b3a929e641d7bfc0b9df3fa45757456893962afdbaa4eb2b03ed7ec0324c6a9d

Sharing

Copy URL Twitter E-mail

General

Target

b3a929e641d7bfc0b9df3fa45757456893962afdbaa4eb2b03ed7ec0324c6a9d
Size

528KB
MD5

d76a63c3810ca8510ea2490a5b688bed
SHA1

4672e76718b2695aedf9de7ef9453dd16a75c434
SHA256

b3a929e641d7bfc0b9df3fa45757456893962afdbaa4eb2b03ed7ec0324c6a9d
SHA512

0b6603bd8b1fc6fe1db2e57dc3a760f0ee4cfa24e9b032e38b7d98e2faa145d97ef5e9d2fcbc23a6a4e920c9d97e56c7543c82caaa0fc1a0a505544c8f22088c
SSDEEP

6144:Vh9XPb+/2KSG1hSIinSh7vydEgipLoaTdOtkjAo4rvthKjjER0JGRpcE1pxKS7Oi:ndaOmxTsaspvOjjERqkpcE1pPF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3a929e641d7bfc0b9df3fa45757456893962afdbaa4eb2b03ed7ec0324c6a9d

Files

b3a929e641d7bfc0b9df3fa45757456893962afdbaa4eb2b03ed7ec0324c6a9d
.dll windows:4 windows x86 arch:x86

17e087569a1d9f1972d0e411defd1813

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\MRP\output\win32\unlimited\UpgradeShow.pdb

Imports

kernel32

GetCurrentProcess
GetFileAttributesW
GetProcAddress
LoadLibraryW
WriteFile
GlobalMemoryStatusEx
GetLocalTime
CreateFileA
CreateDirectoryA
OutputDebugStringA
TerminateProcess
SetEvent
OpenEventW
CreateProcessW
SetHandleInformation
CreatePipe
GetExitCodeProcess
TerminateThread
GetModuleHandleW
FreeLibrary
LoadLibraryA
GetTickCount
ReleaseMutex
CreateMutexW
DeleteCriticalSection
GetSystemDirectoryW
GetVersionExA
GetWindowsDirectoryW
DeleteFileW
SetFilePointer
AllocConsole
GetSystemInfo
SetFilePointerEx
GetFileSizeEx
WriteConsoleA
SetLastError
WriteConsoleW
OutputDebugStringW
PeekNamedPipe
GetStartupInfoW
CreateDirectoryW
MoveFileW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
RemoveDirectoryA
RemoveDirectoryW
lstrlenW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
ReadFile
GetLastError
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
DeleteVolumeMountPointW
SetVolumeMountPointW
FlushFileBuffers
CreateFileW
DeviceIoControl
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GetVersionExW
CreateFileMappingW
CopyFileA
OpenFileMappingW
WritePrivateProfileStringA
GetPrivateProfileStringW
GetModuleFileNameA
GetModuleFileNameW
OpenMutexW
IsBadWritePtr
GetPrivateProfileStringA
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileIntW
InitializeCriticalSection
DeleteFileA
EnterCriticalSection
GetFileAttributesA
LeaveCriticalSection
WaitForSingleObject
GlobalAlloc
GlobalUnlock
CloseHandle
CreateThread
GlobalLock
Sleep
GetStdHandle
IsBadReadPtr

user32

BeginPaint
SetWindowTextW
GetWindowRect
LoadCursorW
GetDlgCtrlID
SetClipboardData
EndDialog
EnableWindow
MoveWindow
GetClientRect
CloseClipboard
GetDlgItem
SendMessageW
GetDC
InvalidateRect
ShowWindow
SetWindowLongW
GetWindowLongW
SetPropW
CreateWindowExW
ScreenToClient
GetParent
RegisterClassW
PostMessageW
SetParent
CreateDialogParamW
DispatchMessageW
TranslateMessage
IsWindow
GetMessageW
CallWindowProcW
DefWindowProcW
GetPropW
DrawTextW
DrawIconEx
SetScrollInfo
GetWindowTextW
GetWindowDC
IsWindowEnabled
TrackMouseEvent
FindWindowW
SystemParametersInfoW
GetScrollInfo
EmptyClipboard
SetCursor
MessageBoxW
GetWindowTextA
OpenClipboard
EndPaint
RemovePropW
ReleaseDC
wsprintfW
SetCapture
ReleaseCapture
SetWindowPos
LoadImageW
GetIconInfo
DestroyIcon
ClientToScreen
IsZoomed
SetWindowRgn
OffsetRect

gdi32

CreateRectRgn
CreateCompatibleBitmap
GetObjectW
CreateFontW
GetGlyphOutlineW
CreateCompatibleDC
BitBlt
DeleteDC
CreatePen
MoveToEx
LineTo
GetStockObject
SelectObject
SetBkColor
ExtTextOutW
CreateFontIndirectW
SetBkMode
DeleteObject
CreateSolidBrush
ExcludeClipRect
SetTextColor

advapi32

RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegSetValueExA
RegFlushKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExW
RegUnLoadKeyW
RegLoadKeyW
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyW
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegQueryInfoKeyW

shell32

ShellExecuteW
SHAppBarMessage

ole32

OleSetContainedObject
CoGetClassObject
OleUninitialize
OleInitialize

oleaut32

VariantClear
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
VariantInit
SysAllocString

ntdll

ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenDirectoryObject
strstr
vsprintf
wcschr
RtlInitUnicodeString
strchr
_fltused
_wcslwr
wcscpy
strtol
_aulldiv
toupper
tolower
_chkstk
wcstombs
NtUnloadDriver
NtLoadDriver
_allmul
ZwCreateFile
ZwClose
memset
_strnicmp
ZwQueryVolumeInformationFile
memcpy
_alldiv
_wcsnicmp
wcslen
_wtoi
sprintf
wcsrchr
_vsnprintf
strncpy
_wcsicmp
_stricmp
strrchr
atoi
wcsstr
wcsncpy
_CIpow
floor
strncmp
mbstowcs
_itoa

msvcp80

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

msvcr80

_localtime64
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
_vsnwprintf
wcscpy_s
swprintf_s
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove_s
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_mktime64
_purecall
memcpy_s
??_V@YAXPAX@Z
free
calloc
__CxxFrameHandler3
_swprintf
wcsncpy_s
_CxxThrowException
printf
_vswprintf
_time64
strcpy_s
sprintf_s
_beginthreadex
rand
strftime
srand
_vscprintf
_vscwprintf
malloc
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

ws2_32

WSAGetLastError
WSAStartup
gethostbyname
WSACleanup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReceiveResponse

Exports

Exports

PAGetGlobalDataObject
PAShowOfflineRegisterDlg
PAShowRegisterDlg
PAShowUpgradeDemo
PAShowUpgradeDemo2
PAShowUpgradeHome

Sections

.text
Size: 404KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

share
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17e087569a1d9f1972d0e411defd1813

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

msvcp80

msvcr80

ws2_32

version

wininet

winhttp

Exports

Exports

Sections

.text Size: 404KB - Virtual size: 401KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 8KB - Virtual size: 96KB

share Size: 4KB - Virtual size: 8B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 404KB - Virtual size: 401KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 96KB

share
Size: 4KB - Virtual size: 8B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 28KB - Virtual size: 27KB