ba5a4245f08de7af8ad58f88bba4f790N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ba5a4245f08de7af8ad58f88bba4f790N.exe
Size

768KB
MD5

ba5a4245f08de7af8ad58f88bba4f790
SHA1

669235215ca67839788a338ff2a79d1812619050
SHA256

0bef7fa17e1b0e6b4492acee493251ec627a3ca69e040775cc224f48b654237b
SHA512

798fc5ff844f755659c8a561f12fd67ea92a9772d1ab6b5fb2b75c949e8de61b6cf48556d1f48c948adce37ee0c6930bfe91b6991e03962317469bfefa7c8bde
SSDEEP

12288:a/N3atALIGuaFqOivPU79sfjLvI7Wo3S9FYtHVBdmMVHyUyaPYBbFsPmAR:T3LvI7GG1BdmkSUvYB50mAR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba5a4245f08de7af8ad58f88bba4f790N.exe

Files

ba5a4245f08de7af8ad58f88bba4f790N.exe
.exe windows:5 windows x86 arch:x86

908887a953f05de23eb2bccd5746e9cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\Sharpdesk\Components\Composition\Composition___Win32_SDBuild_Release\Composition.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ltkrn14n

ord110

ltdis14n

ord132
ord122

sdfdoc

?GetPaperSize@CSharpNail@@QAEKXZ
?SetHeaderFooterInfo@CSharpNail@@QAEXKAAUSDHEADERFOOTERINFO@@@Z
?CreateBlankPage@CSharpDoc@@QAEJHH@Z
?OpenStorage@CSharpNail@@QAE_NPAPAUIStorage@@@Z
?SaveProperties@CSharpNail@@QAEJPAUIStorage@@@Z
?CreateSharpNail@CSharpDoc@@QAEPAVCSharpNail@@PAUIStorage@@HK@Z
?RemoveSharpNailAt@CSharpDoc@@QAEXH@Z
?MoveSharpNails@CSharpDoc@@QAEXHH@Z
?GetNailSize@CSharpNail@@QAEKXZ
?GetTrayNumber@CSharpNail@@QAEFXZ
?SetString@CSharpNailPorperties@@QAEXHPB_W@Z
?SetNailSelected@CSharpDoc@@QAEXHH@Z
?GetNailSelected@CSharpDoc@@QAEHH@Z
?ClearTrayNumberAssociatedWithNails@CSharpDoc@@QAEXXZ
?vszFontStorage@CSharpDoc@@2PB_WB
?IsHeaderEmpty@CSharpNail@@QAE_NXZ
?IsFooterEmpty@CSharpNail@@QAE_NXZ
?GetHeaderFooterInfo@CSharpNail@@QAEHKPAUSDHEADERFOOTERINFO@@@Z
?GetIndex@CSharpNail@@QAEJXZ
?GetImageMetafile@CSharpNail@@QAEPAUHENHMETAFILE__@@V?$CComPtr@UIStorage@@@ATL@@@Z
?UpdatePageColorInfo@CSharpDoc@@QAEXJJPAVCSharpNail@@PAUHENHMETAFILE__@@@Z
?DeleteEmf@CSharpNail@@QAEXXZ
?SetProperty@CDocumentProperties@@QAEXFPA_W@Z
?GetJobGUID@CSharpNail@@QAE?AU_GUID@@XZ
?IsBlankPage@CSharpNail@@QAE_NXZ
?NextJobId@CSharpDoc@@QAEKXZ
?SetTrayNumber@CSharpNail@@QAEXF@Z
?SavePDF@CSharpDoc@@QAEXPBDPAUIProgressNotify@@0@Z
?GetJobID@CSharpNail@@QAEKXZ
?AppendCopyOf@CSharpDoc@@QAEPAVCSharpNail@@PAV2@K@Z
?AddSharedEMFPage@CSharpDoc@@QAEJPAEPAUtagSPOOL_JOBINFO@@PAUHENHMETAFILE__@@@Z
?Convert@CSharpConverter@@SAJPAUIStorage@@0@Z
?AddFontFromStream@CSharpDoc@@QAEJXZ
?GetCount@CSharpDoc@@QAEHXZ
?GetNailJobID@CSharpDoc@@QAEKH@Z
?GetNailJobGUID@CSharpDoc@@QAE?AU_GUID@@H@Z
?GetDocumentProperties@CSharpDoc@@QAEPAVCDocumentProperties@@XZ
?GetProperty@CDocumentProperties@@QAEPA_WF@Z
?DrawEx@CSharpNail@@QAEXPAUHDC__@@JJJJKKKHH@Z
??1CSharpDoc@@QAE@XZ
?SaveNails@CSharpDoc@@QAE_NXZ
??0CSharpDoc@@QAE@PAUIStorage@@@Z
?GetSharpNail@CSharpDoc@@QAEPAVCSharpNail@@H@Z
?SetModified@CSharpNail@@QAEX_N@Z

