7237c6690df2361d3edd78e1059fad0bf9971f8b3f4e71d13fed8549fa68d50f

Sharing

Copy URL Twitter E-mail

General

Target

7237c6690df2361d3edd78e1059fad0bf9971f8b3f4e71d13fed8549fa68d50f
Size

148KB
MD5

0f3de0d7f86bba994373fd4047e80820
SHA1

2ef15e0da39b29ca133bab2c8bdeca569e1ff879
SHA256

7237c6690df2361d3edd78e1059fad0bf9971f8b3f4e71d13fed8549fa68d50f
SHA512

bec7f1df35ac3a5484089fc091cf1a3d17f32b2cef07dbc313f29c2cdd3c5960651e0b9bdba7556bc9cef256efb51b26fe3265067696830bbf6158c830ca39ba
SSDEEP

3072:nnrmpYVnafeHolytIVgJXp+y6bMl1GKeZ8Y0x+aq:nruYRo3WX/l1GRZ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7237c6690df2361d3edd78e1059fad0bf9971f8b3f4e71d13fed8549fa68d50f

Files

7237c6690df2361d3edd78e1059fad0bf9971f8b3f4e71d13fed8549fa68d50f
.exe windows:4 windows x86 arch:x86

ed82ca81c6d24772ea8b36f03dbc8f30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Build\PCM_47_DailyBuild\SourceCode\Pcm47\KernelSource\Common\Pcmservice\Release\PCMService.pdb

Imports

wininet

InternetGetConnectedState

shlwapi

PathFileExistsA
PathFindExtensionA

ddraw

DirectDrawCreateEx

d3d9

Direct3DCreate9

mfc71

ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5165
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4265
ord635
ord395
ord4541
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord4261
ord3333
ord566
ord757
ord1144
ord1128
ord2248
ord932
ord1160
ord1161
ord593
ord5119
ord334
ord1054
ord1185
ord3255
ord427
ord664
ord4067
ord870
ord3684
ord3596
ord4035
ord4100
ord2094
ord3244
ord1955
ord2371
ord1283
ord1063
ord3946
ord5152
ord5214
ord4282
ord5175
ord572
ord760
ord5331
ord6297
ord5320
ord6286
ord2475
ord5491
ord631
ord2751
ord2288
ord2280
ord386
ord865
ord911
ord6178
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord928
ord923
ord5960
ord1600
ord4277
ord4722
ord3403
ord1306
ord2173
ord581
ord1167
ord1092
ord1209
ord5205
ord4185
ord5073
ord1908
ord5148
ord4244
ord1402
ord3945
ord1617
ord1620
ord5915
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2615
ord1913
ord2246
ord4342
ord6275
ord442
ord4299
ord314
ord784
ord2468
ord5403
ord3934
ord304
ord2271
ord3997
ord781
ord5563
ord5529
ord2322
ord1903
ord1482
ord6118
ord2933
ord299
ord2902
ord1489
ord297
ord876
ord4104
ord310
ord578
ord1084
ord762
ord764
ord3466
ord3648
ord265
ord266
ord1187
ord1191
ord315
ord765
ord1917
ord1207

msvcr71

__CxxFrameHandler
_mbsicmp
_localtime64
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
ceil
swprintf
rand
srand
time
_time64
_makepath
_splitpath
sprintf
_vsnprintf
_vsnwprintf
wcscpy
_except_handler3
_resetstkoflw
free
malloc
_stricmp
_setmbcp
fclose
sscanf
strstr
fgets
fopen
_purecall
wcsncpy
realloc
strftime
_mbscmp
_snprintf
_mktime64
_ultoa
memset
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

OutputDebugStringW
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetSystemPowerStatus
GetProcAddress
LoadLibraryA
FindNextFileA
FindClose
FindFirstFileA
GetPrivateProfileStringA
GetFileAttributesA
CreateMutexA
GetModuleHandleA
RaiseException
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcpynA
lstrcpyA
lstrcatA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetCommandLineA
GetCurrentThreadId
CreateDirectoryA
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
LocalFree
LocalAlloc
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
CloseHandle
GetModuleFileNameA
Process32Next
TerminateProcess

user32

FindWindowA
wvsprintfA
EnableWindow
GetCursorPos
TrackPopupMenu
SetMenuDefaultItem
SetForegroundWindow
LoadMenuA
GetSubMenu
GetMenuItemID
GetClassInfoA
CharNextA
RegisterWindowMessageA
UnhookWindowsHookEx
DestroyIcon
PostQuitMessage
LoadIconA
IsWindow
SetWindowsHookExA
SendMessageA
GetKeyState
wsprintfA
CallNextHookEx
KillTimer
SetTimer
PostMessageA
GetActiveWindow

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
StringFromGUID2
CoRegisterClassObject
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

VarUdateFromDate
SysAllocStringLen
VariantClear
VariantInit
VarBstrCmp
SysStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime

msvcp71

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed82ca81c6d24772ea8b36f03dbc8f30

Headers

File Characteristics

PDB Paths

Imports

wininet

shlwapi

ddraw

d3d9

mfc71

msvcr71

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp71

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 40KB - Virtual size: 38KB