14546b3510ff67173db9eabd04c598323a3e4b690100619cb84b61418a55f4fdN

Sharing

Copy URL

Twitter E-mail

General

Target

14546b3510ff67173db9eabd04c598323a3e4b690100619cb84b61418a55f4fdN
Size

1.9MB
MD5

66b1109e3b1b720a2ff240203913aea0
SHA1

b03da4ecf94587149eaaaa2a88f335a62b337888
SHA256

14546b3510ff67173db9eabd04c598323a3e4b690100619cb84b61418a55f4fd
SHA512

fea66dbf4bf8521162ba7e3b2617a8cf8eb6692a2d922d84746944c5fff9f54f9bee57973e8f4fd4187561afb9e05c1af1254a8f54bf2bda25e928a96fa72946
SSDEEP

24576:7bCtlPwx96l7cpoWBzD0lKcvZEa7shnthjw6dnYBz66FrEFzR:7bHG4p7YZshn3jw6dnYlJr4zR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14546b3510ff67173db9eabd04c598323a3e4b690100619cb84b61418a55f4fdN

Files

14546b3510ff67173db9eabd04c598323a3e4b690100619cb84b61418a55f4fdN
.exe windows:4 windows x86 arch:x86

e8824726c805614ae228dea2cace77d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\main\bin\win32\release\phddns\PhDDns.pdb

Imports

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

iphlpapi

GetAdaptersInfo

dnsapi

DnsQuery_A
DnsRecordListFree

winmm

PlaySoundW

kernel32

SetEnvironmentVariableA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreatePipe
CreateProcessW
CreateThread
GetExitCodeProcess
CloseHandle
Sleep
PeekNamedPipe
GetConsoleMode
ReadFile
SizeofResource
LockResource
LoadResource
FindResourceW
lstrlenA
MultiByteToWideChar
FreeLibrary
OutputDebugStringA
LoadLibraryW
GetPrivateProfileStringW
GetProcAddress
CreateEventW
SetEvent
GetModuleFileNameW
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
WideCharToMultiByte
lstrlenW
DeleteCriticalSection
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
RaiseException
ExitThread
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
FindFirstFileW
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
GetLastError
InterlockedExchange
WritePrivateProfileStringW
lstrcatW
WinExec
lstrcpyW
GetCommandLineW
FindClose
GetModuleHandleA
InterlockedDecrement
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
FormatMessageW
LocalFree
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
SuspendThread
SetThreadPriority
GlobalFree
GlobalReAlloc
LoadLibraryA
GlobalAlloc
FreeResource
GlobalLock
GlobalSize
GetFileAttributesW
GlobalUnlock
CopyFileW
GetSystemDirectoryW
LocalAlloc
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetUserDefaultLangID
GetVersionExW
lstrcmpiW
GetWindowsDirectoryW
MulDiv
LoadLibraryExW
lstrcmpW
ResumeThread
SetNamedPipeHandleState
WaitNamedPipeW
CreateFileW
GetTickCount
GetModuleHandleW
SetLastError
WriteFile
DisconnectNamedPipe
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThreadId
CreateMutexW

user32

DestroyMenu
GrayStringW
DrawTextExW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
PostQuitMessage
SetWindowTextW
IsDialogMessageW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
GetMessageTime
GetScrollPos
GetMenu
MessageBoxW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuCheckMarkDimensions
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
CreateWindowExW
DestroyWindow
ModifyMenuW
GetAsyncKeyState
CharUpperW
GetMessageW
SetWindowPos
UpdateWindow
GetMonitorInfoW
MonitorFromWindow
CallMsgFilterW
TrackPopupMenu
EndPaint
BeginPaint
MapWindowPoints
DrawIconEx
GetClassLongW
ShowWindow
MoveWindow
GetDlgItem
LoadCursorFromFileW
GetScrollRange
EnableMenuItem
InsertMenuW
wsprintfW
DrawIcon
IsIconic
TranslateAcceleratorW
LoadAcceleratorsW
GetSystemMenu
CheckMenuItem
RegisterWindowMessageW
SetMenuDefaultItem
RemoveMenu
GetSubMenu
CreateMenu
AppendMenuW
InsertMenuItemW
CreatePopupMenu
LoadIconW
SetWindowRgn
SetRectEmpty
GetMenuState
GetMenuItemID
GetMenuItemCount
IsWindowEnabled
ChildWindowFromPoint
WindowFromPoint
ClientToScreen
IsWindow
LoadCursorW
LoadImageW
DestroyCursor
SetCursor
CreateIconIndirect
GetIconInfo
CopyIcon
ReleaseCapture
SetCapture
IsRectEmpty
IntersectRect
IsWindowVisible
SetScrollPos
GetCursorPos
GetDoubleClickTime
SetParent
PtInRect
LoadBitmapW
SetRect
GetMessagePos
DestroyIcon
DrawStateW
GetDC
EnumChildWindows
GetSysColorBrush
DrawTextW
FrameRect
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassW
GetFocus
TrackMouseEvent
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetSystemMetrics
GetScrollBarInfo
CallWindowProcW
DrawFocusRect
RegisterClipboardFormatW
LockWindowUpdate
DefWindowProcW
InflateRect
CopyRect
EnumThreadWindows
OffsetRect
GetWindowLongW
GetWindowTextW
GetClassNameW
ReleaseDC
ScreenToClient
SetWindowLongW
RedrawWindow
GetWindowDC
GetSysColor
FillRect
GetWindowRect
GetClientRect
GetParent
InvalidateRect
GetClassInfoW
PostMessageW
FindWindowW
SystemParametersInfoW
KillTimer
EqualRect
SetForegroundWindow
EnableWindow
GetDesktopWindow
SendMessageW
SetTimer
PostThreadMessageW
SetMenuItemBitmaps
UnregisterClassA