mfc90

ord436
ord4679
ord1445
ord3670
ord5584
ord4645
ord4364
ord5279
ord5282
ord4786
ord4791
ord4788
ord4806
ord4808
ord4793
ord5195
ord4585
ord4576
ord4794
ord5199
ord4608
ord5209
ord4850
ord4851
ord2281
ord3998
ord5005
ord2144
ord1692
ord5997
ord2480
ord4248
ord3414
ord3056
ord3140
ord6333
ord5851
ord4222
ord2672
ord6682
ord6676
ord6811
ord4759
ord5600
ord1061
ord3726
ord2590
ord349
ord3555
ord3245
ord5403
ord621
ord3891
ord787
ord747
ord6940
ord585
ord529
ord5607
ord1444
ord5278
ord5281
ord5192
ord4798
ord4095
ord1441
ord4768
ord7283
ord7165
ord4010
ord4710
ord2356
ord6497
ord6180
ord1102
ord6179
ord2701
ord1588
ord6401
ord13105
ord8663
ord8846
ord8672
ord6469
ord1440
ord6077
ord333
ord2506
ord5499
ord5498
ord5205
ord5134
ord6228
ord5052
ord5479
ord3479
ord4437
ord9474
ord7243
ord7290
ord7027
ord7091
ord10595
ord9592
ord12979
ord13025
ord8619
ord7798
ord8406
ord8168
ord12451
ord7614
ord6048
ord4801
ord729
ord491
ord5808
ord4713
ord3413
ord1691
ord1868
ord4513
ord636
ord2141
ord1357
ord367
ord3390
ord748
ord664
ord2209
ord3351
ord405
ord2815
ord533
ord2232
ord1871
ord6072
ord534
ord6428
ord1855
ord2872
ord5307
ord6071
ord3052
ord2470
ord2431
ord6170
ord6330
ord3676
ord6464
ord6078
ord525
ord6554
ord4292
ord2825
ord6201
ord5828
ord1369
ord480
ord2197
ord4502
ord6646
ord6525
ord1424
ord1423
ord481
ord3436
ord6141
ord1016
ord3365
ord3612
ord3627
ord3568
ord2282
ord4498
ord2130
ord2591
ord1361
ord3237
ord3111
ord4596
ord5277
ord4581
ord4662
ord647
ord3789
ord942
ord766
ord775
ord5137
ord4618
ord5262
ord5286
ord5216
ord5493
ord5496
ord5494
ord5495
ord2057
ord1938
ord4013
ord6587
ord6365
ord4116
ord2857
ord6407
ord3376
ord5153
ord6740
ord5032
ord3324
ord3028
ord2896
ord5644
ord6241
ord3687
ord4963
ord611
ord3478
ord3277
ord4638
ord1668
ord2273
ord3477
ord3480
ord2274
ord4412
ord3641
ord1718
ord1783
ord3629
ord615
ord3487
ord4640
ord1670
ord2277
ord4496
ord1604
ord2103
ord5870
ord4030
ord3175
ord1043
ord2588
ord9464
ord9584
ord7280
ord503
ord7079
ord3217
ord6355
ord13266
ord9710
ord10461
ord1384
ord2369
ord5581
ord4330
ord1684
ord9904
ord2645
ord2646
ord3278
ord12353
ord978
ord6361
ord3222
ord6359
ord3221
ord11864
ord3224
ord4539
ord4716
ord5435
ord5432
ord2855
ord2079
ord2445
ord5339
ord4970
ord4719
ord5931
ord5317
ord3101
ord5259
ord11918
ord7530
ord11551
ord10435
ord739
ord4709
ord13104
ord8172
ord8356
ord7411
ord1368
ord2154
ord7078
ord12229
ord7788
ord9033
ord10422
ord10441
ord12282
ord899
ord1413
ord2133
ord11273
ord6095
ord10106
ord7406
ord7889
ord1884
ord795
ord593
ord3662
ord6002
ord4982
ord5660
ord1008
ord2448
ord3980
ord3567
ord2948
ord2954
ord5926
ord400
ord3636
ord9336
ord9456
ord9495
ord4956
ord10466
ord7134
ord6839
ord13264
ord9708
ord10450
ord9902
ord12339
ord11861
ord10203
ord12097
ord12095
ord8127
ord7526
ord11547
ord7519
ord8790
ord11922
ord10433
ord10789
ord11915
ord2146
ord4410
ord13101
ord12847
ord7908
ord8352
ord12882
ord10487
ord12220
ord10438
ord6253
ord3371
ord4161
ord6208
ord2757
ord11943
ord6019
ord10562
ord10417
ord1213
ord1184
ord1575
ord4146
ord7905
ord5067
ord12989
ord9457
ord12769
ord5315
ord12253
ord262
ord3978
ord3895
ord753
ord539
ord3105
ord3896
ord4014
ord547
ord4678
ord1643
ord5645
ord1711
ord2224
ord1409
ord549
ord756
ord1490
ord6557
ord4514
ord2649
ord4686
ord4996
ord5960
ord1207
ord1194
ord4115
ord1041
ord3158
ord6595
ord6092
ord6327
ord4252
ord499
ord3599
ord3227
ord3130
ord5811
ord4721
ord6770
ord3187
ord6769
ord579
ord4145
ord3953
ord3894
ord1710
ord1779
ord750
ord9432
ord3808
ord613
ord8820
ord6079
ord337
ord4529
ord3617
ord2048
ord6787
ord4384
ord3939
ord3764
ord4634
ord9367
ord6912
ord12648
ord12056
ord8580
ord8561
ord8558
ord8578
ord8590
ord8567
ord5924
ord8587
ord8572
ord8574
ord8576
ord8570
ord8584
ord8564
ord7364
ord7360
ord7356
ord10458
ord12269
ord13259
ord9803
ord9873
ord9833
ord9883
ord7720
ord8677
ord8699
ord7722
ord8355
ord8175
ord8539
ord13176
ord7540
ord12355
ord7938
ord10293
ord10261
ord13097
ord9030
ord9930
ord12581
ord10200
ord13060
ord7881
ord13210
ord12092
ord11695
ord7949
ord13308
ord7363

