d3c49547781327ef6f894ceaf884ceaf4bf0d9f756d38629b3739654a4137292

Sharing

Copy URL

Twitter E-mail

General

Target

d3c49547781327ef6f894ceaf884ceaf4bf0d9f756d38629b3739654a4137292
Size

1.8MB
MD5

0baa9d1dfeaf700590b631e5ed6d097b
SHA1

5e9db943b01ed478a87e9799f53828c89e5e4363
SHA256

d3c49547781327ef6f894ceaf884ceaf4bf0d9f756d38629b3739654a4137292
SHA512

02bb65158f16bcd0081f3bd9d57c1ccdc980e8fc463f754b025bbeec8692c06411e10a475a1de57c2b771d19fd16a12b5dbe75d4cdc0799f7161a3e08a0e92c8
SSDEEP

24576:u4SvWGQWvqu/VMe75oPJ4n+aelP1+wl5olQYSRD7XoqcVS3elcrA0uwEGCz93xFR:uMNqX/pE4nasyJXoqcw3q0uwEGCzvFR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3c49547781327ef6f894ceaf884ceaf4bf0d9f756d38629b3739654a4137292

Files

d3c49547781327ef6f894ceaf884ceaf4bf0d9f756d38629b3739654a4137292
.exe windows:5 windows x86 arch:x86

e4dd504dd2203ec5f40e5e5ea10d9295

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\winapps\gu6\Build\QuickSearch\Release\QuickSearch.pdb

Imports

memfiles

ReloadDisk
RestartMemfilesService
GetLoadDiskInfo
GetUpdateMaskByResult
SortByResult
GetSelectFileCountByResult
GetSelectFilePathByResult
RemoveSelectIndexByResult
AddSelectIndexByResult
SetSelectIndexByResult
IsSelectByResult
GetFileInfoByFileIDArray
GetFilePathByFileIDW
FindFileIndexByResult
GetMemfilesServiceVersion
ReleaseCurLoadDiskInfo
GetCurLoadDiskInfo
StartMemfilesService
RegMemfilesService
SetQuickSearchExcludePath
SetQuickSearchExcludeFileAttribute
GetFilePathByResultW
GetFileNameByResultW
GetAttributeByResult
ReleaseFileInfo
GetFileInfoByResult
SetChangeNotifyHWND
EnabledChangeNotifyByResult
SetFilesMaskByResult
ReleaseString
QuickSearch
ConvertMatchString
UninitMemfilesService
SetChangeNotifyCallBack
LoadDiskForSearch
SetUsedCacheDataByResult
InitMemfilesService
ReleaseFilePath
GetMulteFilePathByResult
GetFileCountByResult

languages

ord8
ord5
ord6
ord1
ord3
ord4

register

GoHomePage
ShowDlgWindow
GoHelp

shortcutfixer

GetShortcutsArguments
GetShortcutsTargetPath
CreateShortcuts
GetShortcutsIconLocation
CloseShortcuts

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

skinsmanager

UnitializeLibrary
InitializeSkins
InitializeLibrary
GetAllKeyArrBySection
GetSkinsFile
GetSkinsOption
GetSkinsToInt
GetSkinsColor

mfc90u

ord1770
ord2278
ord4530
ord2596
ord1108
ord677
ord4527
ord5853
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord3670
ord2447
ord1144
ord3217
ord1186
ord1098
ord4211
ord794
ord589
ord4043
ord6527
ord316
ord601
ord946
ord5559
ord1556
ord690
ord441
ord6355
ord4405
ord5342
ord6022
ord6806
ord3637
ord4543
ord744
ord524
ord3068
ord6275
ord1496
ord678
ord3548
ord1683
ord1771
ord615
ord3496
ord4654
ord1667
ord2277
ord4510
ord1601
ord2103
ord3489
ord4652
ord1665
ord2274
ord611
ord4234
ord1533
ord6065
ord6164
ord933
ord1552
ord5535
ord663
ord404
ord1064
ord3399
ord2209
ord664
ord405
ord750
ord3627
ord1708
ord1779
ord4319
ord6760
ord4266
ord1937
ord2695
ord5510
ord5509
ord5511
ord5508
ord5231
ord5047
ord5301
ord5277
ord4608
ord4632
ord5168
ord5661
ord5152
ord4739
ord1688
ord4026
ord686
ord436
ord753
ord539
ord3907
ord2360
ord935
ord4518
ord4519
ord2551
ord6063
ord6572
ord6060
ord6566
ord4579
ord6569
ord6101
ord5974
ord6040
ord5863
ord5850
ord6418
ord6174
ord3513
ord6666
ord4774
ord3742
ord2901
ord3654
ord4660
ord1719
ord2283
ord1357
ord4044
ord6372
ord778
ord2146
ord3577
ord2282
ord4512
ord2130
ord3741
ord3537
ord2470
ord1063
ord1088
ord1137
ord4410
ord4541
ord6095
ord3622
ord525
ord3488
ord333
ord6183
ord6187
ord2593
ord2592
ord6574
ord6091
ord1354
ord1353
ord3543
ord2106
ord1183
ord3486
ord636
ord367
ord6547
ord6096
ord2326
ord1248
ord938
ord5938
ord2479
ord4490
ord6687
ord1607
ord285
ord3220
ord287
ord291
ord3500
ord5767
ord1219
ord6811
ord1276
ord2458
ord1243
ord2523
ord2145
ord3191
ord452
ord1557
ord1542
ord608
ord324
ord702
ord453
ord4322
ord3018
ord2501
ord2490
ord665
ord406
ord2537
ord6529
ord265
ord266
ord1254
ord1250
ord784
ord582
ord2676
ord1603
ord6659
ord2478
ord5979
ord6013
ord1599
ord1682
ord790
ord1041
ord758
ord554
ord1166
ord6172
ord3149
ord4451
ord1723
ord788
ord585
ord792
ord587
ord290
ord4494
ord2114
ord2100
ord6349
ord4351
ord2143
ord1678
ord6094
ord2267
ord2726
ord3145
ord6347
ord6205
ord1935
ord3187
ord5770
ord2469
ord2885
ord2170
ord4287
ord3085
ord4066
ord4074
ord5841
ord5632
ord4631
ord5324
ord2208
ord1810
ord1809
ord3353
ord6408
ord1492
ord4682
ord5653
ord4741
ord5167
ord4516
ord6353
ord6311
ord3165
ord1675
ord4262
ord2904
ord5008
ord4000
ord1938
ord654
ord3528
ord639
ord374
ord3794
ord3768
ord3953
ord3933
ord2069
ord693
ord3563
ord3252
ord4658
ord2280
ord2597
ord595
ord797
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord3286
ord2764
ord2893
ord2774
ord3140
ord2966
ord4728
ord3112
ord2983
ord2771
ord1727
ord1791
ord1792
ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord1026
ord1484
ord2475
ord6683
ord2981
ord2927
ord3368
ord6673
ord5966
ord4926
ord4788
ord2344
ord6782
ord4163
ord6601
ord3066
ord6593
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord4328
ord5102
ord4617
ord1444
ord1752
ord2967
ord3514
ord4784
ord5007
ord3999
ord370
ord310
ord818
ord821
ord1608
ord1272
ord305
ord3221
ord6808
ord3231
ord5939
ord6686
ord2364
ord2197
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4664
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord2139
ord5650
ord6604
ord6577
ord6579
ord4131
ord2595
ord5851
ord811
ord280
ord813
ord286
ord2694
ord600
ord296
ord799
ord4656
ord3547
ord337
ord613
ord586
ord809
ord3856
ord6780
ord814
ord899
ord3155
ord4398
ord4010
ord3842
ord6204
ord6079
ord1420
ord1043
ord801
ord783
ord581
ord724
ord481
ord3445
ord2243
ord339
ord5078
ord4815
ord6350
ord6271
ord2431
ord1689
ord3061
ord6636
ord1047
ord638
ord710
ord462
ord662
ord2758
ord398

msvcr90

memset
memcpy
__CxxFrameHandler3
_CxxThrowException
wcstod
wcsncmp
memmove
printf
wprintf
_beginthreadex
_endthreadex
_mktime64
wcschr
__wargv
__argc
_wcstoi64
_localtime64_s
_time64
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsncpy_s
_purecall
calloc
_recalloc
_wcsnicmp
wcsstr
_resetstkoflw
memcpy_s
ispunct
isspace
_wcsicmp
wcstoul
wcsrchr
wcstol
malloc
free
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcscpy_s
??0exception@std@@QAE@XZ
memmove_s
??1exception@std@@UAE@XZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strcspn
_msize
_stat64i32
exit
fclose
fseek
realloc
ftell
_findfirst64i32
fread
fopen
_findclose
strncpy
_findnext64i32
isalnum
_snprintf
rewind
strncmp
??0exception@std@@QAE@ABQBD@Z

kernel32

LocalFree
GetFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetComputerNameW
SetFilePointer
ReadFile
WriteFile
OutputDebugStringW
GetCurrentThreadId
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetCurrentProcessId
FreeLibrary
GetVersionExW
GetDiskFreeSpaceExW
GetVolumeInformationW
VerifyVersionInfoW
VerSetConditionMask
LocalFileTimeToFileTime
WaitForMultipleObjects
FindNextFileW
FindClose
FindFirstFileW
GetOverlappedResult
ReadDirectoryChangesW
FileTimeToLocalFileTime
CompareFileTime
FileTimeToSystemTime
CreateFileW
SetEvent
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GlobalFree
ResumeThread
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcpyW
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexW
GetLogicalDrives
LockFile
GetCommandLineW
GetPrivateProfileStringW
CloseHandle
GetLongPathNameW
WideCharToMultiByte
GetModuleFileNameW
lstrlenA
GetTickCount
TerminateThread
WaitForSingleObject
MultiByteToWideChar
GetVersion
MulDiv
LoadLibraryW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
InterlockedExchange
GetLastError
SetLastError
lstrlenW
Sleep
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
DeleteFileA
AreFileApisANSI
GetTempPathA
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
FormatMessageA
GetProcessHeap
UnlockFileEx
WaitForSingleObjectEx
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
HeapAlloc
SetEndOfFile
TryEnterCriticalSection
HeapCompact
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
ExpandEnvironmentStringsW

user32

IsWindow
InvalidateRect
SetRect
EnableWindow
GetWindowRect
IsWindowVisible
GetFocus
EnumChildWindows
GetSysColorBrush
TrackPopupMenu
CallWindowProcW
DestroyMenu
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
InsertMenuW
CreateMenu
GetMenuItemInfoW
UnionRect
GetMenuBarInfo
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetMenuState
SetWindowTextW
InsertMenuItemW
DrawIconEx
GetSysColor
DeferWindowPos
GetCursor
EndDeferWindowPos
BeginDeferWindowPos
GetWindowRgnBox
SetWindowPos
SetActiveWindow
LoadAcceleratorsW
ClientToScreen
ReleaseCapture
SetCapture
SetMenuDefaultItem
TranslateAcceleratorW
GetKeyState
IsZoomed
IsIconic
LoadBitmapW
LoadIconW
RegisterClipboardFormatW
GetDlgCtrlID
GetWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
LoadMenuW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
UnregisterHotKey
RegisterHotKey
SetPropW
EnumWindows
GetPropW
wsprintfW
PostMessageW
LoadImageW
DrawIcon
GetIconInfo
GetForegroundWindow
GetActiveWindow
SetWindowRgn
GetWindowRgn
SetForegroundWindow
SetLayeredWindowAttributes
SystemParametersInfoW
OffsetRect
IsRectEmpty
EqualRect
MonitorFromPoint
GetMonitorInfoW
MonitorFromRect
WindowFromPoint
UpdateLayeredWindow
RegisterClassExW
DefWindowProcW
GrayStringW
DrawTextExW
TabbedTextOutW
AppendMenuW
CreatePopupMenu
DestroyIcon
GetWindowLongW
KillTimer
SetTimer
ScreenToClient
GetCursorPos
LoadCursorW
SetCursor
SetWindowLongW
GetSystemMetrics
RedrawWindow
PtInRect
TrackMouseEvent
GetParent
GetClientRect
FrameRect
FillRect
SetRectEmpty
ReleaseDC
GetDC
CopyRect
DrawTextW
SendMessageW

