b9c02c6130bca537286cef65e53dc0b86149cd05333983b1a1149ba7325050b6

Sharing

Copy URL Twitter E-mail

General

Target

b9c02c6130bca537286cef65e53dc0b86149cd05333983b1a1149ba7325050b6
Size

2.9MB
MD5

24de5cdd4279c550ed6971f9cf8f8c95
SHA1

1a93efa14c158442e62ce9395bfe25e0031daf8a
SHA256

b9c02c6130bca537286cef65e53dc0b86149cd05333983b1a1149ba7325050b6
SHA512

74f75c1d5aaa19b0b7e3263954fb95814842fa872c8249a13e3af28f61059453aab8b9e808a602b38a7dc6a2cb14e94a582bb3010331dc15c4c3c7312b8e375a
SSDEEP

49152:m5LoZlqNJWewxlqOJ8REJvPBJWaq2gRcGqdfAozdQBy1X2kHwldHwx/kl3QiD1Oc:m5LhVwxlzJ8RivPBs9ZcGqdnEOx/kl3f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9c02c6130bca537286cef65e53dc0b86149cd05333983b1a1149ba7325050b6

Files

b9c02c6130bca537286cef65e53dc0b86149cd05333983b1a1149ba7325050b6
.exe windows:6 windows x86 arch:x86

7a4d2ac3ba9b71ba28d98570c0c6f6c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\SDG\Build\ServiceDog_x86.pdb

Imports

kernel32

GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
ResumeThread
LoadLibraryA
lstrcmpiW
MoveFileW
GetStringTypeExW
FreeLibrary
GlobalFlags
lstrcmpW
EncodePointer
GetSystemDirectoryW
GlobalDeleteAtom
GlobalFindAtomW
GetCurrentThread
GetVersionExW
CompareStringA
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetPrivateProfileIntW
GetCurrentDirectoryW
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
GetDiskFreeSpaceW
GetTempFileNameW
ReplaceFileW
GetUserDefaultLCID
LocalLock
LocalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
CreateThread
ExitThread
GetFileSize
GetModuleHandleExW
HeapQueryInformation
GetCommandLineA
GetCommandLineW
GetSystemInfo
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
SetStdHandle
GetFileType
ExitProcess
GetStdHandle
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetStringTypeW
WriteConsoleW
SuspendThread
SetThreadPriority
SetEvent
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameW
GlobalGetAtomNameW
lstrcmpA
CompareStringW
GetCurrentProcessId
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
CreateSemaphoreW
WaitForMultipleObjects
CreateEventW
CreateMutexW
ReleaseMutex
ReleaseSemaphore
WideCharToMultiByte
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
SetLastError
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
FreeLibraryAndExitThread
GlobalAddAtomW
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32EnumProcessModulesEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
ReadProcessMemory
GetLocalTime
OpenProcess
CreateProcessW
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
QueryDosDeviceW
LoadLibraryExW
GetLogicalDriveStringsW

user32

DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
SendNotifyMessageW
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
DestroyCursor
GetDCEx
GetTabbedTextExtentW
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
EqualRect
AdjustWindowRectEx
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
IsRectEmpty
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IntersectRect
InflateRect
CopyRect
IsDialogMessageW
SetWindowLongW
ScrollWindowEx
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
IsWindow
GetScrollPos
SetScrollPos
SetFocus
RealChildWindowFromPoint
GetWindow
GetClassNameW
GetDesktopWindow
PtInRect
GetWindowRect
SetWindowTextW
GetFocus
GetDlgCtrlID
CharUpperW
DestroyIcon
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FillRect
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
MessageBoxW
IsWindowEnabled
EnableWindow
SendMessageW
UnhookWindowsHookEx
MsgWaitForMultipleObjectsEx
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
wsprintfW
GetThreadDesktop
GetUserObjectInformationW
PostThreadMessageW
UnregisterClassW
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetDialogBaseUnits
LoadImageW
InvalidateRect
TrackMouseEvent
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
IsIconic
SetRectEmpty
MapWindowPoints

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
GetFileSecurityW
SetFileSecurityW
RegSetValueW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
LogonUserW
CreateProcessAsUserW

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
PathFindFileNameW
StrFormatKBSizeW

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetThemePartSize
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
GetCurrentThemeName
DrawThemeParentBackground
DrawThemeText

iphlpapi

GetAdaptersInfo

gdiplus

GdipCreateFromHDC
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipDrawImageRectI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

oledlg

OleUIBusyW

gdi32

CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDCW
GetDeviceCaps
DeleteDC
BitBlt
CreateBitmap
CreateCompatibleDC
CreateDIBPatternBrushPt
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
ExtTextOutW
TextOutW
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
CreateDIBitmap
EnumFontFamiliesW
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
MoveToEx
GetObjectW
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateFontIndirectW
CopyMetaFileW
CreateDIBSection
GetTextFaceW
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
GetCurrentObject
CreateFontW
GetCharWidthW
StretchDIBits
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
PlayMetaFileRecord

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHAddToRecentDocs
SHGetFileInfoW
ExtractIconW
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHGetMalloc
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteExW
SHGetPathFromIDListW

ole32

OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
StgCreateDocfileOnILockBytes
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
CreateFileMoniker
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
StringFromCLSID
CreateILockBytesOnHGlobal
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleLockRunning
OleSetMenuDescriptor
PropVariantCopy
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoCreateGuid
CoUninitialize
CLSIDFromString
CoCreateInstance
CoDisconnectObject
StringFromGUID2
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
OleCreateMenuDescriptor
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
OleLoad

oleaut32

RegisterTypeLi
SysAllocStringLen
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
LoadRegTypeLi
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantClear
SysFreeString
VariantCopy
VariantChangeType
VarDateFromStr
VarCyFromStr
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
VariantInit
SysAllocString
SafeArrayGetLBound

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a4d2ac3ba9b71ba28d98570c0c6f6c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msimg32

shlwapi

uxtheme

iphlpapi

gdiplus

oleacc

imm32

winmm

oledlg

gdi32

winspool.drv

shell32

ole32

oleaut32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 537KB - Virtual size: 537KB

.data Size: 31KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 537KB - Virtual size: 537KB

.data
Size: 31KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 1KB