msvcr90

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_mbschr
_mbsupr
_mbsstr
memmove
_mbsspn
memcpy_s
wcscpy
wcslen
_purecall
exit
strtok
fopen
_configthreadlocale
fclose
_mbsbtype
sscanf
atof
_mbsinc
_XcptFilter
__RTDynamicCast
div
_itow
wcsncmp
memmove_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_recalloc
_access
_itoa
malloc
_resetstkoflw
memcmp
wcsncpy_s
memcpy
_mbslwr
_makepath
_mbsicmp
_splitpath
_mbscmp
free
_initterm_e
_initterm
_acmdln
fgets
_ismbblead
_strdup
_CxxThrowException
sprintf
_mbstok
atoi
_mbsrchr
strlen
strcpy
strcat
strtoul
strtol
_setmbcp
_exit
_cexit
__getmainargs
sprintf_s
_amsg_exit
wcstol
_mbsnbcpy
memset
strcmp
__CxxFrameHandler3

kernel32

GetUserDefaultLangID
CompareStringW
GetThreadLocale
EnterCriticalSection
LeaveCriticalSection
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CopyFileA
DeleteFileA
GetTimeFormatA
GetTempPathA
CreateEventA
SetThreadPriority
GetTempFileNameA
lstrcpyA
LocalFree
FormatMessageA
HeapAlloc
lstrcpynA
WideCharToMultiByte
lstrlenW
SetEvent
GetTickCount
MulDiv
GetModuleHandleA
SetLastError
GetProcessHeap
HeapFree
InitializeCriticalSection
MultiByteToWideChar
RaiseException
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
ResetEvent
CreateDirectoryA
RemoveDirectoryA
CreateFileA
GetFileAttributesA
SetCurrentDirectoryA
FindFirstFileA
SetFileAttributesA
GetModuleHandleW
WriteProfileStringA
MoveFileA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
lstrcatA
GetWindowsDirectoryA
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
FindNextFileA
GetLocalTime
SearchPathA
GetProfileIntA
GetProfileStringA
lstrcmpiA
GetCurrentThread
GetSystemInfo
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateProcessA
GetShortPathNameA
Sleep
CloseHandle
CreateMutexA
WaitForSingleObject
lstrlenA
GetLastError
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetCurrentThreadId
GetModuleFileNameA
LoadLibraryExA
GetLocaleInfoA
LoadLibraryA
GetVersionExA
FindClose
LoadLibraryW
GetProcAddress
FreeLibrary

user32

ReplyMessage
InSendMessage
wsprintfA
LoadStringA
SendNotifyMessageA
ReleaseDC
GetDC
ShowWindow
IsIconic
IsWindow
FindWindowExA
GetForegroundWindow
LoadCursorA
DefWindowProcA
GetClassNameA
WaitForInputIdle
PostMessageA
UpdateWindow
FindWindowA
GetLastActivePopup
LoadIconA
CharNextW
RegisterClipboardFormatA
SendMessageTimeoutA
SetScrollRange
SetFocus
SetParent
ScreenToClient
GetMessagePos
IsClipboardFormatAvailable
GetSysColor
SetCursor
GetCursorPos
DestroyWindow
InvalidateRect
IsChild
GetWindowRect
DrawMenuBar
SetForegroundWindow
IsMenu
GetMenu
OffsetRect
FillRect
SetRect
FrameRect
AppendMenuA
GetSubMenu
LoadMenuA
SetWindowLongA
IsWindowEnabled
GetDlgItem
GetAsyncKeyState
DispatchMessageA
TranslateMessage
PeekMessageA
SetDlgItemTextA
PostThreadMessageA
RegisterWindowMessageA
InsertMenuItemA
UnionRect
CreatePopupMenu
InsertMenuA
GetSystemMenu
RedrawWindow
EnumChildWindows
GetWindow
MapDialogRect
SetWindowPos
CheckMenuItem
IsWindowVisible
DrawFocusRect
CopyRect
IsRectEmpty
InflateRect
SetRectEmpty
MapWindowPoints
BringWindowToTop
CharLowerA
GetKeyboardLayout
GetActiveWindow
MessageBoxA
EnableWindow
GetParent
GetFocus
GetClientRect
SendMessageA
PtInRect
GetWindowLongA
EnableMenuItem
GetKeyState
UnregisterClassA

gdi32

LPtoDP
DPtoLP
CreateFontIndirectA
EndDoc
GetTextColor
EnumEnhMetaFile
PlayEnhMetaFileRecord
SetBrushOrgEx
SetStretchBltMode
GetBrushOrgEx
StretchDIBits
CreatePen
CreateSolidBrush
CreatePolygonRgn
Polygon
GetObjectA
GetTextExtentPoint32A
CreateCompatibleDC
ResetDCA
StartDocA
CreateDIBSection
SelectObject
GetDeviceCaps
DeleteObject
SelectPalette
RealizePalette
StretchBlt
DeleteDC
CreateRectRgn
CreateDCA
GetTextMetricsA
PatBlt
AddFontResourceA
RemoveFontResourceA
GetEnhMetaFileA
DeleteEnhMetaFile
CreateFontA
EnumFontFamiliesExA
StartPage
EndPage
GetStockObject
AbortDoc

comdlg32

ChooseFontA
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

winspool.drv

DeletePrinterDriverA
GetPrinterDriverDirectoryA
AddPrinterDriverA
AddPrinterA
GetPrintProcessorDirectoryA
AddPrintProcessorA
EnumPortsA
DeviceCapabilitiesA
SetJobA
DocumentPropertiesA
GetPrinterA
GetPrinterDataA
SetPrinterDataA
SetPrinterA
DeletePrinter
ClosePrinter
EnumPrintProcessorsA
DeletePrintProcessorA
OpenPrinterA
EnumJobsA

advapi32

OpenSCManagerA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
ControlService
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken

shell32

SHGetFolderPathA
ShellExecuteExA
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoA
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragQueryFileA
DragFinish

comctl32

ImageList_DrawEx

shlwapi

PathAppendA
PathFileExistsA

ole32

CoRevokeClassObject
StringFromGUID2
CoCreateGuid
CLSIDFromString
CoTaskMemFree
CreateBindCtx
CLSIDFromProgID
ReleaseStgMedium
ProgIDFromCLSID
StringFromCLSID
OleRun
CoGetMalloc
GetHGlobalFromStream
CreateStreamOnHGlobal
StgOpenStorage
StgCreateStorageEx
StgOpenStorageEx
CoInitialize
CoCreateInstance
CoUninitialize
CoRegisterClassObject

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
GetActiveObject
VariantInit
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
SysFreeString
GetErrorInfo
SetErrorInfo
CreateErrorInfo
UnRegisterTypeLi

atl90

ord23
ord61
ord68
ord56
ord49
ord64
ord17
ord20
ord30
ord32

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DOCOPY
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

908887a953f05de23eb2bccd5746e9cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ltkrn14n

ltdis14n

sdfdoc

mfc90

msvcr90

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

atl90

msvcp90

Sections

.text Size: 391KB - Virtual size: 391KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 5KB - Virtual size: 7KB

DOCOPY Size: 512B - Virtual size: 256B

.rsrc Size: 259KB - Virtual size: 260KB

.text
Size: 391KB - Virtual size: 391KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 5KB - Virtual size: 7KB

DOCOPY
Size: 512B - Virtual size: 256B

.rsrc
Size: 259KB - Virtual size: 260KB