ba2d35cfd455dc5bbf871229f1460190N

Sharing

Copy URL Twitter E-mail

General

Target

ba2d35cfd455dc5bbf871229f1460190N
Size

1.0MB
MD5

ba2d35cfd455dc5bbf871229f1460190
SHA1

1a06d45a0e75d0690777c81165982cd6a6ea1243
SHA256

60833e1cb35234f5d3435c72518404fd1dc4e0f0aaeb31d1b453b2092f1d6a47
SHA512

38eb348d9e7e470b199601018b26751d4863707c795bccfeb96e9adaf6e64998b00f46d6557e13d48fbae2347c3568ad71356d0e769c944037eb87a6ccb1909f
SSDEEP

24576:piBWUdLV/LTlE4E6vDx0cpJrB1nVXLukpR:piBFdLVH640crrB1nVXLukpR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba2d35cfd455dc5bbf871229f1460190N

Files

ba2d35cfd455dc5bbf871229f1460190N
.dll windows:5 windows x86 arch:x86

fdadbd0105564c9bb6517ee0dd25e079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\build_pwm_lbg\bin\Win32\Release\netfx35\pwm_gui.pdb

Imports

user32

PeekMessageW
DispatchMessageW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
wsprintfW
MsgWaitForMultipleObjects

shlwapi

SHCopyKeyW
SHDeleteKeyW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

netapi32

NetQueryDisplayInformation
NetWkstaUserGetInfo
NetApiBufferFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptQueryObject
CryptMsgClose
CertCloseStore
CertFindCertificateInStore

wintrust

WinVerifyTrust

gdi32

DeleteDC
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
DeleteObject

kernel32

GetFileAttributesW
FindFirstFileW
GetCurrentThread
OpenProcess
HeapFree
Sleep
HeapAlloc
GetProcessHeap
GetComputerNameW
GetNativeSystemInfo
GetVersionExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
CreateMutexW
ReleaseMutex
WaitForSingleObject
ReadFile
GetFileSize
LoadLibraryExW
CreateThread
GetCurrentThreadId
GetVersion
GetFileType
GetStdHandle
SetFileAttributesW
DuplicateHandle
ResetEvent
LoadLibraryW
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
SetPriorityClass
TerminateProcess
GetCurrentProcess
GetExitCodeProcess
SetEnvironmentVariableW
GetEnvironmentVariableW
DeleteFileW
MoveFileExW
CreateDirectoryW
CreateFileW
WriteFile
SetFilePointer
CloseHandle
GetModuleHandleW
GetModuleFileNameW
GetLastError
SetLastError
FindNextFileW
FindClose
ExpandEnvironmentStringsW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
IsDebuggerPresent
GetPrivateProfileIntW
WritePrivateProfileSectionW
CreateEventW
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
LocalFree
InterlockedCompareExchange
SetEvent
CreateProcessW
InterlockedExchange

advapi32

GetSecurityDescriptorControl
RegisterEventSourceA
ReportEventA
LookupAccountNameW
IsValidSid
ConvertSidToStringSidW
GetTokenInformation
LookupAccountSidW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ImpersonateLoggedOnUser
GetUserNameW
ImpersonateSelf
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
CopySid
RevertToSelf
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
SetFileSecurityW
AllocateAndInitializeSid
SetNamedSecurityInfoW
FreeSid
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegQueryMultipleValuesW
RegRestoreKeyW
RegEnumValueW
RegEnumKeyExW
RegSaveKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetFolderPathW

msvcr90

__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxQueryExceptionSize
_cexit
__FrameUnwindFilter
__CxxUnregisterExceptionObject
__CxxDetectRethrow
_crt_debugger_hook
_except_handler4_common
rand
wprintf
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_purecall
__CxxFrameHandler3
??3@YAXPAX@Z
_errno
memcpy
_CxxThrowException
??2@YAPAXI@Z
wcsstr
_wtoi
wcsncpy
memset
wcsncmp
wcstombs
mbstowcs
_CIpow
_wtol
_wtof
_wctime64
_ftime64
_itow
strstr
?raw_name@type_info@@QBEPBDXZ
free
malloc
wcsrchr
_time64
_vsnprintf
vfprintf
__iob_func
abort
strcmp
realloc
qsort
isspace
isdigit
isalnum
memchr
memmove
isxdigit
_localtime64
getenv
fclose
ferror
fread
fwrite
fflush
fopen
_setmode
_fileno
ftell
feof
fseek
fgets
strtol
fprintf
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_wcsicmp

