20039778af1b98478b1fef8b32695aea799d43c1889ba4f67d4f06b236f9158a

Sharing

Copy URL Twitter E-mail

General

Target

20039778af1b98478b1fef8b32695aea799d43c1889ba4f67d4f06b236f9158a
Size

448KB
MD5

2046250da391c6003e618dac73d01217
SHA1

c5b24fa6a7dd67110bacb951a8e962f1b77c0741
SHA256

20039778af1b98478b1fef8b32695aea799d43c1889ba4f67d4f06b236f9158a
SHA512

cc39f2fb0b015142c467190111d7cf04ebc0eba5bb9bb387cdf427207d12a87d58dce2f279e474a4bd07fd1c02b0515b22b6f3e31fafbeda3a3593e27593db25
SSDEEP

12288:7/trx5ICIRYg9mZSsoJqy/ZSFOrEDCFzMCrulKW:71VyVZ/w2LYKW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20039778af1b98478b1fef8b32695aea799d43c1889ba4f67d4f06b236f9158a

Files

20039778af1b98478b1fef8b32695aea799d43c1889ba4f67d4f06b236f9158a
.exe windows:4 windows x86 arch:x86

2dc6fa666feaa81fcce9acffdac8e557

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Dvlp\Vs7.2003\Client\Hb4.0\4.7.7.0\HbSrv\ReleaseMinDependency\HbSrv.pdb

Imports

kernel32

FlushInstructionCache
GetCurrentProcess
HeapAlloc
lstrcmpA
ReleaseMutex
CreateMutexA
GetCurrentProcessId
CompareFileTime
GetFileTime
OpenFile
GetTickCount
ResetEvent
FileTimeToSystemTime
GetFileSize
CreateFileA
MoveFileA
DeleteFileA
GetProcAddress
LoadLibraryA
GetSystemTime
FindClose
FindNextFileA
FindFirstFileA
UnmapViewOfFile
ReleaseSemaphore
GetCurrentThread
CreateSemaphoreA
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
OutputDebugStringA
WriteFile
SetFilePointer
SetFileTime
GetExitCodeThread
ResumeThread
SetThreadPriority
TerminateThread
MulDiv
ReadFile
CreateProcessA
RemoveDirectoryA
GetSystemDefaultLangID
GetLocalTime
SetEndOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
HeapSize
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoA
HeapReAlloc
RtlUnwind
LeaveCriticalSection
GetSystemInfo
VirtualAlloc
VirtualProtect
LocalFree
EnterCriticalSection
GetCommandLineA
GetCurrentThreadId
Sleep
CreateThread
CreateEventA
WaitForMultipleObjects
WaitForSingleObject
CloseHandle
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
InterlockedIncrement
FormatMessageA
LocalAlloc
SetEvent
lstrcmpiA
lstrlenA
GetProcessHeap
HeapFree
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateDirectoryA

user32

RemoveMenu
CharNextA
UnregisterClassA
wsprintfA
DefWindowProcA
SetWindowLongA
GetWindowLongA
CallWindowProcA
PostThreadMessageA
DispatchMessageA
GetMessageA
LoadImageA
LoadStringA
PeekMessageA
GetClassInfoExA
LoadCursorA
TranslateMessage
EnumWindows
EnumChildWindows
SendMessageA
PostMessageA
GetDesktopWindow
GetWindowRect
TrackPopupMenuEx
InsertMenuItemA
CreatePopupMenu
IsMenu
GetClassNameA
DestroyMenu
FillRect
KillTimer
SetTimer
GetCursorPos
WindowFromPoint
ClientToScreen
GetDC
ReleaseDC
SetWindowPos
GetWindowRgn
SetWindowRgn
GetSysColor
ShowWindow
EndPaint
BeginPaint
GetClientRect
IsWindow
CreateWindowExA
RegisterClassExA
DestroyWindow

gdi32

CreateCompatibleBitmap
SetBkMode
CreatePen
MoveToEx
LineTo
CreateCompatibleDC
BitBlt
DeleteDC
GetTextExtentPoint32A
CreateRoundRectRgn
CombineRgn
CreateSolidBrush
CreateRectRgn
FillRgn
FrameRgn
SetTextColor
SetBkColor
CreateFontIndirectA
SelectObject
TextOutA
DeleteObject
GetObjectA
TextOutW
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
StretchBlt
CreateBitmap
CreatePolygonRgn
SetStretchBltMode

advapi32

RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoRegisterClassObject
StringFromGUID2
CoUninitialize
CoInitialize
OleRun
StringFromCLSID
CoCreateGuid
CoRevokeClassObject
CoCreateInstance

oleaut32

SafeArrayCreate
SafeArrayCopy
SafeArrayDestroy
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysAllocStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetUBound
VariantCopy
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
VarUI4FromStr
SysStringByteLen

shlwapi

StrRChrA
StrToIntA
PathFindExtensionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dc6fa666feaa81fcce9acffdac8e557

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

version

Sections

.text Size: 328KB - Virtual size: 324KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 328KB - Virtual size: 324KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 8KB