f9b80c6e58e3f2478ea6acd794cf7733530abf68754e4b174e45d40a518caec3

Sharing

Copy URL Twitter E-mail

General

Target

f9b80c6e58e3f2478ea6acd794cf7733530abf68754e4b174e45d40a518caec3
Size

201KB
MD5

dc0992502ebd3addaddd9bded45bf77e
SHA1

7ee8a89b16c6eb4e9a7c8f935cef7c19e6d35424
SHA256

f9b80c6e58e3f2478ea6acd794cf7733530abf68754e4b174e45d40a518caec3
SHA512

0d5a92d6035926c96216db832cf5d6423c7bff2286982e3c66974741a08fb2d55c58c2d4c91ba1d8bbc31839abffd4042f90845e8143b55414843ff663b41394
SSDEEP

3072:8NTFKtMr2Yfrh2y0sS0jqYMxO4pNNdcwwnX+VpqbO0MWhFGzkGzXzt:8NTFEMrxrhr5jOdwX+VpqbOqzGzkGzx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9b80c6e58e3f2478ea6acd794cf7733530abf68754e4b174e45d40a518caec3

Files

f9b80c6e58e3f2478ea6acd794cf7733530abf68754e4b174e45d40a518caec3
.exe windows:5 windows x86 arch:x86

8e49d9a4cbf04f5d67ec53f553be3390

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\MMPApp\Build\BinRelease\STMaintainUpdate.pdb

Imports

ws2_32

WSAStartup
WSACleanup

kernel32

GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSection
WideCharToMultiByte
Sleep
SizeofResource
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
MultiByteToWideChar
lstrlenW
CreateDirectoryA
FindFirstFileA
GetLastError
RemoveDirectoryA
CopyFileA
EnterCriticalSection
SetFileAttributesA
FindClose
GetLocalTime
LockResource
GetModuleFileNameA
FindNextFileA
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
lstrcpyW
DeleteFileA
WritePrivateProfileStringW
GetCurrentProcess
TerminateProcess
GetCommandLineW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
CreateDirectoryW
LoadResource
FindResourceW
FindResourceExW
MoveFileExA
CloseHandle
CreateToolhelp32Snapshot
lstrcmpiW
GetProcessHeap
Process32NextW
OpenProcess
IsDebuggerPresent
QueryPerformanceCounter
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

CharNextW

advapi32

ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle

shell32

CommandLineToArgvW
SHFileOperationA

ole32

CoCreateGuid

msvcp100

?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_stricmp
memset
_CxxThrowException
memcpy
__RTDynamicCast
_crt_debugger_hook
__set_app_type
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove_s
sprintf
_mktime64
_vscwprintf
wmemcpy_s
free
malloc
_mbsstr
memchr
fflush
atoi
_snprintf
vswprintf_s
strnlen
tolower
_vswprintf_c_l
fopen
_vsnprintf
srand
_purecall
memcpy_s
fwrite
toupper
fclose
_time64
??0exception@std@@QAE@XZ
??9type_info@@QBE_NABV0@@Z
??8type_info@@QBE_NABV0@@Z
fopen_s
fread
??0exception@std@@QAE@ABQBDH@Z
_aligned_malloc
_aligned_free
isalpha
__CxxFrameHandler3
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode

shlwapi

PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA
PathCombineA
PathFindFileNameA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e49d9a4cbf04f5d67ec53f553be3390

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

msvcp100

msvcr100

shlwapi

version

Sections

.text Size: 117KB - Virtual size: 116KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 16KB