msvcm90

?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ

mscoree

_CorDllMain

Exports

Exports

??0CPwmGui@@QAE@ABV0@@Z
??0CPwmGui@@QAE@XZ
??1CPwmGui@@QAE@XZ
??4CPwmGui@@QAEAAV0@ABV0@@Z
??_7CPwmGui@@6B@
?displayBankRecordDialog@CPwmGui@@UAE_NAAVCPwmBankRecordDialogParams@@@Z
?displayBrowserDetectedDialog@CPwmGui@@UAE_NAAVCPwmBrowserDetectedDialogParams@@@Z
?displayFpAuthenticationDialog@CPwmGui@@UAE_NAAVCPwmFpAuthenticationDialogParams@@@Z
?displayImportExportDialog@CPwmGui@@UAE_NAAVCPwmImportExportDialogParams@@@Z
?displayLearnMoreDialog@CPwmGui@@UAE_NAAVCPwmLearnMoreDialogParams@@@Z
?displayMainUIDialog@CPwmGui@@UAE_NAAVCPwmMainUIDialogParams@@@Z
?displayMessageBox@CPwmGui@@UAE_NAAVCPwmMessageBoxParams@@@Z
?displayPasswordPromptDialog@CPwmGui@@UAE_NAAVCPwmPasswordPromptDialogParams@@@Z
?displayRecordChooserDialog@CPwmGui@@UAE_NAAVCPwmRecordChooserDialogParams@@@Z
?displaySpecialCaseDialog@CPwmGui@@UAE_NAAVCPwmSpecialCaseDialogParams@@@Z
?displayUpdateCommonEntriesDialog@CPwmGui@@UAE_NAAVCPwmUpdateCommonEntriesDialogParams@@@Z
?displayUpdateRecordDialog@CPwmGui@@UAE_NAAVCPwmUpdateRecordDialogParams@@@Z
?displayVerifaceDialog@CPwmGui@@UAE_NAAVCPwmVerifaceDialogParams@@@Z
?displayWindowsPasswordResetDialog@CPwmGui@@UAE_NAAVCPwmWindowsPasswordResetDialogParams@@@Z
?getApplicationIcon@CPwmGui@@UAE_NAAVCPwmApplicationIconParams@@@Z
?getApplicationStrings@CPwmGui@@UAE_NAAVCPwmApplicationStringsParams@@@Z
?getImportExportDialogParams@CPwmGui@@UAE_NAAVCPwmImportExportDialogParams@@@Z
?getSerializedStrings@CPwmGui@@UAE_NAAVCPwmStringsSerializationParams@@@Z
?setDeserializedStrings@CPwmGui@@UAE_NAAVCPwmStringsSerializationParams@@@Z
?setExportResult@CPwmGui@@UAE_NW4eExportResult@CPwmImportExportDialogParams@@@Z
?setFpAuthResult@CPwmGui@@UAE_NW4eFpAuthResult@CPwmFpAuthenticationDialogParams@@@Z
?setImportResult@CPwmGui@@UAE_NW4eImportResult@CPwmImportExportDialogParams@@PAUST_PWM_DATABASE@CPwmMainUIDialogParams@@ABVCTVTWCharString@@@Z
?setPromptAuthResult@CPwmGui@@UAE_NAA_N@Z
freeGuiInterface
getGuiInterface

Sections

.text
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdadbd0105564c9bb6517ee0dd25e079

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

wtsapi32

netapi32

version

crypt32

wintrust

gdi32

kernel32

advapi32

shell32

msvcr90

msvcm90

mscoree

Exports

Exports

Sections

.text Size: 625KB - Virtual size: 625KB

.rdata Size: 323KB - Virtual size: 323KB

.data Size: 44KB - Virtual size: 47KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 625KB - Virtual size: 625KB

.rdata
Size: 323KB - Virtual size: 323KB

.data
Size: 44KB - Virtual size: 47KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 59KB - Virtual size: 58KB