65097b9c5cc7c00d1f077fd6b873b186cd609018394f0404334e20a5ec3e65d6

Sharing

Copy URL

Twitter E-mail

General

Target

65097b9c5cc7c00d1f077fd6b873b186cd609018394f0404334e20a5ec3e65d6
Size

1.5MB
MD5

bb3e531fa675e6bf80f23fe79c11cd3c
SHA1

e76cd64ae56b37a455dcd6ae9f691256ed5d272c
SHA256

65097b9c5cc7c00d1f077fd6b873b186cd609018394f0404334e20a5ec3e65d6
SHA512

5a3e68a78d070a3c05c51db926aab2fbb3b6f2e82fa7d3881fd8591db97ea3ebeba85495c918d84bddab88bcea396326b4a72e515d09e551d242feffebcc0da2
SSDEEP

24576:ExpXH7rAjoHNT5PSBe/3cAyEI3QIVLgvLQzFgUAyW56YKU1oZ9NQgRH3H4:iBrzNT5P2cM53QIazQhlW5EvjNQgRXY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65097b9c5cc7c00d1f077fd6b873b186cd609018394f0404334e20a5ec3e65d6

Files

65097b9c5cc7c00d1f077fd6b873b186cd609018394f0404334e20a5ec3e65d6
.exe windows:5 windows x86 arch:x86

254818b287032c23ade052361fbc7a71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Installer\build\windows\vs2008\HIRECORDER\hilpds.pdb

Imports

winmm

timeKillEvent
timeGetTime
timeSetEvent

ws2_32

WSAStartup
send
recv
gethostbyname
closesocket
socket
htons
connect
getsockopt
setsockopt
select
ioctlsocket
__WSAFDIsSet
sendto
ntohs
ntohl
recvfrom
WSACleanup

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

iphlpapi

GetAdaptersInfo
GetNetworkParams

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipSetSmoothingMode
GdipImageGetFrameDimensionsList
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipGetFontStyle
GdipDeleteGraphics
GdipDeleteFont
GdipDrawPath
GdipSetPenMode
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipGetImageHeight
GdipAddPathRectangleI
GdipCloneBrush
GdipResetPath
GdipClosePathFigure
GdipFree
GdipDeleteBrush
GdipLoadImageFromStream
GdipSetStringFormatFlags
GdipImageGetFrameDimensionsCount
GdipFillPath
GdipCloneImage
GdipCreateStringFormat
GdipSetStringFormatTrimming
GdipCreatePath
GdipGetImageWidth
GdipCreatePen1
GdipDeleteStringFormat
GdipImageGetFrameCount
GdiplusShutdown
GdipLoadImageFromFile
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetFamily
GdipDeleteFontFamily
GdipAddPathArcI
GdipCreateSolidFill
GdipAlloc
GdipDisposeImage
GdipCreateFont
GdipAddPathString
GdipGetFontSize
GdipSetPageUnit
GdipDeletePath
GdipGetGenericFontFamilySansSerif
GdipGetPropertyItemSize
GdipCreateFromHDC
GdipDeletePen
GdipCreateFontFamilyFromName
GdiplusStartup
GdipDrawString

shlwapi

ord12

kernel32

GetOEMCP
GetACP
IsValidCodePage
GetConsoleCP
GetCurrentDirectoryA
VirtualAlloc
HeapSize
GetUserDefaultLCID
GetConsoleMode
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
HeapReAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
GetCurrentThreadId
ExitThread
HeapAlloc
HeapFree
ExitProcess
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedDecrement
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
lstrcpyW
TerminateThread
Sleep
GetModuleFileNameW
GetLastError
GetSystemDefaultLangID
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetSystemWindowsDirectoryW
CreateMutexW
CloseHandle
FreeResource
FindResourceW
LoadResource
GetModuleHandleW
SizeofResource
LockResource
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFullPathNameW
FindFirstFileW
FindVolumeClose
SetFilePointer
GetDriveTypeW
SetEndOfFile
CreateProcessW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
WriteFile
OpenProcess
WideCharToMultiByte
GetVersionExW
GetExitCodeProcess
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
TerminateProcess
ReadFile
CreateFileW
MultiByteToWideChar
GetStartupInfoW
GlobalFree
FindClose
Process32FirstW
RemoveDirectoryW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
GetFileTime
GetFileAttributesExW
ReleaseMutex
GetDiskFreeSpaceExW
FindFirstVolumeW
DeleteFileW
ResumeThread
SetFileAttributesW
GetProcessTimes
LocalAlloc
SetEnvironmentVariableA
LocalFree
DeviceIoControl
GetProcessHeap
CreateFileA
CompareStringA
CompareStringW
InterlockedIncrement
GetModuleHandleA

user32

GetClassLongW
ReleaseDC
GetDC
PtInRect
BeginPaint
SetForegroundWindow
UpdateLayeredWindow
EndPaint
UpdateWindow
IsWindow
SystemParametersInfoW
RegisterClassExW
SetPropW
LoadCursorW
wsprintfW
GetClassNameW
EnumWindows
TranslateMessage
SetWindowPos
ShowWindow
ReleaseCapture
SendMessageW
DefWindowProcW
DispatchMessageW
GetWindowTextW
InvalidateRect
SetWindowLongW
CreateWindowExW
SetWindowTextW
GetPropW
CallWindowProcW
LoadIconW
GetWindowLongW
SetFocus
MessageBoxW
GetWindowRect
GetMessageW
PostQuitMessage
PostMessageW
GetClassInfoExW
GetClientRect

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
CreateCompatibleBitmap
DeleteDC
BitBlt
GetDeviceCaps
CreateFontW
SetTextColor
CreateDIBSection
GetStockObject
SetBkColor

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW

winhttp

WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpGetProxyForUrl

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

254818b287032c23ade052361fbc7a71

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

ws2_32

setupapi

iphlpapi

version

gdiplus

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winhttp

Sections

.text Size: 423KB - Virtual size: 422KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 423KB - Virtual size: 422KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 28KB - Virtual size: 27KB