83735e0f06085eb1298dc99cda8ea001360833ff62007fd31f5e77314b96950d

Sharing

Copy URL

Twitter E-mail

General

Target

83735e0f06085eb1298dc99cda8ea001360833ff62007fd31f5e77314b96950d
Size

768KB
MD5

b16ffbc1f59da01e2971d4d83f3893ed
SHA1

f4b8c2b5d3a6a829c4fe1b810c0a8de0bf3e1754
SHA256

83735e0f06085eb1298dc99cda8ea001360833ff62007fd31f5e77314b96950d
SHA512

158e1e04ddb656e82f38374ec208ed277513aa35f063c1d5101a1bef1a85e5d10a1a2f7fcb44bfce4b4d7a3c6d9214065e21c68db8da33cb91606eed65a630f7
SSDEEP

12288:VBylEkEssFGggf9diPlpYa5zqGZU/XAKSAO8oXMiYUKyqhB6Jk+RB1DKKb1:HqsFs1di9/l+4jz8oXfY8qB6tRNR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83735e0f06085eb1298dc99cda8ea001360833ff62007fd31f5e77314b96950d

Files

83735e0f06085eb1298dc99cda8ea001360833ff62007fd31f5e77314b96950d
.dll windows:5 windows x86 arch:x86

8a2286e1916370cbd72a7483dcc148cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\37Work\pc_code\lander\template\37lander_cef\bin\config.pdb

Imports

kernel32

OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetTempPathW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
InterlockedExchange
FreeResource
GlobalFree
Sleep
CreateEventW
SetEvent
CreateFileW
WriteFile
DeleteFileW
GetTickCount
GetVersionExW
GetCommandLineW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LockResource
FindResourceExW
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
TerminateProcess
OpenProcess
CreateProcessW
OutputDebugStringW
ResumeThread
TerminateThread
GetExitCodeThread
CloseHandle
WaitForSingleObject
IsBadWritePtr
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

PtInRect
SystemParametersInfoW
GetClientRect
ShowWindow
DefWindowProcW
UpdateWindow
ClientToScreen
IsChild
MessageBoxW
UpdateLayeredWindow
GetDC
GetWindowLongW
SetWindowLongW
SetWindowPos
SendMessageW
RegisterClassExW
LoadCursorW
LoadIconW
DestroyWindow
CharNextW
UnregisterClassA
LoadMenuW
GetSubMenu
RemoveMenu
DestroyMenu
CheckMenuItem
TrackPopupMenu
GetCursorPos
PostMessageW
CallWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
CreateAcceleratorTableW
CreateWindowExW
GetClassInfoExW
RedrawWindow
GetSysColor
GetClassNameW
IsWindow
GetDlgItem
GetWindow
SetFocus
GetFocus
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SetLayeredWindowAttributes
PostQuitMessage
GetKeyState
LoadStringW
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetForegroundWindow
IsWindowVisible
LoadImageW
SetCursor
OffsetRect
DrawTextW
InflateRect
IsIconic
SetWindowRgn
ReleaseDC

gdi32

SetBkColor
StretchBlt
CreateRoundRectRgn
SetTextColor
SelectObject
SetBkMode
SetDIBColorTable
CreateDIBSection
CreateSolidBrush
GetStockObject
GetDeviceCaps
GetObjectW
BitBlt
RestoreDC
CreateCompatibleBitmap
CreateFontW
DeleteDC
DeleteObject
CreateCompatibleDC
SaveDC

advapi32

RegDeleteValueW
GetUserNameW
GetTokenInformation
OpenProcessToken
RegCreateKeyW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData

shlwapi

StrCpyW
PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

msvcp90

?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??_D?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdiplusShutdown
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth

msvcr90

??2@YAPAXI@Z
??_V@YAXPAX@Z
memcpy
_itoa
_strrev
free
malloc
memcpy_s
_recalloc
wcsncpy_s
wcsstr
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_beginthreadex
swprintf_s
_vscwprintf
vswprintf_s
_localtime64_s
_time64
wcsftime
_purecall
setlocale
mbstowcs
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
_resetstkoflw
__dllonexit
_unlock
_CxxThrowException
__CxxFrameHandler3
memset
strpbrk
sprintf_s
sscanf
isalnum
wcscpy_s
wcscat_s
_wcsicmp
_wcslwr_s
_snwprintf_s
memmove
atoi
??3@YAXPAX@Z

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetGetCookieExW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

iphlpapi

GetAdaptersInfo

Exports

Exports

StartLander

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 954KB - Virtual size: 953KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a2286e1916370cbd72a7483dcc148cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp90

gdiplus

msvcr90

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 200KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 954KB - Virtual size: 953KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 200KB - Virtual size: 200KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 954KB - Virtual size: 953KB

.reloc
Size: 23KB - Virtual size: 23KB