4578557bbd4d1962c208c8cf429159777db81f68ad210c329124e5784dd2f562N

Sharing

Copy URL Twitter E-mail

General

Target

4578557bbd4d1962c208c8cf429159777db81f68ad210c329124e5784dd2f562N
Size

2.6MB
MD5

36c121234b301b45f9535990c180eda0
SHA1

b6d7d7f009041e05ff771bbee0a7f4ce2f53b022
SHA256

4578557bbd4d1962c208c8cf429159777db81f68ad210c329124e5784dd2f562
SHA512

38e751ba2914a6596bf83c0076a5d330d75585123ff420f847bfa787b86b7c7c7a11a8b27ecf53304bf96599c8a586a1b7134e1a0760d152636919a02d77d353
SSDEEP

49152:B3vQtx8dlZxm32BsEHRQHdXqOZaFqWPGRpFS82CP6YCaTgVrBZbZR:B3vaOU2yExQHdXqO6GQ5YC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4578557bbd4d1962c208c8cf429159777db81f68ad210c329124e5784dd2f562N

Files

4578557bbd4d1962c208c8cf429159777db81f68ad210c329124e5784dd2f562N
.exe windows:6 windows x86 arch:x86

865bf47de4d130d2b91414452f05b379

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\workspace\setup_release_9.0\build\x86\lib\release\Pdb\VDogUploadSEWMotionStudio.pdb

Imports

user32

FindWindowW
MessageBoxW
GetKeyNameTextW
CharUpperW
GetProcessWindowStation
RegisterClassExW
LoadCursorW
UpdateWindow
ShowWindow
wsprintfW
LoadStringW
GetUserObjectInformationW
KillTimer
SetTimer
DestroyWindow
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
EnumWindows
wsprintfA
GetAncestor
GetClassNameW
EnumChildWindows
SetActiveWindow
IsWindowEnabled
IsWindowVisible
CreateWindowExW
SendMessageW

kernel32

FormatMessageW
lstrlenA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetTickCount
GetProcAddress
MultiByteToWideChar
GetACP
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetFileInformationByHandle
GetFileTime
ReadFile
RemoveDirectoryW
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
WriteFile
Sleep
lstrlenW
OpenProcess
GetSystemInfo
GetComputerNameExW
GetVersionExW
GetModuleHandleW
FindResourceW
GetLocaleInfoW
GetSystemDefaultLangID
QueryPerformanceCounter
GetCurrentThreadId
LocalFree
WideCharToMultiByte
GetCommandLineW
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThread
LCMapStringW
GetFileSizeEx
lstrcmpA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
TlsFree
GetShortPathNameW
GetTempFileNameW
GetVolumeInformationW
GetTempPathW
CreateMutexW
OpenSemaphoreW
CreateSemaphoreW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileMappingW
OpenFileMappingW
LoadLibraryExW
LoadLibraryW
lstrcmpW
lstrcmpiW
CopyFileW
MoveFileW
MoveFileExW
GetDateFormatW
GetTimeFormatW
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
InterlockedPopEntrySList
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
GetLocalTime
GetSystemTime
OutputDebugStringW
PeekNamedPipe
GetFileAttributesW
SystemTimeToFileTime
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
CreateProcessW
ResumeThread
GetExitCodeThread
TerminateThread
CreateThread
TerminateProcess
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
CloseHandle
LocalFileTimeToFileTime
SetEvent
GetLastError
InterlockedPushEntrySList
InterlockedFlushSList
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
CompareStringW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
TryEnterCriticalSection
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
IsValidCodePage
GetOEMCP
IsValidLocale
SystemTimeToTzSpecificLocalTime
DosDateTimeToFileTime
ReadConsoleA
SetConsoleMode
LoadLibraryA
ConvertFiberToThread
DeleteFiber
WriteConsoleW
SetStdHandle
GetCommandLineA
ReadConsoleW
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
GetNativeSystemInfo
GetTimeZoneInformation
GetDriveTypeW
FormatMessageA
GetStringTypeW
GetCurrentDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
WaitForSingleObjectEx
SwitchToThread
GetConsoleCP

advapi32

RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
DeregisterEventSource
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
GetSecurityInfo
CryptReleaseContext
RegisterEventSourceW
ReportEventW
GetUserNameW
RegCreateKeyW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ole32

