Restore_ v3[.]7[.]0[.]0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Restore_ v3.7.0.0.exe
Size

885KB
MD5

4d8037fa0415e04ee832da8f98a3cde9
SHA1

f64cea1a261466d96f30cf76e5bfad856950cd99
SHA256

d8afbb82ff70c26ca45a0f3e8367c60e93b577bef9f4f1b5ed0e68a952a84f01
SHA512

239903ff4c18e38b6bede8fc18f6fc35b8083afd528709fa598d2541e61e8f1691e0c4781380202a58a0a7c1724401cfbf867561c5d58e40692d2f782732e937
SSDEEP

12288:6RJtwwXKSu6M579ohZWSk+76QUv8jHbPlYQEcgPOcvsSY5XbmuMq:IJdXKP1Q8F+OQpjHccgPOcUDbmNq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Restore_ v3.7.0.0.exe

Files

Restore_ v3.7.0.0.exe
.exe windows:5 windows x86 arch:x86

88e166825b647eb2d51ad9e6bd16fb5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\Preformat\New\PreFormat 2012.10.30\Release\Restore.pdb

Imports

hid

HidD_GetIndexedString
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_SetNumInputBuffers
HidD_GetHidGuid
HidD_GetAttributes
HidD_GetSerialNumberString

setupapi

CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
CM_Get_Device_IDA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

kernel32

GetCurrentProcessId
GetModuleHandleA
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetThreadLocale
FileTimeToSystemTime
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileW
GetFullPathNameW
SetErrorMode
GetTickCount
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetStartupInfoW
WritePrivateProfileStringW
HeapFree
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
InterlockedDecrement
CreateEventW
SuspendThread
SetEvent
SetThreadPriority
FormatMessageW
LocalFree
MulDiv
lstrlenA
lstrlenW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
SetLastError
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
FreeResource
FindResourceW
GetVolumeInformationW
Sleep
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetDriveTypeW
GetLastError
DeviceIoControl
CreateFileW
CloseHandle
OutputDebugStringW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetProcAddress
GetLogicalDrives
GetVersion
GetCurrentProcess
LoadLibraryA
GetDriveTypeA
CreateThread
ResumeThread
GlobalFree
GlobalAlloc
CreateFileA
GetSystemDefaultLangID
ReadFile
WriteFile
ExitProcess

user32

GetSysColorBrush
LoadCursorW
UnregisterClassW
SetCapture
ReleaseCapture
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
CharUpperW
RegisterClipboardFormatW
PostThreadMessageW
ValidateRect
ReleaseDC
GetDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
GetFocus
SetFocus
DestroyMenu
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
EndPaint
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowRect
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
EnableWindow
SendMessageW
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfW
LoadIconW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetTimer
KillTimer
wsprintfA
GetWindowThreadProcessId
SetCursor
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
GetWindowTextW
GetCursorPos
EndDialog
GetNextDlgTabItem
GetParent
RemovePropW

shell32

ShellExecuteExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

gdi32

SaveDC
RestoreDC
SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
GetObjectW
Escape
SelectObject
SetViewportOrgEx
GetDeviceCaps
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
OffsetViewportOrgEx
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

GetFileTitleW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleFlushClipboard

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantCopy
VariantInit
SysAllocStringLen
VariantClear
VariantChangeType
OleCreateFontIndirect

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88e166825b647eb2d51ad9e6bd16fb5b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

setupapi

kernel32

user32

shell32

version

comctl32

shlwapi

oledlg

gdi32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 25KB - Virtual size: 130KB

.rsrc Size: 216KB - Virtual size: 215KB

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 25KB - Virtual size: 130KB

.rsrc
Size: 216KB - Virtual size: 215KB

.reloc
Size: 43KB - Virtual size: 42KB