ea03b68886330b6163967e0ae55957d83972ef046e66e4726a0c36cd34265f1a

Sharing

Copy URL Twitter E-mail

General

Target

ea03b68886330b6163967e0ae55957d83972ef046e66e4726a0c36cd34265f1a
Size

494KB
MD5

d9e63d57a6c53288390bdb19b3271122
SHA1

263ffe776381426adb3ee6e9461305cec6775bd9
SHA256

ea03b68886330b6163967e0ae55957d83972ef046e66e4726a0c36cd34265f1a
SHA512

10494a582456b9b41d4a971a5729420a91a8d0fe3ac56a80f034cde36e9192dc162fdd97c71de04aabdb95cc51be68756bcb8e13f4b70499da745e40df14282c
SSDEEP

12288:J9GbhUC1+8HQgAlTpaTmknxjpiMZH9pas4HqVoAQ801INc:xdWjpdtiqVoAQ80CN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea03b68886330b6163967e0ae55957d83972ef046e66e4726a0c36cd34265f1a

Files

ea03b68886330b6163967e0ae55957d83972ef046e66e4726a0c36cd34265f1a
.dll windows:5 windows x86 arch:x86

172591ff27d492901f16117b0b5e5231

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\rtinfo\Release\rtinfo32.pdb

Imports

kernel32

GetVolumeInformationW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetTickCount
LoadLibraryW
GetSystemTimes
GetLogicalDrives
GetDriveTypeW
LocalFree
GetModuleHandleA
GetProcAddress
lstrlenW
GetModuleFileNameW
GetSystemDirectoryW
GetModuleHandleW
GetFileAttributesW
lstrcmpiW
GetVersionExW
lstrlenA
CreateThread
CreateIoCompletionPort
WaitForMultipleObjects
GetSystemInfo
CreateEventW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
DeleteFileW
CloseHandle
lstrcatW
OpenEventA
DisableThreadLibraryCalls
ExpandEnvironmentStringsW
GetLongPathNameW
lstrcmpW
GlobalMemoryStatusEx
OpenProcess
lstrcpynW
GetProcessTimes
SetLastError
GetLastError
GetTempPathW
SetComputerNameExW
CreateFileW
ReadFile
Sleep
OutputDebugStringW
SetEvent
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrcpyA
SetFileAttributesW
lstrcpyW
GetCurrentProcessId
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
CreateFileMappingW
ProcessIdToSessionId
Process32FirstW
LoadLibraryA
GetLocalTime
FindClose
WaitForSingleObject
GetCurrentProcess
GetCurrentDirectoryW
GetFileSizeEx
MultiByteToWideChar
GetACP
TerminateProcess
FormatMessageW
CopyFileW
SetFilePointer
lstrcmpA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
DeleteCriticalSection
GetTempFileNameW
CreateFileA
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
lstrcpynA
SetEndOfFile
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
WriteFile
GetDriveTypeA
WideCharToMultiByte

user32

BlockInput
ExitWindowsEx
DestroyIcon
GetIconInfo

gdi32

GetObjectW
DeleteObject

advapi32

AllocateAndInitializeSid
RegCloseKey
RegEnumKeyExW
ControlService
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
RegCreateKeyExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetTokenInformation
SetSecurityDescriptorDacl
StartServiceW
DuplicateTokenEx
QueryServiceStatus
SetFileSecurityW
RegSetValueExW
SetEntriesInAclW
RegEnumValueW
FreeSid
QueryServiceConfigW
EnumServicesStatusW
QueryServiceConfig2W
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidW
LookupAccountNameW
AdjustTokenPrivileges

shell32

ord165
CommandLineToArgvW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFileInfoW
ord727

ole32

CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
VariantChangeType
SysFreeString

iphlpapi

GetAdaptersInfo
GetExtendedTcpTable
GetExtendedUdpTable

ws2_32

inet_ntoa
WSAStartup
inet_addr
WSASocketW
htons
WSARecvFrom
setsockopt
bind
closesocket
ioctlsocket
ntohs

shlwapi

PathIsDirectoryW
SHDeleteValueW
PathFileExistsW
PathAppendW
PathFindExtensionW
SHDeleteKeyA
PathFindFileNameW
StrCatW
wvnsprintfA
StrCmpNIA
wnsprintfA
StrChrA
SHSetValueW
StrCmpNIW
wnsprintfW
SHGetValueW
StrChrW
PathAddBackslashW
PathRemoveFileSpecW
StrNCatW
StrStrW
SHGetValueA
wvnsprintfW
StrStrIW

gdiplus

GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipSaveImageToFile
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipFree

netapi32

NetShareDel
NetShareEnum
NetUserEnum
NetApiBufferFree
NetUserGetInfo
NetLocalGroupAddMembers
NetUserDel
NetUserSetInfo
NetUserAdd

setupapi

SetupDiGetDeviceInfoListDetailW
SetupDiSetClassInstallParamsW
SetupDiDestroyClassImageList
SetupDiClassNameFromGuidExW
SetupDiGetClassImageList
SetupDiBuildClassInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiLoadClassIcon
SetupDiCallClassInstaller
SetupDiGetClassImageIndex
SetupDiGetClassDevsExW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionExW
SetupDiOpenDeviceInfoW
SetupDiClassGuidsFromNameExW
SetupDiGetDeviceInstallParamsW
CM_Get_DevNode_Status_Ex

comctl32

ImageList_GetIcon

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSEnumerateProcessesW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

Exports

Exports

GetDeviceInUserSession
TestAutoRun
TestDevice
TestTask

Sections

.text
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

172591ff27d492901f16117b0b5e5231

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

shlwapi

gdiplus

netapi32

setupapi

comctl32

wtsapi32

version

userenv

psapi

Exports

Exports

Sections

.text Size: 377KB - Virtual size: 377KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 11KB - Virtual size: 21KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 377KB - Virtual size: 377KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 11KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB