0467d461eb04d29e847630a22b7a7c9179829fa2b6b3ed231e925ffc5aec037dN

Sharing

Copy URL Twitter E-mail

General

Target

0467d461eb04d29e847630a22b7a7c9179829fa2b6b3ed231e925ffc5aec037dN
Size

3.2MB
MD5

6f0b9cb6a246628f91cb097652f351b0
SHA1

ac9f4402ee2a68962899630f15714ed52e904fbb
SHA256

0467d461eb04d29e847630a22b7a7c9179829fa2b6b3ed231e925ffc5aec037d
SHA512

6c628c97dfcc38943bbebf52fc61010f5f0f80c9b4495ae36f9dab890b0a6ed3a00182513511dbf867458a45ecbce84e4837cca35fcfceb405d4fd3cb7c6a84c
SSDEEP

49152:4Jikp3J78hqcc6oV8X39cjbdlrTGCY4+nwKW3LRU06l:Bkp3R8scc6oV83QrTG3hniO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0467d461eb04d29e847630a22b7a7c9179829fa2b6b3ed231e925ffc5aec037dN

Files

0467d461eb04d29e847630a22b7a7c9179829fa2b6b3ed231e925ffc5aec037dN
.exe windows:5 windows x86 arch:x86

24f7d9957d1a8a36e171a87b3e52186c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\MPBuild\MPBuild\MPProgram_2008_5.03.0A\Output\release\MPALL_F1_00_v200_00.pdb

Imports

inpout32

ord1
ord2

setupapi

CM_Connect_MachineA
SetupDiGetClassDevsA
CM_Get_DevNode_Registry_Property_ExA
CM_Get_DevNode_Registry_PropertyA
CM_Get_Child_Ex
SetupDiDestroyDeviceInfoList
CM_Get_Child
CM_Disconnect_Machine
CM_Get_Sibling
CM_Get_Parent
CM_Request_Device_EjectA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
CM_Locate_DevNodeA
CM_Get_Sibling_Ex

shlwapi

PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathFileExistsA
StrToInt64ExA
StrToIntExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

netapi32

NetApiBufferFree
NetWkstaGetInfo

kernel32

GetCurrentThreadId
GetCommState
SignalObjectAndWait
SetCommState
SetCommTimeouts
CreateEventA
GetCommMask
SetCommMask
WaitForMultipleObjects
WaitCommEvent
SetLastError
TerminateThread
ReleaseMutex
HeapCreate
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
HeapSize
GetFileType
SetStdHandle
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateThread
ExitThread
GetDriveTypeW
HeapAlloc
HeapFree
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
GetModuleHandleW
GetFileSizeEx
GetFileAttributesA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
GetLocalTime
GetLocaleInfoA
InterlockedExchange
GetFullPathNameA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
GetModuleFileNameW
FormatMessageA
LocalFree
MulDiv
GetCurrentProcessId
lstrlenA
GetVersionExA
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
CreateProcessA
GetExitCodeProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStringTypeW
GetStringTypeA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
GetStdHandle
SetVolumeLabelA
EnumResourceLanguagesA
CreateFileA
GetFileSize
FindResourceA
FindFirstFileW
SetFilePointer
FreeLibrary
LoadResource
WaitForSingleObject
SetEvent
GetFileTime
CreateFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalUnlock
GlobalLock
WinExec
GetModuleHandleA
GetWindowsDirectoryA
GetCurrentProcess
SetFileAttributesA
SetThreadLocale
GetVersion
CreateToolhelp32Snapshot
GetCurrentDirectoryA
Process32Next
TerminateProcess
OpenProcess
Process32First
InterlockedDecrement
GetTickCount
GetModuleFileNameA
GetShortPathNameA
GetFileAttributesW
DeleteCriticalSection
FlushFileBuffers
InitializeCriticalSection
lstrcmpA
GlobalFree
GlobalAlloc
GetComputerNameA
WriteFile
DeleteFileA
ResumeThread
CloseHandle
GetDiskFreeSpaceExA
OutputDebugStringA
FindNextFileW
FindNextFileA
DeviceIoControl
GetDiskFreeSpaceA
LockResource
WritePrivateProfileStringA
LocalAlloc
LoadLibraryA
ResetEvent
GetPrivateProfileStringA
FindClose
EnterCriticalSection
CopyFileA
VirtualAlloc
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
MultiByteToWideChar
lstrcmpW
ReadFile
LeaveCriticalSection
SizeofResource
Sleep
GetVolumeInformationA
WideCharToMultiByte
GetPrivateProfileIntA
GetDriveTypeA
VirtualFree
GetLogicalDrives

winscard

SCardStatusA
SCardEndTransaction
SCardTransmit
SCardBeginTransaction
SCardDisconnect
SCardListReadersA
SCardConnectA
SCardEstablishContext

ws2_32

shutdown
sendto
recv
bind
socket
getservbyname
getsockname
closesocket
gethostbyname
send
accept
ntohs
WSAStartup
WSACleanup
htons
WSAGetLastError
__WSAFDIsSet
select
getpeername
gethostname
connect
ntohl
inet_addr
htonl
recvfrom

rpcrt4

UuidCreateSequential

user32

SendDlgItemMessageA
WinHelpA
GetCapture
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
RegisterWindowMessageA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
EndPaint
BeginPaint
SetWindowPos
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
IsDialogMessageA
SetWindowTextA
ShowWindow
GetFocus
ModifyMenuA
CharUpperA
EndDialog
CreateDialogIndirectParamA
GetDesktopWindow
PostQuitMessage
GetSysColorBrush
LoadCursorA
UnregisterClassA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
DrawTextA
GrayStringA
DrawEdge
DrawTextExA
TabbedTextOutA
WindowFromDC
GetClassLongA
SendMessageTimeoutA
GetClassNameA
IsIconic
MsgWaitForMultipleObjects
LoadIconA
DrawIcon
GetWindowTextA
PeekMessageA
GetDlgItem
GetSystemMetrics
FindWindowA
RedrawWindow
IsWindow
UpdateWindow
TranslateMessage
DispatchMessageA
MessageBoxA
SetTimer
ScreenToClient
KillTimer
PtInRect
GetMessagePos
GetNextDlgTabItem
ClientToScreen
SetCursor
GetWindowRect
FillRect
GetSubMenu
GetParent
WindowFromPoint
GetClientRect
GetDC
DrawFocusRect
InflateRect
DrawStateA
OffsetRect
TrackPopupMenuEx
InvalidateRect
GetWindowLongA
ReleaseDC
DestroyCursor
GetSysColor
FrameRect
GetActiveWindow
EnableWindow
DestroyMenu
DestroyIcon
CopyRect
wsprintfA
SendMessageA
PostMessageA

gdi32

TextOutA
ExtTextOutA
GetViewportExtEx
RectVisible
Escape
CreateRectRgn
GetBkColor
PtVisible
GetMapMode
DPtoLP
GetWindowExtEx
LPtoDP
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetMapMode
GetClipBox
LineTo
MoveToEx
SetTextAlign
SetViewportOrgEx
CreateFontA
SelectClipRgn
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreatePen
GetViewportOrgEx
CreateFontIndirectA
Rectangle
GetStockObject
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
CreateBitmap
SetBkColor
DeleteDC
SetTextColor
BitBlt
CreateDIBSection
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegFlushKey
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

shell32

SHCreateDirectoryExA
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent

ole32

OleRun
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

24f7d9957d1a8a36e171a87b3e52186c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

inpout32

setupapi

shlwapi

version

netapi32

kernel32

winscard

ws2_32

rpcrt4

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 369KB - Virtual size: 369KB

.data Size: 34KB - Virtual size: 196KB

.rsrc Size: 769KB - Virtual size: 768KB

.text Size: 90KB - Virtual size: 92KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 369KB - Virtual size: 369KB

.data
Size: 34KB - Virtual size: 196KB

.rsrc
Size: 769KB - Virtual size: 768KB

.text
Size: 90KB - Virtual size: 92KB