CoCreateGuid

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetPathFromIDListW
CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
send
recv
closesocket

gdi32

TextOutW
CreateFontIndirectW

netapi32

NetApiBufferFree
NetGetJoinInformation

bcrypt

BCryptGenRandom

Exports

Exports

??0CInOutUtf8String@@QAE@PADH@Z
??0CInUtf8String@@QAE@PB_WH@Z
??0CUtf16StringList@@QAE@PBQBDH@Z
??1CInOutUtf8String@@QAE@XZ
??1CInUtf8String@@QAE@XZ
??1CUtf16StringList@@QAE@XZ
??BCInOutUtf8String@@QAEPA_WXZ
??BCInUtf8String@@QBEPBDXZ
??BCUtf16StringList@@QBEPAPB_WXZ
?CharUpperU@@YGPADPAD@Z
?Cleanup@CUtf16StringList@@AAEXXZ
?CopyFileU@@YGHPBD0H@Z
?CopyMultiSz@@YAXPBDAAPA_W@Z
?CreateDirectoryU@@YGHPBDPAU_SECURITY_ATTRIBUTES@@@Z
?CreateEventU@@YGPAXPAU_SECURITY_ATTRIBUTES@@HHPBD@Z
?CreateFileMappingU@@YGPAXPAXPAU_SECURITY_ATTRIBUTES@@KKKPBD@Z
?CreateFileU@@YGPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?CreateFontIndirectU@@YGPAUHFONT__@@PBU_LOGFONTU@@@Z
?CreateMutexU@@YGPAXPAU_SECURITY_ATTRIBUTES@@HPBD@Z
?CreateProcessU@@YGHPBDPADPAU_SECURITY_ATTRIBUTES@@2HKPAX0PAU_STARTUPINFOU@@PAU_PROCESS_INFORMATION@@@Z
?CreateSemaphoreU@@YGPAXPAU_SECURITY_ATTRIBUTES@@JJPBD@Z
?CreateWindowExU@@YGPAUHWND__@@KPBD0KHHHHPAU1@PAUHMENU__@@PAUHINSTANCE__@@PAX@Z
?CreateWindowU@@YGPAUHWND__@@PBD0KHHHHPAU1@PAUHMENU__@@PAUHINSTANCE__@@PAX@Z
?DeleteFileU@@YGHPBD@Z
?FindFirstFileU@@YGPAXPBDPAU_WIN32_FIND_DATAU@@@Z
?FindNextFileU@@YGHPAXPAU_WIN32_FIND_DATAU@@@Z
?FindResourceU@@YGPAUHRSRC__@@PAUHINSTANCE__@@PBD1@Z
?FindWindowU@@YGPAUHWND__@@PBD0@Z
?FreeEnvironmentStringsU@@YGHPAD@Z
?FreeLibrary@WinUtf8@@YAHVHMODULE@1@@Z
?GetClassNameU@@YGHPAUHWND__@@PADH@Z
?GetDateFormatU@@YGHKKPBU_SYSTEMTIME@@PBDPADH@Z
?GetDiskFreeSpaceExU@@YGHPBDPAT_ULARGE_INTEGER@@11@Z
?GetDiskFreeSpaceU@@YGHPBDPAK111@Z
?GetDriveTypeU@@YGIPBD@Z
?GetEnvironmentStringsU@@YGPADXZ
?GetEnvironmentVariableU@@YGKPBDPADK@Z
?GetFileAttributesU@@YGKPBD@Z
?GetFileVersionInfoSizeU@@YGKPBDPAK@Z
?GetFileVersionInfoU@@YGHPBDKKPAX@Z
?GetKeyNameTextU@@YGHJPADH@Z
?GetLocaleInfoU@@YGHKKPADH@Z
?GetModuleFileNameU@@YGKPAUHINSTANCE__@@PADK@Z
?GetModuleHandleU@@YGPAUHINSTANCE__@@PBD@Z
?GetPrivateProfileIntU@@YGIPBD0H0@Z
?GetPrivateProfileSectionNamesU@@YGKPADKPBD@Z
?GetPrivateProfileSectionU@@YGKPBDPADK0@Z
?GetPrivateProfileStringU@@YGKPBD00PADK0@Z
?GetShortPathNameU@@YGKPBDPADK@Z
?GetSystemDirectoryU@@YGIPADI@Z
?GetTempFileNameU@@YGIPBD0IPAD@Z
?GetTempPathU@@YGKKPAD@Z
?GetTimeFormatU@@YGHKKPBU_SYSTEMTIME@@PBDPADH@Z
?GetUserNameU@@YGHPADPAK@Z
?GetUtf16Size@CInOutUtf8String@@QBEIXZ
