88dfccb79125e364aaf891f33438d47d426f7364b625f9dfceed6d29613815eb

Sharing

Copy URL Twitter E-mail

General

Target

88dfccb79125e364aaf891f33438d47d426f7364b625f9dfceed6d29613815eb
Size

427KB
MD5

337fcba0dd91c96eee3c8f73fd015b51
SHA1

3e7c64f2093a972a91e19b267232f031d6907d47
SHA256

88dfccb79125e364aaf891f33438d47d426f7364b625f9dfceed6d29613815eb
SHA512

7295dc181451b2b8768aeff82099a759ea0cc51270221d67c082fa3ac9f9913c0596332051adfa93d1489bd6d139154a16c86167ef384d498bc1b428f60dbff7
SSDEEP

6144:pe+yCGBDnHxrdYIGKSYtoHIKDYgJFDDIfoI+8lMcNCiCaUE/lQ3jZjSOj7uF9b5x:pe+yCGFxrCIGkwYgJFD3I+1cMB/YhJ77

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88dfccb79125e364aaf891f33438d47d426f7364b625f9dfceed6d29613815eb

Files

88dfccb79125e364aaf891f33438d47d426f7364b625f9dfceed6d29613815eb
.exe windows:5 windows x86 arch:x86

d37ee7b783aaa0662f89d10aeb67c9de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\svn\MC-120KGIX64\Components\deployment\PatsWrapper.pdb

Imports

kernel32

GetCurrentThread
GetThreadContext
lstrlenW
RaiseException
lstrcmpiW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
Sleep
LocalFree
GetTickCount
CreateEventW
ResetEvent
SetEvent
GetCommandLineW
CreateThread
GetLocalTime
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
FreeLibrary
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
lstrlenA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
TerminateThread
IsBadReadPtr
InterlockedCompareExchange
InterlockedExchange
FormatMessageW
LocalAlloc
QueryPerformanceCounter
OpenEventW
InterlockedIncrement
WaitForSingleObject
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcessId
DebugBreak
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
LoadLibraryA
GetProcAddress
VirtualQuery
GetModuleFileNameW
InterlockedDecrement
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlushInstructionCache
InitializeCriticalSection

user32

UnregisterClassA
PeekMessageW
MsgWaitForMultipleObjectsEx
SendMessageTimeoutW
PostMessageW
IsWindow
SendMessageW
SetTimer
CallWindowProcW
CreateWindowExW
GetWindowLongW
SetWindowLongW
DestroyWindow
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
CharNextW
MessageBoxW
LoadCursorW
GetClassInfoExW
RegisterClassExW
KillTimer

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExA

shell32

SHGetFileInfoW

ole32

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString
SysAllocStringByteLen
SysStringLen
SysStringByteLen
VarUI4FromStr
VariantCopy
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VariantChangeType
SysAllocStringLen
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCopy
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
SafeArrayRedim

atl90

ord68
ord67
ord49
ord20
ord17
ord64
ord61
ord23
ord30
ord31
ord58
ord56
ord44
ord43
ord32

msvcp90

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1locale@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??0locale@std@@QAE@PBDH@Z
?decimal_point@?$numpunct@_W@std@@QBE_WXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$numpunct@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z

msvcr90

??1bad_cast@std@@UAE@XZ
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CxxThrowException
__CxxFrameHandler3
abort
_beginthreadex
_mbscmp
strncpy_s
wcscmp
strcpy_s
wcscat_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
??3@YAXPAX@Z
memset
_recalloc
swprintf_s
_snwprintf
??_V@YAXPAX@Z
??2@YAPAXI@Z
_wsplitpath
_set_invalid_parameter_handler
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memcpy_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
??0exception@std@@QAE@XZ
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_fpreset
free
wcscpy_s
memcmp
wcsncpy_s
malloc
wcslen
atof
_resetstkoflw
_purecall
calloc
_vsnwprintf_s
_vsnprintf_s
??8type_info@@QBE_NABV0@@Z
floor
_localtime64_s
_mktime64
_controlfp_s
strlen
memcpy
??0bad_cast@std@@QAE@ABV01@@Z
wcsftime
??0bad_cast@std@@QAE@PBD@Z
atoi
_configthreadlocale

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d37ee7b783aaa0662f89d10aeb67c9de

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl90

msvcp90

msvcr90

version

Sections

.text Size: 243KB - Virtual size: 243KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 19KB - Virtual size: 21KB

.rsrc Size: 38KB - Virtual size: 37KB

.text
Size: 243KB - Virtual size: 243KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 19KB - Virtual size: 21KB

.rsrc
Size: 38KB - Virtual size: 37KB