5fcd771f80205531d76419444d6e474bc0bbe3da2216120e20c9da481ca626db

Sharing

Copy URL Twitter E-mail

General

Target

5fcd771f80205531d76419444d6e474bc0bbe3da2216120e20c9da481ca626db
Size

1.3MB
MD5

25e632df9990d167fd45b59d5d5582ed
SHA1

ef9e241236530d3af0c924fb138fbf648a83d9d7
SHA256

5fcd771f80205531d76419444d6e474bc0bbe3da2216120e20c9da481ca626db
SHA512

966f01b1d97ffb701d91c1344d90d4032b8f084ae7cfd6a71db4791741b2a88b1cf835957cc14242d617aa63d94f1631bcbd603cd3cfb784ad42381241f45410
SSDEEP

24576:te1yaKZkL7Dg6oE0BQ8IttTfzF0Bf9pM6xvSg9FhcEVqdpRJJJCEwV:Ky8H0BQ8d9nMRJJJfwV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fcd771f80205531d76419444d6e474bc0bbe3da2216120e20c9da481ca626db

Files

5fcd771f80205531d76419444d6e474bc0bbe3da2216120e20c9da481ca626db
.exe windows:6 windows x86 arch:x86

4a793c61868dbac69852f650465ce833

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_work\pctrans\PCTrans_Output\Release\PCTAppCore.pdb

Imports

kernel32

DeviceIoControl
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
ExpandEnvironmentStringsW
CreateMutexW
ReleaseMutex
GetPrivateProfileIntW
LocalFree
GetModuleFileNameW
CreateProcessW
GetCurrentProcessId
CreateEventW
SetUnhandledExceptionFilter
GetCommandLineW
SuspendThread
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetComputerNameW
GetComputerNameA
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesA
DeleteFileA
CreateFileW
FileTimeToSystemTime
OutputDebugStringW
GetLongPathNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemInfo
SetEvent
LoadLibraryW
GetNativeSystemInfo
GetVersionExW
GetWindowsDirectoryW
GetFileAttributesExW
LoadLibraryA
GetProcAddress
GetEnvironmentVariableW
ExitProcess
Sleep
OpenEventW
CopyFileW
CreateDirectoryW
GetSystemDirectoryW
GetTempPathW
RemoveDirectoryW
FindClose
WaitForSingleObject
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
FindNextFileW
DeleteFileW
FindFirstFileW
GetTickCount
GetCurrentProcess
EnterCriticalSection
InitializeCriticalSection
FreeLibrary
GetLastError
CloseHandle
GetFileAttributesW

user32

IsWindowEnabled
DestroyIcon
GetDlgItem
wsprintfW
FindWindowW
GetIconInfo
CloseDesktop
CreateDesktopW
PostMessageW

shell32

SHGetFileInfoW
ExtractIconExW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CoTaskMemFree

eulogpct

dbgPut

shlwapi

ord487

systeminfo

GetFileIO

msvcp140

?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?eof@ios_base@std@@QBE_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ

netapi32

NetLocalGroupGetMembers
NetApiBufferFree
NetLocalGroupEnum

vcruntime140

_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
wcsrchr
wcschr
wcsstr
strchr
memcmp
__RTDynamicCast
strstr
memchr
__std_type_info_compare
__current_exception
__current_exception_context
_except_handler4_common
strrchr

api-ms-win-crt-runtime-l1-1-0

_set_invalid_parameter_handler
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_c_exit
_controlfp_s
terminate
_initialize_wide_environment
_cexit
_get_initial_wide_environment
_register_onexit_function
_set_app_type
_crt_atexit
_seh_filter_exe
_initterm
_initterm_e
exit
__p___wargv
__p___argc
_endthreadex
_beginthreadex
_invalid_parameter_noinfo_noreturn
_exit
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
fclose
fwrite
__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vswscanf
_wfopen_s
fread
_fseeki64
feof
_wfopen
__p__commode
_set_fmode
ungetc
setvbuf
fsetpos
fputc
fgetpos
fgetc
fflush
_get_stream_buffer_pointers
__stdio_common_vfwprintf
__acrt_iob_func
fseek
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
fopen
fgets
ftell

api-ms-win-crt-string-l1-1-0

_stricmp
wcsncmp
towupper
toupper
wcsncpy_s
towlower
wcscpy_s
wcstok
_wcsnicmp
wcscat_s
_wcsicmp
strtok
iswdigit
_wcsupr_s
tolower
iswalpha
wcsncpy
wcsncat_s

api-ms-win-crt-convert-l1-1-0

_wtoi64
_wtol
wcstol
_wtoi
_itow

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_lock_file
_waccess
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

advapi32

LookupPrivilegeValueW
LookupAccountSidW
OpenProcessToken
AdjustTokenPrivileges
RegFlushKey
RegUnLoadKeyW
RegCloseKey
RegOpenKeyExW
RegLoadKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
LookupAccountNameW
GetUserNameW
LsaNtStatusToWinError
LsaEnumerateAccountRights
LsaEnumerateAccountsWithUserRight
LsaOpenPolicy
LsaClose
LsaFreeMemory
GetSecurityInfo
GetNamedSecurityInfoW
GetAce

appruntime

BuildLocalVcredist

msi

ord41
ord70
ord173
ord92
ord116
ord118
ord120
ord8
ord217
ord160
ord159
ord32
ord114

gdi32

GetDIBits
CreateCompatibleDC
DeleteObject
GetObjectW
DeleteDC

Sections

.text
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a793c61868dbac69852f650465ce833

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

eulogpct

shlwapi

systeminfo

msvcp140

netapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

appruntime

msi

gdi32

Sections

.text Size: 844KB - Virtual size: 844KB

.rdata Size: 393KB - Virtual size: 392KB

.data Size: 14KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 844KB - Virtual size: 844KB

.rdata
Size: 393KB - Virtual size: 392KB

.data
Size: 14KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 32KB - Virtual size: 31KB