2172ef7704c98d63605029ec5751c175cb237f8d93a63968e5119e770563de5b

Sharing

Copy URL

Twitter E-mail

General

Target

2172ef7704c98d63605029ec5751c175cb237f8d93a63968e5119e770563de5b
Size

763KB
MD5

e5730c04684962998d1a2543237c1b2a
SHA1

a6433aa2f30db7c26b307ea8e7a4790d5c42f869
SHA256

2172ef7704c98d63605029ec5751c175cb237f8d93a63968e5119e770563de5b
SHA512

a61b4574aad46a9f309dd4900139945047a5cae4d3c2f94272b863eac7324f9462649864cae93a19dc6ad0331a19fb11689ff893f8720b9a60dab753d402aa41
SSDEEP

12288:p+x5Sf+Z3GTLlqqfGRM3e2uzNMUdeN3lAcs:w5SGZ3kffGRM3buz1eNDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2172ef7704c98d63605029ec5751c175cb237f8d93a63968e5119e770563de5b

Files

2172ef7704c98d63605029ec5751c175cb237f8d93a63968e5119e770563de5b
.dll windows:5 windows x64 arch:x64

6a02060125781330793ec38f8af0868a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\clientbase\Release\clientbase64.pdb

Imports

kernel32

GetCurrentProcessId
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
GetModuleHandleA
TerminateProcess
OpenProcess
lstrcpyW
GetModuleFileNameW
MoveFileExW
lstrlenW
GetSystemDirectoryW
lstrcpynW
lstrcmpiW
GetLocalTime
GetFileAttributesW
GetVersionExW
CopyFileW
GetDiskFreeSpaceExW
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetLogicalDrives
GetDriveTypeW
ReleaseMutex
GetCurrentThreadId
CreateEventW
lstrcpynA
CreateMutexW
DeleteFileW
DisableThreadLibraryCalls
CreateFileW
ReadFile
SetFilePointer
lstrcmpA
CreateThread
ResetEvent
GetComputerNameExW
SetLastError
GetLastError
SetFileAttributesW
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
CancelIo
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
lstrcmpW
InitializeCriticalSection
GetDriveTypeA
IsBadReadPtr
SystemTimeToFileTime
CreateProcessW
VirtualQuery
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
GetWindowsDirectoryW
lstrcpyA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetTempPathW
GetExitCodeProcess
OutputDebugStringW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
SetEvent
GetComputerNameW
WaitForSingleObject
CloseHandle
lstrcmpiA
Sleep
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
lstrlenA

user32

GetForegroundWindow
FindWindowW
TranslateMessage
RegisterClassExW
LoadIconW
IsWindow
CreateWindowExW
DispatchMessageA
UpdateWindow
DefWindowProcW
LoadCursorW
PostQuitMessage
GetMessageW
MessageBoxW
LoadImageW
GetIconInfo
DestroyIcon
GetWindowThreadProcessId

gdi32

DeleteObject
GetObjectW

advapi32

RegEnumKeyExW
EnumServicesStatusExW
RegSetValueExW
GetUserNameW
FreeSid
RegEnumValueW
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
QueryServiceStatus
CloseServiceHandle
CreateProcessWithLogonW
DeleteService
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
LookupAccountSidW
GetTokenInformation
OpenProcessToken
ControlService
RevertToSelf
ImpersonateLoggedOnUser
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
SetSecurityDescriptorDacl

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ord165
ExtractIconExW
SHGetFileInfoW
ord727

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses
IcmpSendEcho2
IcmpCreateFile
IcmpCloseHandle

gdiplus

GdipFree
GdipGetImageHeight
GdipCreateBitmapFromHICON
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromScan0

wtsapi32

WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

SHDeleteValueA
wnsprintfW
StrStrIA
SHDeleteValueW
PathFileExistsW
StrStrA
PathAppendW
StrStrIW
StrStrW
PathFindFileNameW
StrCatW
StrCmpNIA
StrChrA
SHSetValueW
SHDeleteKeyW
SHGetValueW
StrChrW
SHSetValueA
PathRemoveFileSpecW
StrNCatW
SHGetValueA
StrCmpNIW
PathFindExtensionW
PathIsDirectoryW
wvnsprintfA
wnsprintfA
wvnsprintfW
PathRemoveBackslashW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

setsockopt
bind
WSAGetOverlappedResult
WSACreateEvent
WSAWaitForMultipleEvents
WSAGetLastError
htons
sendto
socket
inet_ntoa
ntohl
closesocket
WSASocketW
connect
WSAIoctl
recvfrom
getsockname
WSACloseEvent

psapi

GetProcessImageFileNameW

dnsapi

DnsFree
DnsQuery_A

ole32

CoInitializeEx
CoCreateGuid
CoInitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear

Exports

Exports

GetSoftwareArray
RtGetSoftwareJson
RtUnInstall
RunInstaller
TCT
TestProc

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a02060125781330793ec38f8af0868a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

iphlpapi

gdiplus

wtsapi32

userenv

shlwapi

version

ws2_32

psapi

dnsapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 40KB - Virtual size: 54KB

.pdata Size: 35KB - Virtual size: 34KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 40KB - Virtual size: 54KB

.pdata
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 3KB - Virtual size: 3KB