b11bcf6ec645dd1c1227cc7ba1dd043a467a7640ef65fc2a2d6ccbf06766f5c8

Sharing

Copy URL Twitter E-mail

General

Target

b11bcf6ec645dd1c1227cc7ba1dd043a467a7640ef65fc2a2d6ccbf06766f5c8
Size

732KB
MD5

c2790e4dad17894bc73834a171352b37
SHA1

aff3202542d073262d481b2c046d83c6196878cb
SHA256

b11bcf6ec645dd1c1227cc7ba1dd043a467a7640ef65fc2a2d6ccbf06766f5c8
SHA512

bf44752a1ef646d3b3da038e5fd62a86189e7a558d2c697817670d623698430234945feba57c36f53fb7e6d60491e994323896b28f55760ae0d735fc4c365e9d
SSDEEP

12288:WF7ZBJhG6H0bj0iy1SQRTbPnnG3vTxmwlGwtQLUapQvJQKnt6eteoa3:WNG6odyEeG9mwleLUai36etel

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b11bcf6ec645dd1c1227cc7ba1dd043a467a7640ef65fc2a2d6ccbf06766f5c8

Files

b11bcf6ec645dd1c1227cc7ba1dd043a467a7640ef65fc2a2d6ccbf06766f5c8
.exe windows:5 windows x86 arch:x86

68bf3eebb0cff67583f4d109bcfa00da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\clientinfo\Release\clientstat.pdb

Imports

kernel32

FlushFileBuffers
SetStdHandle
WriteConsoleA
MulDiv
DosDateTimeToFileTime
GetConsoleMode
GetFileSize
GetConsoleOutputCP
CreateThread
LocalAlloc
GetConsoleCP
FreeResource
GetModuleHandleW
CloseHandle
CancelIo
CreateEventA
WaitForSingleObject
lstrlenA
LocalFree
lstrcmpiW
GetCommandLineW
lstrcatW
GetModuleFileNameW
lstrcpynW
Sleep
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
WideCharToMultiByte
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
lstrcmpA
FindFirstFileW
VirtualQuery
lstrcpynA
FindResourceW
LoadResource
SystemTimeToFileTime
GlobalSize
GlobalLock
SetEvent
InitializeCriticalSection
GlobalAlloc
LoadLibraryW
CopyFileW
SizeofResource
GetFileAttributesW
FileTimeToSystemTime
ReadFile
CreateFileW
lstrcmpW
lstrlenW
GlobalUnlock
GetCurrentDirectoryW
lstrcmpiA
GlobalFree
FindClose
GetLocalTime
LockResource
CreateEventW
Module32FirstW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
DeleteFileW
lstrcpyW
lstrcpyA
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
WriteConsoleW

user32

GetClassInfoExW
PostMessageW
LoadImageW
IsRectEmpty
GetCaretBlinkTime
GetCaretPos
InvalidateRect
IntersectRect
PtInRect
GetWindowTextLengthW
SetCursor
UnionRect
OffsetRect
wvsprintfW
MapWindowPoints
ReleaseCapture
GetActiveWindow
GetCursorPos
ReleaseDC
GetDC
GetUpdateRect
BeginPaint
TrackMouseEvent
GetFocus
GetKeyState
SetCapture
EndPaint
SetRect
CharPrevW
DrawTextW
FillRect
SetCaretPos
CreateCaret
GetSysColor
ShowCaret
HideCaret
ClientToScreen
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
SetWindowTextW
MessageBoxW
IsWindow
SetWindowPos
LoadIconW
GetClientRect
KillTimer
PostQuitMessage
MoveWindow
CallWindowProcW
GetWindowRect
ScreenToClient
SetTimer
GetPropW
EnableWindow
GetParent
DispatchMessageW
wsprintfW
MonitorFromWindow
RegisterClassW
GetMonitorInfoW
CharNextW
DialogBoxIndirectParamW
SetFocus
SendDlgItemMessageW
ShowWindow
SetDlgItemTextW
GetWindow
CallNextHookEx
PeekMessageW
GetDlgItem
SetWindowsHookExW
UnhookWindowsHookEx
CloseClipboard
IsIconic
SetPropW
GetWindowTextW
GetClassNameW
EmptyClipboard
EndDialog
GetDesktopWindow
EnumChildWindows
OpenClipboard
GetSystemMetrics
DefWindowProcW
UpdateWindow
CreateWindowExW
SetWindowLongW
IsWindowVisible
SendMessageW
SetClipboardData
DestroyWindow
GetMessageW
SetForegroundWindow
LoadCursorW
FindWindowW
TranslateMessage
IsDialogMessageW
RegisterClassExW
CreateDialogIndirectParamW
GetWindowLongW
SetClassLongW

