0efbbb4c5dcc9c2fe72a36c141070258c1990478fa8ed04506664adf73cac97b

Sharing

Copy URL Twitter E-mail

General

Target

0efbbb4c5dcc9c2fe72a36c141070258c1990478fa8ed04506664adf73cac97b
Size

6.0MB
MD5

30de859edf59cc08aeb029611d015021
SHA1

9e57d8b917ac4d6d733e6487b6ab4f6ec68886c8
SHA256

0efbbb4c5dcc9c2fe72a36c141070258c1990478fa8ed04506664adf73cac97b
SHA512

bb82f5399f38f2ccb48a28d44439d10564ddd9081c107daec596bbf0aacaba472354c66cd7d5daaece5aa7bdf0a7c2776e237e30a517c543fbca0d0787ef7db1
SSDEEP

98304:Vi4J4dTUuPOvKXJOwjFurlWLJZFI4vtShrPlGivKbu7wH/hdWkk:U4ydIuP9XJOwjQrsLZrv6PldvKbu7wfB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0efbbb4c5dcc9c2fe72a36c141070258c1990478fa8ed04506664adf73cac97b

Files

0efbbb4c5dcc9c2fe72a36c141070258c1990478fa8ed04506664adf73cac97b
.exe windows:5 windows x86 arch:x86

8809cda8e1e27e5430db40cde5e34c3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\work\PC\ExplorerMax\trunk2\trunk\bin\Release_En\ExplorerMax.pdb

Imports

kernel32

CreateToolhelp32Snapshot
GetModuleHandleW
SystemTimeToFileTime
FindFirstFileExW
FileTimeToSystemTime
LocalFree
WritePrivateProfileStringW
WritePrivateProfileStructW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStructW
CreateFileA
SetFilePointer
GetModuleFileNameA
DeleteFileA
GetFileSize
GetLocalTime
WriteFile
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileW
GetModuleHandleA
GetSystemDirectoryW
GetCurrentDirectoryW
GetTempPathW
CreateEventW
CreateThread
WaitForSingleObjectEx
GetTickCount
GetSystemInfo
IsDebuggerPresent
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualFree
LoadLibraryExA
FormatMessageW
GetStringTypeW
GetCPInfo
Process32FirstW
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
ExitProcess
GetACP
VerSetConditionMask
VerifyVersionInfoW
SetFileTime
LocalFileTimeToFileTime
lstrcmpiW
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
LoadLibraryExW
GetModuleHandleExW
WriteConsoleW
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
FreeLibraryAndExitThread
GetCommandLineA
HeapReAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FlushFileBuffers
HeapSize
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEndOfFile
ResetEvent
ExitThread
TerminateThread
RaiseException
Process32NextW
OpenProcess
GetCurrentProcess
TlsAlloc
TerminateProcess
VirtualProtect
InterlockedCompareExchange
DecodePointer
GetNativeSystemInfo
WaitForMultipleObjects
MoveFileW
SizeofResource
FreeResource
GetSystemDefaultLCID
SetEnvironmentVariableW
GetEnvironmentVariableW
LoadLibraryA
GetCommandLineW
FindResourceW
LoadResource
LockResource
MulDiv
SetLastError
PeekNamedPipe
GetStartupInfoW
WinExec
VirtualAlloc
lstrcpynW
InterlockedIncrement
OutputDebugStringW
GetModuleFileNameW
InterlockedDecrement
ReadFile
GetCurrentThreadId
GetFullPathNameW
lstrcpyW
GetDriveTypeW
GetLogicalDriveStringsW
CreateFileMappingW
CreateFileW
GetTempFileNameW
InitializeCriticalSectionAndSpinCount
CopyFileW
FindNextFileW
FindClose
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
GetUserDefaultLangID
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
UnmapViewOfFile
OpenEventW
MapViewOfFile
OpenFileMappingW
WaitForSingleObject
SetEvent
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
CreateMutexW
Sleep
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
lstrlenW
VirtualQuery

user32

DispatchMessageW
IsWindowVisible
IsIconic
ShowWindow
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
InsertMenuW
TrackPopupMenuEx
SetLayeredWindowAttributes
IsRectEmpty
MonitorFromRect
GetMenu
AdjustWindowRectEx
TranslateMessage
GetWindowThreadProcessId
GetForegroundWindow
ReleaseDC
GetSysColor
GetDC
PostThreadMessageW
PeekMessageW
wsprintfW
LoadBitmapW
IntersectRect
SetMenuItemInfoW
DeleteMenu
GetMenuItemCount
GetMenuStringW
MessageBoxW
SendMessageW
AttachThreadInput
SetWindowPos
SetForegroundWindow
GetSystemMetrics
IsWindow
GetWindowRect
MoveWindow
GetClassNameW
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
DrawTextA
wsprintfA
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
ShowCaret
HideCaret
GetWindowRgn
UpdateLayeredWindow
CharPrevW
GetCaretPos
GetWindowTextLengthW
EqualRect
CopyRect
UnionRect
SetCaretPos
GetCaretBlinkTime
CreateCaret
GetUpdateRect
GetPropW
SetPropW
RegisterClassW
EnumChildWindows
FindWindowW
GetWindowPlacement
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
SetClipboardData
InflateRect
GetFocus
CloseClipboard
GetClipboardData
GetWindow
GetAsyncKeyState
GetCursorPos
WindowFromPoint
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
LoadImageW
IsWindowEnabled
CharNextW
SetWindowRgn
MonitorFromWindow
GetMonitorInfoW
DrawIconEx
GetIconInfo
GetActiveWindow
IsZoomed
RedrawWindow
EnableWindow
AppendMenuW
ModifyMenuW
RemoveMenu
GetSubMenu
LoadMenuW
PostQuitMessage
GetParent
SetParent
DestroyIcon
FindWindowExW
PostMessageW
SetWindowTextW
GetClientRect
CloseWindow
GetAncestor
RegisterShellHookWindow
RegisterWindowMessageW
GetMessageW
GetClassInfoExW
RegisterClassExW
LoadStringW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
GetWindowTextW
GetKeyState
CreateWindowExW
SetRect
DrawTextW
DrawEdge
InvalidateRect
GetWindowDC
OffsetRect
MapWindowPoints
SystemParametersInfoW
SetRectEmpty
LoadCursorW
EndPaint
BeginPaint
SetCursor
SetCapture
UpdateWindow
SetCursorPos
ReleaseCapture
SetFocus
GetCapture
PtInRect
ScreenToClient
GetMessagePos
CallWindowProcW
CreateDialogParamW
DefWindowProcW
FillRect
SetActiveWindow
UnregisterClassW
DestroyWindow
LoadIconW
ClientToScreen