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
Escape
CreateRectRgnIndirect
GetMapMode
GetTextExtentPoint32W
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetViewportExtEx
RestoreDC
SaveDC
ExtCreateRegion
GetClipBox
SetBrushOrgEx
SetStretchBltMode
SetDIBColorTable
GetDIBColorTable
ExcludeClipRect
GetTextExtentPointW
RoundRect
ExtTextOutW
GetPixel
OffsetRgn
CombineRgn
CreateRectRgn
FillRgn
FrameRgn
CreatePolygonRgn
CreateRoundRectRgn
TextOutW
SetTextJustification
GetTextMetricsW
SetBkColor
CreateFontIndirectW
GetDeviceCaps
StretchBlt
CreateBitmap
CreateDIBSection
Rectangle
GetObjectW
LineTo
SetTextColor
DeleteDC
SetPixel
CreatePen
SetBkMode
CreateEllipticRgnIndirect
DeleteObject
BitBlt
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
OffsetViewportOrgEx
SetViewportOrgEx
CreateSolidBrush
ExtCreatePen
Arc
Ellipse
MoveToEx
SelectClipRgn
SelectObject

msimg32

AlphaBlend
TransparentBlt
GradientFill

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
GetSecurityDescriptorLength
RegEnumKeyW
RegOpenKeyW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
ControlService
ChangeServiceConfigW
CloseServiceHandle
RegCreateKeyExW
RegQueryValueExW
IsValidSid
RegDeleteKeyW
UnlockServiceDatabase
LockServiceDatabase
OpenServiceW
OpenSCManagerW
RegEnumValueW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryValueW
RegOpenKeyExW
GetLengthSid
LookupAccountNameW
CopySid
GetAclInformation
AddAce
InitializeSecurityDescriptor
InitializeAcl
MakeAbsoluteSD
GetSecurityDescriptorControl

shell32

Shell_NotifyIconW
ShellExecuteW

comctl32

_TrackMouseEvent
ord17
ImageList_GetImageCount
ImageList_GetIcon
InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgCreateDocfileOnILockBytes
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
CoCreateInstance
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
OleRun
CoTaskMemFree
CreateStreamOnHGlobal
CoRevokeClassObject
CoGetClassObject
CoUninitialize
CoInitialize
CreateILockBytesOnHGlobal
GetHGlobalFromStream
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SafeArrayDestroy
VariantCopy
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VarDateFromStr
SysAllocStringLen

ws2_32

inet_ntoa
gethostbyname
htons
inet_addr
htonl
accept
connect
select
ntohs
listen
bind
WSAGetLastError
sendto
send
recvfrom
socket
recv
WSAStartup
WSACleanup
closesocket

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipAlloc
GdipFree
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageI

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

??0COrayButton@OrayUI@@QAE@ABV01@@Z
??0COrayFrame@OrayUI@@QAE@ABV01@@Z
??0COrayGroupBox@OrayUI@@QAE@ABV01@@Z
??0COrayHeadCtrl@OrayUI@@QAE@ABV01@@Z
??0COrayListCtrl@OrayUI@@QAE@ABV01@@Z
??0COrayPanel@OrayUI@@QAE@ABV01@@Z
??0COrayScrollbar@OrayUI@@QAE@ABV01@@Z
??0COraySkin@OrayUI@@QAE@ABV01@@Z
??0COrayStatic@OrayUI@@QAE@ABV01@@Z
??0COrayUIBase@OrayUI@@QAE@ABV01@@Z
??0COrayWinCtrl@OrayUI@@QAE@ABV01@@Z
??0COrayWnd@OrayUI@@QAE@ABV01@@Z
??0CSubclassMap@OrayUI@@QAE@ABV01@@Z
??0CSubclassMap@OrayUI@@QAE@XZ
??0CUIBitmap@OrayUI@@QAE@ABV01@@Z
??0CUIBitmap@OrayUI@@QAE@XZ
??0CXMLAttribute@OrayUI@@QAE@ABV01@@Z
??1CUIBitmap@OrayUI@@UAE@XZ
??4COrayButton@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayFrame@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayGroupBox@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayHeadCtrl@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayListCtrl@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayPanel@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayScrollbar@OrayUI@@QAEAAV01@ABV01@@Z
??4COraySkin@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayStatic@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayUIBase@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayWinCtrl@OrayUI@@QAEAAV01@ABV01@@Z
??4COrayWnd@OrayUI@@QAEAAV01@ABV01@@Z
??4CSubclassMap@OrayUI@@QAEAAV01@ABV01@@Z
??4CUIBitmap@OrayUI@@QAEAAV01@ABV01@@Z
??4CXMLAttribute@OrayUI@@QAEAAV01@ABV01@@Z
??_7COrayButton@OrayUI@@6B@
??_7COrayFrame@OrayUI@@6B@
??_7COrayGroupBox@OrayUI@@6B@
??_7COrayHeadCtrl@OrayUI@@6B@
??_7COrayListCtrl@OrayUI@@6B@
??_7COrayPanel@OrayUI@@6B@
??_7COrayScrollbar@OrayUI@@6B@
??_7COrayStatic@OrayUI@@6B@
??_7COrayUIBase@OrayUI@@6B@
??_7COrayWinCtrl@OrayUI@@6B@
??_7COrayWnd@OrayUI@@6B@
??_7CUIBitmap@OrayUI@@6B@
??_7CXMLAttribute@OrayUI@@6B@
?GetColumnCount@COrayHeadCtrl@OrayUI@@QAEHXZ
?GetMiniHeight@COrayWnd@OrayUI@@QBEHXZ
?GetMiniWidth@COrayWnd@OrayUI@@QBEHXZ
?GetOrayFrame@COrayWnd@OrayUI@@QAEPAVCOrayFrame@2@XZ
?GetScrollbar@COrayPanel@OrayUI@@QAEPAVCOrayScrollbar@2@_N@Z
?GetState@COrayUIBase@OrayUI@@QBEIXZ
?GetTrackSize@COrayScrollbar@OrayUI@@QAEHXZ
?GetType@COrayUIBase@OrayUI@@QBEIXZ
?GetUserData@COrayUIBase@OrayUI@@QAEKXZ
?GetXmlElement@CXMLAttribute@OrayUI@@QBEPAVTiXmlElement@@XZ
?GetZoom@COrayListCtrl@OrayUI@@QAEMXZ
?IsAutoLength@COrayStatic@OrayUI@@QAE_NXZ
?IsEllipsis@COrayStatic@OrayUI@@QAE_NXZ
?IsVertical@COrayScrollbar@OrayUI@@QAE_NXZ
?NoChildren@CXMLAttribute@OrayUI@@QAE_NXZ
?SetAutoLength@COrayStatic@OrayUI@@QAEX_N@Z
?SetEllipsis@COrayStatic@OrayUI@@QAEX_N@Z
?SetMiniHeight@COrayWnd@OrayUI@@QAEXH@Z
?SetMiniWidth@COrayWnd@OrayUI@@QAEXH@Z
?SetOrayFrame@COrayWnd@OrayUI@@QAEXPAVCOrayFrame@2@@Z
?SetShaped@COrayWnd@OrayUI@@QAEX_N@Z
?SetType@COrayUIBase@OrayUI@@QAEXI@Z
?SetUserData@COrayUIBase@OrayUI@@QAEXK@Z
?SetXmlElement@CXMLAttribute@OrayUI@@QAEXPAVTiXmlElement@@@Z

Sections

.text
Size: 832KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 836KB - Virtual size: 833KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bak
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e8824726c805614ae228dea2cace77d1

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

iphlpapi

dnsapi

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

gdiplus

version

Exports

Exports

Sections

.text Size: 832KB - Virtual size: 829KB

.rdata Size: 184KB - Virtual size: 180KB

.data Size: 24KB - Virtual size: 37KB

.rsrc Size: 836KB - Virtual size: 833KB

.bak Size: 8KB - Virtual size: 6KB

.bak Size: 8KB - Virtual size: 6KB

.bak Size: 8KB - Virtual size: 6KB

.bak Size: 8KB - Virtual size: 6KB

.text
Size: 832KB - Virtual size: 829KB

.rdata
Size: 184KB - Virtual size: 180KB

.data
Size: 24KB - Virtual size: 37KB

.rsrc
Size: 836KB - Virtual size: 833KB

.bak
Size: 8KB - Virtual size: 6KB

.bak
Size: 8KB - Virtual size: 6KB

.bak
Size: 8KB - Virtual size: 6KB

.bak
Size: 8KB - Virtual size: 6KB