6d73962af115e3604371c6410267ed18ad561deb75eb7de1d949d5c7205579f0N

Sharing

Copy URL

Twitter E-mail

General

Target

6d73962af115e3604371c6410267ed18ad561deb75eb7de1d949d5c7205579f0N
Size

1.2MB
MD5

1b3fdfe818d5143dd47d816920842590
SHA1

5f2d6b0564ac5686391067cbaaa0043eb05c3da0
SHA256

6d73962af115e3604371c6410267ed18ad561deb75eb7de1d949d5c7205579f0
SHA512

eaa6919a8d8c343a6fe9c91a5a666c36b0a3cadca3151bdb0cd134cae56ae032a2fd00ba1b868dc23e32597e8ce4c16b46511c0b41137843392f8b8ea8b02150
SSDEEP

12288:JhTp0oc4UBDCnAqF9izp2PX4NkOTxFp0jjk/PUt8nkJAZ01XxibWoRLMhO1Hmayx:JhTp0oc4xCTFpdPUt8kDXgiwok8qzI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d73962af115e3604371c6410267ed18ad561deb75eb7de1d949d5c7205579f0N

Files

6d73962af115e3604371c6410267ed18ad561deb75eb7de1d949d5c7205579f0N
.exe windows:4 windows x86 arch:x86

97f056a0be972f8a0cfea8f38826743d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\LocalSvnForDailyBuild\lonely_tr\bin\tr_release\Easymetin2.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

ioctlsocket
ntohs
send
WSACleanup
recv
inet_ntoa
WSAGetLastError
bind
shutdown
WSAStartup
socket
__WSAFDIsSet
listen
inet_addr
htons
closesocket
htonl
accept
gethostbyaddr
gethostbyname
sendto
select
connect

kernel32

EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetModuleHandleA
GetVersionExW
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GlobalFlags
GlobalReAlloc
GlobalHandle
LocalReAlloc
InterlockedIncrement
GetThreadLocale
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
lstrcmpA
GetFileAttributesW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetFileAttributesA
ExitProcess
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
MoveFileA
DeleteFileA
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapSize
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAlloc
LocalFree
MulDiv
lstrlenW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetModuleHandleW
GetVersionExA
lstrcpyA
lstrcatA
lstrlenA
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileMappingA
Sleep
FindResourceExW
GetProcessVersion
GetCurrentProcessId
VirtualQueryEx
CreateFileA
GetCurrentThread
GetThreadContext
VirtualQuery
GetModuleFileNameA
OutputDebugStringA
InterlockedDecrement
ReadFile
GetExitCodeProcess
WaitForSingleObject
CreateThread
GetStartupInfoW
WideCharToMultiByte
GetACP
FormatMessageW
GetProcAddress
FreeLibrary
LoadLibraryW
GetPrivateProfileStringA
Process32FirstW
CreateProcessW
OutputDebugStringW
GetTickCount
ResumeThread
GetPrivateProfileIntW
MultiByteToWideChar
Process32NextW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateToolhelp32Snapshot
GlobalAddAtomW
GlobalFindAtomW
TerminateProcess
GetCurrentProcess
GetModuleFileNameW
LoadLibraryA
SizeofResource
LoadResource
FindResourceW
LockResource
UnmapViewOfFile
MapViewOfFile
SetLastError
CloseHandle
GetLastError
CreateFileMappingW
InterlockedCompareExchange

user32

ClientToScreen
GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
LoadCursorW
CharUpperW
UnregisterClassW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
DestroyMenu
MoveWindow
IsDialogMessageW
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetFocus
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GrayStringW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
KillTimer
SetWindowTextW
GetWindowThreadProcessId
EnumWindows
MessageBoxA
GetKeyState
PostMessageW
GetWindowRect
GetMenuItemCount
GetWindowLongW
SetWindowLongW
DrawAnimatedRects
SetPropW
LoadImageW
FindWindowW
GetClassNameW
EnumChildWindows
SetWindowPos
RegisterHotKey
RemovePropW
GetLayeredWindowAttributes
SetLayeredWindowAttributes
LoadIconW
GetSystemMetrics
GetClientRect
GetWindow
ShowWindow
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
GetWindowTextW
GetDesktopWindow
ValidateRect
PostQuitMessage
SetCursor
ReleaseDC
GetDlgItem
GetDC
MessageBoxW
IsIconic
SetForegroundWindow
GetPropW
IsWindow
UnregisterHotKey
SendMessageW
IsWindowVisible
AppendMenuW
SetTimer
CreatePopupMenu
EnableWindow
GetCursorPos
UnregisterClassA
GetDlgCtrlID

gdi32

SetMapMode
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
PtVisible
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
RestoreDC
SaveDC
CreateRectRgnIndirect
GetDeviceCaps
ExtTextOutW
GetObjectW
SetBkColor
TextOutW
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
RectVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegQueryValueExA
RegOpenKeyW
ReportEventA
RegisterEventSourceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
RegOpenKeyExA

shell32

ShellExecuteW
SHFileOperationA
Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

StrStrW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
StrCpyW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
StgOpenStorageEx
StgCreateDocfile
CLSIDFromProgID
OleIsCurrentClipboard
CoDisconnectObject
CLSIDFromString

oleaut32

SysFreeString
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
SysStringLen
SystemTimeToVariantTime
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
VariantInit
SysAllocStringLen
SafeArrayCreate
SafeArrayDestroy
OleCreateFontIndirect
LoadTypeLi
SysAllocString

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable

dbghelp

SymLoadModule
SymFunctionTableAccess
StackWalk
SymInitialize
SymGetModuleInfo
SymGetSymFromAddr
SymGetLineFromAddr

Sections

.text
Size: 948KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97f056a0be972f8a0cfea8f38826743d

Headers

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

dbghelp

Sections

.text Size: 948KB - Virtual size: 944KB

.rdata Size: 184KB - Virtual size: 180KB

.data Size: 52KB - Virtual size: 121KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 948KB - Virtual size: 944KB

.rdata
Size: 184KB - Virtual size: 180KB

.data
Size: 52KB - Virtual size: 121KB

.rsrc
Size: 40KB - Virtual size: 39KB