154008c738eeefa12925a4f4187ea816735430dcbf08213734712273d3fdef8d

Sharing

Copy URL Twitter E-mail

General

Target

154008c738eeefa12925a4f4187ea816735430dcbf08213734712273d3fdef8d
Size

1.3MB
MD5

a1f27c3d39265c54af3954254249a0ed
SHA1

57d69747e44dc9bd56843f59d69ca6deb0dde6f2
SHA256

154008c738eeefa12925a4f4187ea816735430dcbf08213734712273d3fdef8d
SHA512

733b8f2140d28f6b18d260fce11ee36a6b24bc8a4462402eaa201083cab0b9ff7935f5a2c52ee94556db3a44eb169c8d32f59e4ae872d1a6e0ddcd6f806b23a0
SSDEEP

12288:Bv+0iHa4U5q4kLCPmHhySnk3Rpb2DQ/LHeFRWQpM3eQKvsKlpRj3V4:Bka4U1kkmHSpbLLHeFRFpD4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
154008c738eeefa12925a4f4187ea816735430dcbf08213734712273d3fdef8d

Files

154008c738eeefa12925a4f4187ea816735430dcbf08213734712273d3fdef8d
.exe windows:4 windows x86 arch:x86

bd140e2d0da30a6d946edaac46cfc0ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
SetErrorMode
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapAlloc
GetTimeFormatA
GetDateFormatA
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
ExitProcess
ExitThread
CreateThread
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
ResetEvent
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
InterlockedIncrement
GetCurrentProcessId
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalReAlloc
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
FreeResource
lstrcmpA
GlobalSize
FormatMessageA
MulDiv
CreateDirectoryA
ReadFile
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
GetTickCount
DeleteFileA
CopyFileA
GetFileAttributesA
CreateFileA
GetFileSize
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
WritePrivateProfileStringA
InitializeCriticalSection
LocalAlloc
LocalFree
SetThreadUILanguage
OpenProcess
TerminateProcess
Sleep
CreateMutexA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrlenA
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalHandle
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
CloseHandle
GetStartupInfoA
WaitForSingleObject
VirtualFree

user32

SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
PostThreadMessageA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextA
InflateRect
DrawStateA
CharUpperA
DrawEdge
GetWindowRect
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
GetSystemMetrics
PeekMessageA
IsIconic
DrawIcon
GetDC
ReleaseDC
SetRect
FindWindowA
GetWindowThreadProcessId
GetCursorPos
DrawFocusRect
CopyRect
SetTimer
KillTimer
GetParent
OffsetRect
GetFocus
GetDlgCtrlID
MessageBeep
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RedrawWindow
SetWindowRgn
GetSysColor
InvalidateRect
GetClientRect
FillRect
EnableWindow
GetWindow
SendMessageA
LoadIconA
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
ReleaseCapture
SetCapture
DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
CharNextA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
SetCursor
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
UnhookWindowsHookEx

gdi32

GetMapMode
DPtoLP
LPtoDP
BeginPath
EndPath
StrokeAndFillPath
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontA
DeleteObject
DeleteDC
SelectObject
CreateBitmap
CreatePen
GetDeviceCaps
Rectangle
StartDocA
StartPage
AbortDoc
EndDoc
EndPage
RestoreDC
SaveDC
SetMapMode
GetStockObject
CreateRoundRectRgn
RoundRect
GetClipBox
SetTextColor
SetBkColor
SetBkMode
GetBkColor
LineTo
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
GetTextColor
GetRgnBox
PathToRegion
CombineRgn
CreateSolidBrush
GetTextExtentPoint32A
GetTextMetricsA
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectA
MoveToEx
CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionA
PathAppendA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CoInitializeEx
CoRegisterMessageFilter
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoGetClassObject
CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

VariantInit
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysAllocString
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayGetElement
SafeArrayPutElement
SafeArrayDestroy
SafeArrayLock
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantChangeType
SafeArrayUnlock

