6493847c1c33453ffa9f338f6f52c13f8f918c6545c70b1de7cd51dc69ab8242

Sharing

Copy URL Twitter E-mail

General

Target

6493847c1c33453ffa9f338f6f52c13f8f918c6545c70b1de7cd51dc69ab8242
Size

1.6MB
MD5

5ce3494ff0c461e8be9d7cc1dbb663b2
SHA1

1389adab50d205a41c7de78d71e4b55052957709
SHA256

6493847c1c33453ffa9f338f6f52c13f8f918c6545c70b1de7cd51dc69ab8242
SHA512

98d877b5dc1037fbe1256884683f93bf84aa30a0b37721a9d72cec6443a36e7bb0bb7c20bc674c79e5d0773376cc8a5eb5e8c4fed66a0c5bba8fe5425f6df0c8
SSDEEP

24576:et9ZgDLm2Svkt89nOXKFTAd0c9V/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:grgW2SvkBX8Ta0ELNiXicJFFRGNzj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6493847c1c33453ffa9f338f6f52c13f8f918c6545c70b1de7cd51dc69ab8242

Files

6493847c1c33453ffa9f338f6f52c13f8f918c6545c70b1de7cd51dc69ab8242
.exe windows:5 windows x86 arch:x86

c6739ef653a562d6bf3be98efca2dd5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AdobeCollabSync.pdb

Imports

shlwapi

UrlCanonicalizeA
PathRemoveFileSpecW
StrCmpNA

kernel32

GetCurrentThread
PeekNamedPipe
CreateFileA
WaitNamedPipeA
FindFirstChangeNotificationW
ResetEvent
FindNextChangeNotification
WaitForMultipleObjects
FindCloseChangeNotification
SetEvent
CreateEventA
GetVersionExA
LoadLibraryA
lstrlenA
GetSystemDirectoryA
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
MoveFileW
FlushFileBuffers
SetFilePointer
SetEndOfFile
GetFileInformationByHandle
GetDriveTypeW
FindFirstFileW
GetFullPathNameW
FindClose
OpenMutexW
SwitchToThread
CreateThread
CreateSemaphoreA
GetTickCount
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
LocalFree
LeaveCriticalSection
TlsSetValue
LocalAlloc
TlsGetValue
EnterCriticalSection
TlsFree
DeleteCriticalSection
GetLocalTime
GetSystemTimeAsFileTime
GetVersion
OutputDebugStringA
GetModuleHandleA
GetProcAddress
SetLastError
GetModuleFileNameW
GetFileAttributesW
LoadLibraryW
GetModuleHandleW
GetUserDefaultLCID
LoadLibraryExW
FreeLibrary
HeapSetInformation
DeleteFileW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
InterlockedExchange
RaiseException
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
CreateFileW
SetNamedPipeHandleState
WriteFile
CloseHandle
Sleep
ReadFile
GetLastError
GetVolumeInformationW
lstrlenW
TlsAlloc
GetOverlappedResult

netapi32

NetShareGetInfo

sensapi

IsNetworkAlive

msvcp90

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADU_Size_type_nosscl@01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDU_Size_type_nosscl@01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?max_size@?$allocator@D@std@@QBEIXZ
??0?$allocator@D@std@@QAE@ABV01@@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$allocator@D@std@@QAE@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

memset
??_V@YAXPAX@Z
memcpy
strlen
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
realloc
memmove
free
malloc
pow
_mbschr
strcpy_s
_strlwr
toupper
sscanf
sprintf_s
atoi
_mktime64
swscanf_s
__CxxFrameHandler3
_wcslwr_s
memcmp
wcslen
memcpy_s
isxdigit
isdigit
isspace
printf
iswdigit
wcscpy_s
wcstok_s
iswalpha
wcsrchr
wcsnlen
_wcsnicmp
_wcsicmp
memmove_s
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_set_invalid_parameter_handler
vwprintf_s
_purecall
strchr
strncpy
strcmp
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
__RTDynamicCast
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_vsnwprintf_s

ws2_32

WSAEventSelect
WSASocketA
WSAIoctl
WSACreateEvent
WSAGetLastError
WSACleanup
WSAStartup

wininet

InternetWriteFile
InternetOpenA
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle
InternetSetOptionA
HttpSendRequestExA
HttpEndRequestA
InternetReadFile

mpr

WNetGetResourceInformationW
WNetAddConnection2W
WNetCancelConnection2W

crypt32

CryptUnprotectData
CryptProtectData

user32

CreateWindowExW
RegisterClassW
CreatePopupMenu
LoadStringW
GetCursorPos
DefWindowProcA
TranslateMessage
InsertMenuItemW
SetPropW
SetForegroundWindow
DispatchMessageA
TrackPopupMenu
PostQuitMessage
GetMessageA
DestroyWindow
PostMessageW
FindWindowW
GetSystemMetrics
CallWindowProcA
DestroyMenu
GetPropW
LoadImageW
InsertMenuW
PostMessageA

advapi32

OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
GetTokenInformation

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHFileOperationA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysFreeString

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 817KB - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 616KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6739ef653a562d6bf3be98efca2dd5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

netapi32

sensapi

msvcp90

msvcr90

ws2_32

wininet

mpr

crypt32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 817KB - Virtual size: 816KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 25KB - Virtual size: 29KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 616KB - Virtual size: 620KB

.text
Size: 817KB - Virtual size: 816KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 25KB - Virtual size: 29KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 616KB - Virtual size: 620KB