gdi32

SetBrushOrgEx
FillRgn
BeginPath
CreatePatternBrush
GetTextColor
SetTextColor
LineTo
MoveToEx
CreatePen
GetTextExtentExPointW
GetTextExtentPointW
GetViewportExtEx
GetWindowExtEx
GetGraphicsMode
EndPath
GetDeviceCaps
FillPath
GetBitmapDimensionEx
CreateFontIndirectW
FrameRgn
CreateRoundRectRgn
Escape
ExtTextOutW
PtVisible
CreateSolidBrush
RectVisible
GetBkColor
DPtoLP
GetMapMode
LPtoDP
CreateFontW
GetTextMetricsW
TextOutW
GetCurrentObject
CreateCompatibleBitmap
GetTextExtentPoint32W
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
CreateDIBSection
BitBlt
CreateCompatibleDC
SetBitmapDimensionEx
GetBkMode
DeleteDC

msimg32

TransparentBlt
AlphaBlend
GradientFill

advapi32

RegEnumKeyW
GetUserNameW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
RegCloseKey
RegOpenKeyW

shell32

SHGetSpecialFolderLocation
ord165
CommandLineToArgvW
ord701
SHGetDesktopFolder
ord716
Shell_NotifyIconW
SHGetFileInfoW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
ord43
ShellExecuteW
SHGetSpecialFolderPathW
ord727

comctl32

InitCommonControlsEx
ImageList_DrawEx
_TrackMouseEvent
FlatSB_EnableScrollBar
ImageList_GetIconSize

shlwapi

ord354
StrFormatKBSizeW
PathFindExtensionW
PathIsNetworkPathW
SHSetValueW
StrCmpLogicalW
PathMatchSpecW
ord487
PathIsDirectoryW
StrFormatByteSizeW
SHGetValueW
PathFileExistsW

ole32

CoInitialize
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

msvcp90

?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

gdiplus

GdipLoadImageFromFile
GdipDrawImageRectI
GdipSetSmoothingMode
GdipFillRectangleI
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateHICONFromBitmap

uxtheme

SetWindowTheme

guwndmanager

WindowsPosUnhookWnd
WindowsPosUninitialize
WindowsPosHookWnd
WindowsPosSave
WindowsPosInitialize
WindowsPosLoad

crashreport

ord1

checkupdate

ord6

usp10

ScriptBreak

zlib1

uncompress

config

ord12
ord11
ord13
GUCIsSeparate
ord2
ord10
ord1
ord3

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4dd504dd2203ec5f40e5e5ea10d9295

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

memfiles

languages

register

shortcutfixer

version

skinsmanager

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp90

gdiplus

uxtheme

guwndmanager

crashreport

checkupdate

usp10

zlib1

config

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 17KB - Virtual size: 72KB

.rsrc Size: 254KB - Virtual size: 253KB

.reloc Size: 179KB - Virtual size: 180KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 17KB - Virtual size: 72KB

.rsrc
Size: 254KB - Virtual size: 253KB

.reloc
Size: 179KB - Virtual size: 180KB