gdi32

DeleteObject
GetTextExtentPointW
BitBlt
SaveDC
CreateDIBSection
StretchBlt
CreateDIBitmap
PlayEnhMetaFile
GetClipBox
CreateRectRgnIndirect
GetBitmapBits
GetTextExtentPointA
PtInRegion
GdiFlush
GetObjectA
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
RemoveFontMemResourceEx
AddFontMemResourceEx
GetDeviceCaps
GetTextMetricsW
CreateRectRgn
TextOutW
GetTextExtentPoint32W
SetBitmapBits
SelectClipRgn
GetCharABCWidthsW
SetBkColor
SetStretchBltMode
RestoreDC
CreatePenIndirect
ExtSelectClipRgn
CombineRgn
RoundRect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateRoundRectRgn
SetWindowOrgEx
OffsetWindowOrgEx
CreateFontIndirectW
GetStockObject
SetTextColor
SetBkMode
CreatePen
MoveToEx
LineTo
PatBlt
SelectObject
CreateBitmap
CreatePatternBrush
DeleteDC
CreateSolidBrush
SetDIBits
GetDIBits
GetObjectW

comdlg32

GetOpenFileNameW

advapi32

RegDeleteValueW
RegFlushKey
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
QueryServiceStatus
OpenServiceW
CloseServiceHandle
SetSecurityInfo
OpenSCManagerW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptAcquireContextW
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyW
RegQueryValueW
CryptGenRandom

shell32

ord155
SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
DragQueryFileW
SHFileOperationW
SHGetPathFromIDListW
ord152
DragAcceptFiles
SHCreateItemFromParsingName
SHGetKnownFolderIDList
SHCreateItemFromIDList
SHGetDesktopFolder
ord25
SHGetSpecialFolderLocation
SHGetMalloc
CommandLineToArgvW
SHBrowseForFolderW
ord727
ExtractIconExW
ord6
ShellExecuteA
DragFinish
Shell_NotifyIconW

ole32

OleInitialize
OleDuplicateData
CoCreateInstance
OleUninitialize
PropVariantClear
CoTaskMemFree
CoInitialize
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
OleLockRunning
CLSIDFromProgID
CreateStreamOnHGlobal
RevokeDragDrop
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CLSIDFromString
DoDragDrop

oleaut32

SysFreeString
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayDestroy
SysAllocString

shlwapi

SHStrDupW
PathFileExistsW
StrStrIW
PathCombineW
PathRemoveFileSpecA
PathRenameExtensionA
PathStripPathA
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW

comctl32

ImageList_Destroy
ImageList_GetImageCount
_TrackMouseEvent
ord17
ImageList_LoadImageW
InitCommonControlsEx

msimg32

GradientFill

gdiplus

GdipAlloc
GdipCloneBrush
GdipFillRectangleI
GdipGetImageEncodersSize
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipFree
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipGetImageEncoders
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
GdipSaveGraphics
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipRestoreGraphics
GdipCreateBitmapFromHICON
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageHeight
GdipGetImageWidth
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipImageGetFrameCount
GdipCreateFromHDC

ws2_32

ntohs
htons
getsockopt
getsockname
getpeername
connect
setsockopt
WSAGetLastError
send
recv
closesocket
sendto
ntohl
socket
WSASetLastError
recvfrom
WSAIoctl
accept
htonl
listen
ioctlsocket
WSAStartup
gethostbyname
WSACleanup
gethostname
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
bind

dwmapi

DwmEnableBlurBehindWindow

uxtheme

SetWindowTheme

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertOpenStore
CertEnumCertificatesInStore
CryptStringToBinaryW
CryptQueryObject
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertFindExtension
CertCloseStore
CryptDecodeObjectEx

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmDisableIME

wldap32

ord46
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord208
ord73
ord216
ord14
ord219
ord145
ord41

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8809cda8e1e27e5430db40cde5e34c3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

ws2_32

dwmapi

uxtheme

version

crypt32

imm32

wldap32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 587KB - Virtual size: 586KB

.data Size: 24KB - Virtual size: 41KB

.didat Size: 512B - Virtual size: 160B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: 11KB - Virtual size: 11KB

.reloc Size: 152KB - Virtual size: 151KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 587KB - Virtual size: 586KB

.data
Size: 24KB - Virtual size: 41KB

.didat
Size: 512B - Virtual size: 160B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: 11KB - Virtual size: 11KB

.reloc
Size: 152KB - Virtual size: 151KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB