urltest[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

urltest.exe
Size

275KB
MD5

63f283a039c8ea6dedc5796673c10b8e
SHA1

49d9fc25efd0428a406b36bffb67ad65f3d78ba2
SHA256

a85fa5709de970d5ab8b197092d856ea4822cc7d0ece1fb3b95d71dc11f61f5e
SHA512

67a8ade8f08742f0c978312f97108d496eb41e5e5c31a41b7c784398b324280861337a283eeede2a2c15468f1be9ea3373d90dba31c63a5ece1129a974c554dc
SSDEEP

6144:oCFGk/WpBJ6uGu+KIxm8ObI27DOSTBvFMJSfVMY:oCRIHBG0q9OM2iSTsY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
urltest.exe

Files

urltest.exe
.exe windows:4 windows x86 arch:x86

e8c130309950281b96598d23b5d6d92e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Code\urlsoft\trunk\product\win32\urltest4.pdb

Imports

gdiplus

GdipAlloc
GdipDisposeImage
GdipSaveImageToFile
GdipFree
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCloneImage

kernel32

MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessW
GetCurrentProcessId
MoveFileW
DeleteFileW
GetModuleFileNameW
CompareStringW
lstrcmpW
MulDiv
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalFree
Sleep
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
TlsAlloc
TlsGetValue
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
GetModuleHandleA
RtlUnwind
GetThreadLocale
WritePrivateProfileStringW
GetACP
InterlockedExchange
GetVersionExA
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
TlsFree
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
OpenProcess
WaitForSingleObject
CreateFileW
ReadFile
CloseHandle
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
FlushFileBuffers
WriteFile
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
SetLastError
GetCurrentThreadId
GetCurrentProcess
TlsSetValue
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CreateFileA
GetLocaleInfoA

user32

CreateAcceleratorTableW
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
GetWindowRect
IsChild
RedrawWindow
InvalidateRgn
ClientToScreen
OffsetRect
GetCapture
ReleaseCapture
ReleaseDC
GetDC
EnableWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadAcceleratorsW
LoadMenuW
LoadStringW
KillTimer
GetDlgItemTextW
FindWindowExW
GetWindowDC
CreateDialogParamW
MapWindowPoints
IsDialogMessageW
TranslateAcceleratorW
PostQuitMessage
LoadStringA
DestroyMenu
CreatePopupMenu
AppendMenuW
UnregisterClassA
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
GetMonitorInfoW
MonitorFromPoint
MessageBeep
TrackPopupMenuEx
GetClassNameW
EndPaint
BeginPaint
GetFocus
GetCursorPos
SetCursor
DrawFocusRect
FillRect
DrawTextW
PtInRect
SetWindowPos
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
GetSysColor
SetRectEmpty
PostMessageW
GetDlgItem
SetDlgItemTextW
RegisterWindowMessageW
DestroyWindow
LoadImageW
GetWindowTextLengthW
GetWindowTextW
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
LoadIconW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
GetClientRect
MoveWindow
CallWindowProcW
MessageBoxW
GetParent
SetWindowTextW
GetWindowLongW
SetWindowLongW
DefWindowProcW
SetTimer

gdi32

CreateDIBSection
Rectangle
SetROP2
CreateFontIndirectW
GetStockObject
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
DeleteDC
SelectObject
GetObjectW
SetTextColor
SetBkMode
CreatePen
CreateCompatibleDC
DeleteObject

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

VariantCopy
SysStringLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
SafeArrayCreate
SafeArrayCopy
SafeArrayGetVartype
VariantChangeType
SysAllocStringByteLen
SysFreeString

shlwapi

StrCmpIW
StrStrIW
StrCmpNIW
SHGetValueW
PathFindFileNameW
StrCpyW
StrCpyNW
StrCatW
PathFileExistsW
SHSetValueW
PathAppendW

comctl32

_TrackMouseEvent
ImageList_Create
InitCommonControlsEx
CreateStatusWindowW

ws2_32

WSASocketW
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
WSASetLastError
GetAddrInfoW
FreeAddrInfoW

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8c130309950281b96598d23b5d6d92e

Headers

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

Sections

.text Size: 199KB - Virtual size: 199KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 7KB - Virtual size: 6KB