d27411082444a5e1d4e93cdc5761c6d55c4556b112b759c61f896e763a21bbfc

Sharing

Copy URL Twitter E-mail

General

Target

d27411082444a5e1d4e93cdc5761c6d55c4556b112b759c61f896e763a21bbfc
Size

1.2MB
MD5

7acbb27a3171b0df37a560f7b2fdb814
SHA1

77a816f448879dd153c61cd7ea8f363233314991
SHA256

d27411082444a5e1d4e93cdc5761c6d55c4556b112b759c61f896e763a21bbfc
SHA512

00eb0255897830069264460fc0a926c850728c0d70c062ba12429832cd0b4b41dca51588ea6f1e95c61b5b5c68648afd4ca5b7e091c72505d69bc6980f247e84
SSDEEP

24576:dKyi0y6X8UnaIKImlj/ERBHxFmtK9RCjnOF:dKve1aIKXiBHzmthOF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d27411082444a5e1d4e93cdc5761c6d55c4556b112b759c61f896e763a21bbfc

Files

d27411082444a5e1d4e93cdc5761c6d55c4556b112b759c61f896e763a21bbfc
.exe windows:6 windows x86 arch:x86

dfc22b4339dcc64b820ef204606d80fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Hudson\jobs\pcmanager_git_branch_Preload\workspace\bin\x86\Release\ExControl.pdb

Imports

kernel32

MultiByteToWideChar
GetModuleHandleW
GetPrivateProfileStringW
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetCurrentProcess
TerminateProcess
Sleep
GetProcAddress
LoadLibraryW
GetPrivateProfileIntW
VirtualQuery
GetModuleFileNameW
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileSizeEx
DeleteFileW
GetLocalTime
SetConsoleTextAttribute
WriteConsoleW
GetStdHandle
WideCharToMultiByte
GetLastError
GetFileAttributesW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
GetStringTypeW
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
CreateFileW
SetFilePointer
WriteFile
CloseHandle
ReleaseMutex
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryW
ExitProcess
GetTickCount
LoadLibraryExW
GetACP
FreeResource
GetFileSize
ReadFile
MulDiv
CreateDirectoryW
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GetVersionExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObjectEx
GetCurrentThread
GetCurrentThreadId
TryEnterCriticalSection
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
IsDebuggerPresent
OutputDebugStringW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList

user32

IsIconic
ShowWindow
IsWindow
BringWindowToTop
SendMessageW
SetWindowTextW
PostQuitMessage
FindWindowW
SetForegroundWindow
MessageBoxW
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
GetWindowTextW
DrawIconEx
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetWindowPos
SetFocus
EnableWindow
GetMenu
SetPropW
GetPropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
UnionRect
OffsetRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
MonitorFromWindow
GetMonitorInfoW
DestroyWindow
UpdateLayeredWindow
MoveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
MapWindowPoints
IsRectEmpty
PtInRect
GetGestureInfo
CloseGestureInfoHandle
SetGestureConfig
wvsprintfW
CharNextW
SetCursor
AnimateWindow
IsZoomed
SetWindowRgn
IntersectRect
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret

gdi32

CreateRectRgn
PtInRegion
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
CreateRoundRectRgn
SetWindowOrgEx
CreateDIBSection
RoundRect
GetTextMetricsW
SelectObject
SaveDC
CreatePatternBrush
GetDeviceCaps
ExtTextOutW
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
DeleteDC
CreateDCW
GetObjectW
GetDIBits
RestoreDC
Rectangle
GetStockObject
DeleteObject
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectClipRgn
ExtSelectClipRgn
LineTo

advapi32

SetFileSecurityW
SetSecurityDescriptorDacl
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
InitializeSecurityDescriptor
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

cloudconnect

??0CCloudConnect@@QAE@XZ
??1CCloudConnect@@QAE@XZ
?GetToken@CCloudConnect@@QAEPBDXZ

dataplugin

LM_Initd
LM_Finish
LM_TrackEvent

gdiplus

GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetWorldTransform
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipCreateHICONFromBitmap
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateFontFromLogfontA
GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipSetStringFormatTrimming
GdiplusStartup
GdiplusShutdown
GdipCreateLineBrushI
GdipCreateStringFormat
GdipCreateTexture
GdipSetTextureTransform
GdipLoadImageFromFile
GdipGetImageThumbnail
GdipFillEllipseI
GdipLoadImageFromStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipGetImageHeight
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipCreateFontFromDC

shlwapi

PathFileExistsW
PathFindFileNameW
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
PathAddExtensionW

crypt32

CryptMsgClose
CryptQueryObject
CryptMsgGetParam
CertCloseStore
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore

comctl32

_TrackMouseEvent
ord17

imm32

ImmGetContext
ImmGetCompositionStringW
ImmReleaseContext
ImmSetCompositionWindow

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 505KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfc22b4339dcc64b820ef204606d80fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

cloudconnect

dataplugin

gdiplus

shlwapi

crypt32

comctl32

imm32

ole32

oleaut32

Sections

.text Size: 505KB - Virtual size: 504KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 12KB - Virtual size: 19KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 501KB - Virtual size: 500KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 505KB - Virtual size: 504KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 12KB - Virtual size: 19KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 501KB - Virtual size: 500KB

.reloc
Size: 32KB - Virtual size: 31KB