmapArea
GdipDrawImageRectRectI
GdiplusStartup
GdipImageRotateFlip
GdipCloneImage
GdipCreateImageAttributes
GdipAddPathRectangleI

msvcr80

_local_unwind4
_CxxThrowException
__CxxFrameHandler3
_stricmp
memmove
_mktime64
_localtime64_s
_time64
_wcstoi64
_wtoi
_vswprintf
wcspbrk
_wcslwr_s
wcschr
_beginthreadex
_wcsupr_s
wcsncpy_s
??0exception@std@@QAE@ABV01@@Z
swprintf_s
free
malloc
memcpy_s
setlocale
??0exception@std@@QAE@ABQBD@Z
wcsstr
strlen
_recalloc
_mbsicmp
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
wcscmp
calloc
wcslen
vswprintf_s
??2@YAPAXI@Z
labs
_vscwprintf
_mbscmp
memcpy
vsprintf_s
strcmp
_vscprintf
_purecall
memmove_s
??_V@YAXPAX@Z
wcsspn
_wtof
wcscspn
wcsrchr
memset
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_waccess
??3@YAXPAX@Z
fseek
fputc
fclose
fopen_s
sscanf_s
_vsnprintf_s
fread
fprintf
ferror
atoi
strncmp
isspace
strchr
isalnum
tolower
isalpha
strcpy_s
strncpy_s
strncat_s
_mkdir
strcat_s
wcsncpy
_exit
wcsncmp
__RTDynamicCast
wcscpy_s
floor
ceil
abs
_mbschr
_wcsicmp
_ui64toa
_strtoui64
wcscat_s
wcscat
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
ftell

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2bb2259ecc1873c349a54ad2489b4458

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp80

gdiplus

msvcr80

Sections

.text Size: 352KB - Virtual size: 351KB

.rdata Size: 96KB - Virtual size: 93KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 172KB - Virtual size: 172KB

.text
Size: 352KB - Virtual size: 351KB

.rdata
Size: 96KB - Virtual size: 93KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 172KB - Virtual size: 172KB