winmm

timeSetEvent
timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeKillEvent

nicppaiu

?ThrowIfHasContext@CNiDAQmxTiming@NI@@ABEXXZ
?SetSampleTimingType@CNiDAQmxTiming@NI@@QAEXW4DAQmxSampleTimingType@2@@Z
?SetSamplesPerChannel@CNiDAQmxTiming@NI@@QAEX_K@Z
?SetSampleQuantityMode@CNiDAQmxTiming@NI@@QAEXW4DAQmxSampleQuantityMode@2@@Z
?SetSampleClockActiveEdge@CNiDAQmxTiming@NI@@QAEXW4DAQmxSampleClockActiveEdge@2@@Z
?SetSampleClockRate@CNiDAQmxTiming@NI@@QAEXN@Z
?SetSampleClockSource@CNiDAQmxTiming@NI@@QAEXPBD@Z
??0CNiDAQmxTriggers@NI@@AAE@AAVCTaskImpl@Internal@1@@Z
??0CNiDAQmxStream@NI@@AAE@AAVCTaskImpl@Internal@1@@Z
?Init@CNiDAQmxTask@NI@@QAEXPBD@Z
?SetLightworldThunks@CTaskImplThunks@Internal@NI@@SAXP8CIOImpl@23@AEXXZ00@Z
?RegisterTaskImplThunk@CNiDAQmxTask@NI@@QAEXPAVCTaskImplThunk@Internal@2@@Z
?GetEventType@CNiDAQmxSampleCompleteEvent@NI@@CAJXZ
?GetEventType@CNiDAQmxSampleClockEvent@NI@@CAJXZ
??1CNiDAQmxTask@NI@@QAE@XZ
??1CNiDAQmxChannel@NI@@UAE@XZ
?Control@CNiDAQmxTask@NI@@QAEXW4DAQmxTaskAction@2@@Z
?WriteSingleSampleSingleLine@CNiDAQmxDigitalSingleChannelWriter@NI@@QAEX_N0@Z
?CreateChannel@CNiDAQmxDOChannels@NI@@QAE?AVCNiDAQmxDOChannel@2@PBD0W4DAQmxChannelLineGrouping@2@@Z
?CreateCountEdgesChannel@CNiDAQmxCIChannels@NI@@QAE?AVCNiDAQmxCIChannel@2@PBD0W4DAQmxCICountEdgesActiveEdge@2@KW4DAQmxCICountEdgesCountDirection@2@@Z
?CreatePulseChannelFrequency@CNiDAQmxCOChannels@NI@@QAE?AVCNiDAQmxCOChannel@2@PBD0W4DAQmxCOPulseFrequencyUnits@2@W4DAQmxCOPulseIdleState@2@NNN@Z
?CreateChannel@CNiDAQmxDIChannels@NI@@QAE?AVCNiDAQmxDIChannel@2@PBD0W4DAQmxChannelLineGrouping@2@@Z
?ReadSingleSampleUInt32@CNiDAQmxCounterReader@NI@@QAEKXZ
?CreateVoltageChannel@CNiDAQmxAIChannels@NI@@QAE?AVCNiDAQmxAIChannel@2@PBD0W4DAQmxAITerminalConfiguration@2@NNW4DAQmxAIVoltageUnits@2@@Z
??1CNiDAQmxDevice@NI@@QAE@XZ
?GetSerialNumber@CNiDAQmxDevice@NI@@QBEIXZ
?GetEventType@CNiDAQmxDigitalChangeDetectionEvent@NI@@CAJXZ
?GetEventType@CNiDAQmxCounterOutputEvent@NI@@CAJXZ
?ThrowIfInvalid@CNiDAQmxAsyncOperation@NI@@IAEXXZ
?CreateObserver_thunk@CNiDAQmxSignalEvent@NI@@AAEPAVCEventObserver@Internal@2@AAVCTaskImpl@42@@Z
?ReleaseObserver_thunk@CNiDAQmxSignalEvent@NI@@AAEXPAVCEventObserver@Internal@2@@Z
?CreateObserver_thunk@CNiDAQmxTaskDoneEvent@NI@@AAEPAVCEventObserver@Internal@2@AAVCTaskImpl@42@@Z
?ReleaseObserver_thunk@CNiDAQmxTaskDoneEvent@NI@@AAEXPAVCEventObserver@Internal@2@@Z
?ReadMultiSample@CNiDAQmxAnalogMultiChannelReader@NI@@QAEXJAAV?$matrix@N@magic_mirror@@@Z
?ReadSingleSampleMultiLine@CNiDAQmxDigitalSingleChannelReader@NI@@QAEXAAV?$vector@_N@magic_mirror@@@Z
?UnregisterWithTaskImpl@CIOImpl@Internal@NI@@AAEXXZ
?set_thunks@exception@magic_mirror@@SAXP6AXABV?$basic_string@G@2@H@ZP6AXKK@Z@Z
?ThrowTaskBeingAbortedException@CNiDAQmxSystem@NI@@SAXPAVCTaskImpl@Internal@2@@Z
?LoadDevice_thunk@CNiDAQmxSystem@NI@@SA?AVCNiDAQmxDevice@2@PBD@Z
?GetDevices@CNiDAQmxSystem@NI@@SAXAAV?$vector@V?$basic_string@G@magic_mirror@@@magic_mirror@@@Z
?RegisterWithTaskImpl@CIOImpl@Internal@NI@@AAEXXZ

Sections

.text
Size: 860KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd140e2d0da30a6d946edaac46cfc0ab

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

nicppaiu

Sections

.text Size: 860KB - Virtual size: 856KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 220KB - Virtual size: 218KB

.text
Size: 860KB - Virtual size: 856KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 220KB - Virtual size: 218KB