shell32

SHGetSpecialFolderPathW
ord165
ShellExecuteW
CommandLineToArgvW

ole32

CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleLockRunning
GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
CoInitialize

wininet

InternetCrackUrlA

shlwapi

PathIsDirectoryW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrW
StrStrIW
wnsprintfW
wvnsprintfW
SHGetValueA
PathFindFileNameW
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
SHDeleteKeyW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
SHDeleteValueA
PathFileExistsA
SHCreateStreamOnFileW
StrCatBuffW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

WSAGetOverlappedResult
recv
WSAGetLastError
WSARecv
send
closesocket
WSAIoctl
WSACloseEvent
htons
setsockopt
bind
WSACreateEvent
WSAWaitForMultipleEvents
WSAStartup
inet_addr
WSASocketW
connect

dnsapi

DnsFree
DnsQuery_A

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertGetNameStringW
CryptMsgClose
CryptQueryObject

comctl32

ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

gdi32

SetBkColor
CreateSolidBrush
CreatePatternBrush
DeleteObject
SetBkMode
CreateCompatibleBitmap
Rectangle
SaveDC
GetObjectW
SetTextColor
RestoreDC
GetStockObject
GetDeviceCaps
MoveToEx
GetTextExtentPoint32W
LineTo
StretchBlt
CreateCompatibleDC
GdiFlush
SelectClipRgn
CreatePenIndirect
CreateRectRgnIndirect
CombineRgn
ExtTextOutW
GetCharABCWidthsW
SetStretchBltMode
CreateRoundRectRgn
GetClipBox
RoundRect
ExtSelectClipRgn
TextOutW
CreateDIBSection
GetObjectA
SetWindowOrgEx
BitBlt
GetTextMetricsW
DeleteDC
CreateFontIndirectW
SelectObject
CreatePen

comdlg32

GetOpenFileNameW

advapi32

RegCreateKeyExW
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

gdiplus

GdipCreateBitmapFromScan0
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipGetPropertyItemSize
GdiplusShutdown
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipGraphicsClear
GdipDrawImage
GdipSetSmoothingMode
GdipGetFamily
GdipDeleteFontFamily
GdipAlloc
GdipDisposeImage
GdipDrawString
GdipCreateFromHDC
GdipSetCompositingQuality
GdipCreateLineBrushI
GdipSetInterpolationMode
GdipCloneImage
GdipCreateStringFormat
GdipSetPixelOffsetMode
GdipDeleteStringFormat
GdipCreateFontFromDC
GdiplusStartup
GdipLoadImageFromStream
GdipGetImageHeight
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetImageWidth

Exports

Exports

B03800A9

Sections

.text
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68bf3eebb0cff67583f4d109bcfa00da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

wininet

shlwapi

version

ws2_32

dnsapi

imagehlp

crypt32

comctl32

imm32

gdi32

comdlg32

advapi32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 530KB - Virtual size: 529KB

.rdata Size: 109KB - Virtual size: 108KB

.data Size: 16KB - Virtual size: 45KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 530KB - Virtual size: 529KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 16KB - Virtual size: 45KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 39KB - Virtual size: 38KB