21f63813e0dff217186d36af063db4c17593580a4676722226352835c06985a5

Sharing

Copy URL

Twitter E-mail

General

Target

21f63813e0dff217186d36af063db4c17593580a4676722226352835c06985a5
Size

1.7MB
MD5

dfbe1bfa0c0867164ceb964550f5c265
SHA1

8dd452461a9687ba36dd87ab6fe3e44f6a350208
SHA256

21f63813e0dff217186d36af063db4c17593580a4676722226352835c06985a5
SHA512

897767ba6e9dcb5c09c05fffb1013b8dee6a43c5d58f527b1262db39c9d7e08634918ecf075512d2e237a999e5625f63e58aaeeb9891a7dbc6ace9ade1f868fe
SSDEEP

49152:ElW+EHjCLNC4C+TrOgDcBloDvnWnRJvBEP+Ec7UobEw:El9EHj2NCQABaDvniJvBEPWUobEw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21f63813e0dff217186d36af063db4c17593580a4676722226352835c06985a5

Files

21f63813e0dff217186d36af063db4c17593580a4676722226352835c06985a5
.exe windows:4 windows x86 arch:x86

666f267bf293c4d62074c4bbe006934b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\svn-core\Trunk\Tools\SystemCheck\Release\SystemCheck.pdb

Imports

iphlpapi

GetAdaptersInfo

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

d3d9

Direct3DCreate9

kernel32

SetEndOfFile
SetFileAttributesA
SetFileTime
SetLastError
VirtualAlloc
VirtualFree
FreeResource
FindResourceExA
LoadLibraryExA
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
WritePrivateProfileStringA
GetModuleFileNameW
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCPInfo
GetOEMCP
GetThreadLocale
LockFile
UnlockFile
GetVolumeInformationA
GetFullPathNameA
RemoveDirectoryA
GetFileTime
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
ExitThread
HeapSize
GetStdHandle
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateDirectoryA
GetShortPathNameA
FlushFileBuffers
FindFirstFileA
FindNextFileA
FindClose
GetCurrentDirectoryA
WriteFile
TlsSetValue
DuplicateHandle
VirtualQuery
SetThreadAffinityMask
GetSystemTimeAsFileTime
CreateEventA
MoveFileA
GetFileAttributesA
GetFileSize
GetFileAttributesExA
InterlockedIncrement
GetCurrentThreadId
CreateThread
InterlockedDecrement
SetFilePointer
ReadFile
GetDiskFreeSpaceA
QueryPerformanceFrequency
TlsAlloc
GetComputerNameA
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTickCount
QueryPerformanceCounter
SignalObjectAndWait
TlsFree
TlsGetValue
GetProcessAffinityMask
GetThreadPriority
SetThreadPriority
GetCurrentProcessId
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
FreeLibrary
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
MulDiv
GlobalAlloc
GlobalFree
CreateFileA
CloseHandle
GetVersionExA
GetDriveTypeA
GetModuleHandleA
GetProcAddress
GlobalMemoryStatus
GetSystemInfo
GetDiskFreeSpaceExA
LoadLibraryA
SetCurrentDirectoryA
GetModuleFileNameA
CreateMutexA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
InterlockedExchange
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
DeleteFileA
SetErrorMode

user32

IsRectEmpty
SetCapture
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
GetDesktopWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
MessageBoxA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
IntersectRect
GetWindowPlacement
GetSystemMetrics
GetFocus
MoveWindow
GetDlgCtrlID
IsDialogMessageA
SendDlgItemMessageA
GetWindow
GetSysColor
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
SetWindowsHookExA
CallNextHookEx
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
MsgWaitForMultipleObjects
GetActiveWindow
DrawIcon
CallWindowProcA
BeginPaint
EndPaint
DestroyIcon
DefWindowProcA
IsZoomed
PtInRect
ShowWindow
DestroyWindow
CreateWindowExA
DrawIconEx
GetWindowDC
IsWindowEnabled
GetDC
ReleaseDC
GetWindowTextA
DrawTextA
GetWindowLongA
SetWindowLongA
TrackMouseEvent
LoadCursorA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
GetNextDlgTabItem
PostQuitMessage
CopyImage
InvalidateRect
SetWindowRgn
LoadBitmapA
DestroyMenu
GetWindowThreadProcessId
SetCursor
IsIconic
ReleaseCapture
FillRect
GetClientRect
LoadIconA
PostMessageA
FindWindowA
SetForegroundWindow
CharUpperA
DialogBoxParamA
GetParent
SetWindowTextA
GetDlgItem
GetScrollInfo
SetDlgItemTextA
SetFocus
EndDialog
GetWindowRect
SystemParametersInfoA
CopyRect
OffsetRect
SetWindowPos
IsWindow
EnableWindow
IsWindowVisible
UpdateWindow
SendMessageA
EqualRect
SetRect
GetMessageA

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
SetViewportOrgEx
GetMapMode
ScaleViewportExtEx
GetBkColor
GetTextColor
GetRgnBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateSolidBrush
DeleteObject
SetViewportExtEx
OffsetViewportOrgEx
DeleteDC
GetClipBox
SetMapMode
CreateRectRgnIndirect
SetBkColor
SaveDC
RestoreDC
GetDeviceCaps
CreateFontIndirectA
SetBkMode
SetTextColor
GetStockObject
GetPixel
BitBlt
CreatePolygonRgn
CreateEllipticRgn
GetObjectA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject

msimg32

TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CoRegisterMessageFilter
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysStringLen
SysAllocString
OleCreateFontIndirect
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
OleLoadPicture

wininet

HttpSendRequestA
InternetReadFileExA
HttpQueryInfoA
InternetSetOptionA
InternetCrackUrlA
HttpOpenRequestA
InternetSetCookieA
InternetCloseHandle
InternetOpenA
InternetSetStatusCallbackA
InternetConnectA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 4KB - Virtual size: 31B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

666f267bf293c4d62074c4bbe006934b

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

ddraw

d3d9

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

version

Sections

.text Size: 540KB - Virtual size: 539KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 24KB - Virtual size: 79KB

CONST Size: 4KB - Virtual size: 31B

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 540KB - Virtual size: 539KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 24KB - Virtual size: 79KB

CONST
Size: 4KB - Virtual size: 31B

.rsrc
Size: 32KB - Virtual size: 28KB