?GetVolumeInformationU@@YGHPBDPADKPAK221K@Z
?GetWindowsDirectoryU@@YGIPADI@Z
?LoadLibraryExU@@YGPAUHINSTANCE__@@PBDPAXK@Z
?LoadLibraryU@@YGPAUHINSTANCE__@@PBD@Z
?LoadStringU@@YGHPAUHINSTANCE__@@IPADH@Z
?LoadWindowsLibrary@WinUtf8@@YA?AVHMODULE@1@PBD@Z
?MessageBoxU@@YGHPAUHWND__@@PBD1I@Z
?MoveFileExU@@YGHPBD0K@Z
?MoveFileU@@YGHPBD0@Z
?MultiByteToWideChar@WinUtf8@@YGHIKPBVCodePagedChar@@HPA_WH@Z
?OpenFileMappingU@@YGPAXKHPBD@Z
?OpenSemaphoreU@@YGPAXKHPBD@Z
?OutputDebugStringU@@YGXPBD@Z
?RegConnectRegistryU@@YGJPBDPAUHKEY__@@PAPAU1@@Z
?RegCreateKeyExU@@YGJPAUHKEY__@@PBDKPADKKQAU_SECURITY_ATTRIBUTES@@PAPAU1@PAK@Z
?RegCreateKeyU@@YGJPAUHKEY__@@PBDPAPAU1@@Z
?RegDeleteKeyU@@YGJPAUHKEY__@@PBD@Z
?RegDeleteValueU@@YGJPAUHKEY__@@PBD@Z
?RegEnumKeyExU@@YGJPAUHKEY__@@KPADPAK212PAU_FILETIME@@@Z
?RegEnumKeyU@@YGJPAUHKEY__@@KPADK@Z
?RegEnumValueU@@YGJPAUHKEY__@@KPADPAK22PAE2@Z
?RegOpenKeyExU@@YGJPAUHKEY__@@PBDKKPAPAU1@@Z
?RegOpenKeyU@@YGJPAUHKEY__@@PBDPAPAU1@@Z
?RegQueryInfoKeyU@@YGJPAUHKEY__@@PADPAK22222222PAU_FILETIME@@@Z
?RegQueryValueExU@@YGJPAUHKEY__@@PBDPAK2PAE2@Z
?RegSetValueExU@@YGJPAUHKEY__@@PBDKKPBEK@Z
?RegisterClassExU@@YGGPBU_WNDCLASSEXU@@@Z
?RegisterEventSourceU@@YGPAXPBD0@Z
?RemoveDirectoryU@@YGHPBD@Z
?ReportEventU@@YGHPAXGGK0GKPAPBD0@Z
?SHFileOperationU@@YGHPAU_SHFILEOPSTRUCTU@@@Z
?SHGetFolderPathU@@YGJPAUHWND__@@HPAXKPAD@Z
?SHGetPathFromIDListU@@YGHPBU_ITEMIDLIST@@PAD@Z
?SetCurrentDirectoryU@@YGHPBD@Z
?SetEnvironmentVariableU@@YGHPBD0@Z
?SetFileAttributesU@@YGHPBDK@Z
?ShellExecuteExU@@YGHPAU_SHELLEXECUTEINFOU@@@Z
?TextOutU@@YGHPAUHDC__@@HHPBDH@Z
?Utf16ToUtf8@WinUtf8@@YAHPB_WHPADH@Z
?Utf8ToUtf16@WinUtf8@@YAHPBDHPA_WH@Z
?VerQueryValueU@@YGHPBXPBDPAPAXPAI@Z
?WideCharToMultiByte@WinUtf8@@YGHIKPB_WHPAVCodePagedChar@@HPBV2@PAH@Z
?WritePrivateProfileSectionU@@YGHPBD00@Z
?WritePrivateProfileStringU@@YGHPBD000@Z
?get@CInUtf8String@@QBEPBDXZ
?getUtf8Size@CInUtf8String@@QAEHXZ
?lstrcmpU@@YGHPBD0@Z
?lstrcmpiU@@YGHPBD0@Z

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

865bf47de4d130d2b91414452f05b379

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

advapi32

crypt32

ole32

shell32

version

ws2_32

gdi32

netapi32

bcrypt

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 576KB - Virtual size: 575KB

.data Size: 34KB - Virtual size: 51KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 81KB - Virtual size: 80KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 576KB - Virtual size: 575KB

.data
Size: 34KB - Virtual size: 51KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 81KB - Virtual size: 80KB