1ece23565ef62e969f1674950326470f93c6d2e767bb58e51ecdcb1031776471

Sharing

Copy URL Twitter E-mail

General

Target

1ece23565ef62e969f1674950326470f93c6d2e767bb58e51ecdcb1031776471
Size

1.1MB
MD5

d31c6ae796e1932540f93d92974556a6
SHA1

7a0908dc263ae7d0c033bd8336d9d957b5241510
SHA256

1ece23565ef62e969f1674950326470f93c6d2e767bb58e51ecdcb1031776471
SHA512

5616300975ca9c589a4c6d4f65c6c16756544dfece87e87fcff7ec8b9b4eb0ade7f1485158c27a9715e4c5525149c0e5c7860645cc6a8e6f0a8effa04c3b0d32
SSDEEP

24576:y5cyiKwL6wE0XhaARDpJ1VL2M9xk9cyKhJ:yLwLc2hL9d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ece23565ef62e969f1674950326470f93c6d2e767bb58e51ecdcb1031776471

Files

1ece23565ef62e969f1674950326470f93c6d2e767bb58e51ecdcb1031776471
.exe windows:6 windows x64 arch:x64

639a4c39c737d7ffc17e8c5c595f62b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\gps_20020224\wss\program\Gpsadj_2015\SthtoRinex40\Release\SthtoRinex.pdb

Imports

mfc140

ord12913
ord13603
ord13275
ord13667
ord8534
ord13664
ord12643
ord13679
ord13675
ord12646
ord5031
ord878
ord1367
ord6533
ord3138
ord3258
ord1381
ord4502
ord8128
ord1051
ord1155
ord6590
ord981
ord6101
ord14208
ord6102
ord14209
ord6100
ord14207
ord7688
ord12160
ord14007
ord11614
ord11615
ord2004
ord7637
ord12571
ord3941
ord4002
ord9049
ord14133
ord7619
ord14135
ord12170
ord12171
ord2437
ord12909
ord5167
ord7989
ord4436
ord12490
ord12552
ord10079
ord11877
ord8050
ord1446
ord7363
ord8131
ord2173
ord4714
ord3689
ord3590
ord3588
ord3587
ord4326
ord14047
ord6264
ord10680
ord6230
ord3051
ord4069
ord8779
ord6321
ord3091
ord6749
ord4074
ord8404
ord2902
ord3740
ord14113
ord2687
ord8784
ord5653
ord2142
ord2143
ord2182
ord3677
ord3571
ord2905
ord365
ord11668
ord1057
ord12717
ord12207
ord12187
ord13348
ord12882
ord6261
ord3092
ord8788
ord1421
ord4086
ord3157
ord6565
ord7204
ord11761
ord5980
ord13327
ord2695
ord8863
ord11802
ord1087
ord8693
ord10657
ord11037
ord10117
ord3943
ord446
ord3299
ord3300
ord3066
ord6822
ord13784
ord3591
ord8435
ord1980
ord5752
ord7220
ord8785
ord1156
ord4075
ord7588
ord12954
ord4994
ord6702
ord5452
ord5588
ord13242
ord5622
ord13240
ord5610
ord6322
ord3073
ord11544
ord10075
ord11274
ord13876
ord6698
ord4348
ord2512
ord1147
ord4713
ord3086
ord3085
ord3084
ord528
ord1053
ord361
ord12692
ord4490
ord4710
ord6226
ord2207
ord12241
ord1331
ord12267
ord12237
ord1976
ord812
ord1389
ord4559
ord4507
ord12269
ord12240
ord1978
ord12306
ord917
ord1425
ord12878
ord962
ord8417
ord1674
ord8783
ord1138
ord4073
ord3242
ord3077
ord6303
ord2264
ord1084
ord8029
ord8465
ord12706
ord12708
ord12492
ord12577
ord438
ord3817
ord2471
ord6544
ord357
ord6229
ord886
ord6527
ord3748
ord2473
ord6299
ord4463
ord4628
ord1109
ord6282
ord8792
ord12652
ord2781
ord8471
ord13689
ord1448
ord983
ord12709
ord8781
ord1055
ord3738
ord2901
ord8403
ord4072
ord3053
ord6237
ord5896
ord7364
ord5982
ord13331
ord3205
ord3202
ord9903
ord7881
ord2696
ord14279
ord9933
ord9935
ord9934
ord9932
ord9936
ord5435
ord11365
ord11366
ord11719
ord3710
ord3705
ord11575
ord14128
ord8618
ord11850
ord6703
ord10554
ord10644
ord8909
ord3166
ord13438
ord11892
ord11888
ord1695
ord1717
ord1743
ord1729
ord1750
ord4765
ord4832
ord4777
ord4795
ord4789
ord4783
ord4842
ord4826
ord4771
ord4848
ord4803
ord4741
ord4756
ord4817
ord4351
ord5566
ord9343
ord4343
ord2962
ord14136
ord7620
ord14134
ord6607
ord13135
ord11357
ord13284
ord5704
ord7519
ord5221
ord2627
ord11754
ord3804
ord3270
ord3271
ord3165
ord11798
ord4715
ord988
ord4711
ord1426
ord1982
ord963
ord2177
ord2175
ord3723
ord1449
ord5687
ord11869
ord11878
ord4438
ord7888
ord10080
ord11881
ord11849
ord12553
ord986
ord7152
ord5064
ord5347
ord5536
ord9001
ord5323
ord5539
ord5067
ord5213
ord5049
ord7198
ord7430
ord7431
ord7420
ord5211
ord7890
ord9898
ord8862
ord4568
ord4551
ord2797
ord7856
ord5366
ord1120
ord491
ord12547
ord8418
ord8381
ord4503
ord12391
ord5691
ord305
ord2917
ord13872
ord12189
ord5656
ord4938
ord8025
ord13949
ord2899
ord1504
ord2344
ord6070
ord4686
ord3137
ord14197
ord12035
ord14144
ord11978
ord300
ord6483
ord2338
ord2342
ord11882
ord12737
ord12120
ord2924
ord12720
ord12117
ord2808
ord1699
ord1416
ord10395
ord951
ord6560
ord13807
ord8825
ord8921
ord8543
ord10673
ord10951
ord10839
ord2456
ord12735
ord12118
ord2513
ord6668
ord4648
ord1507
ord1032
ord310
ord316
ord7862
ord1639
ord266
ord265
ord1485
ord1118
ord2796
ord14146
ord11594
ord488
ord4937
ord10026
ord1487
ord1676
ord2368

kernel32

GetCurrentThreadId
GetNativeSystemInfo
GetModuleFileNameA
GetModuleHandleA
LoadResource
SizeofResource
FindResourceA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVolumeInformationA
SystemTimeToFileTime
lstrcpyA
GetSystemTime
GetStdHandle
GetCurrentDirectoryA
AllocConsole
GetPrivateProfileIntA
GetSystemDefaultLangID
K32GetProcessMemoryInfo
GlobalFree
OutputDebugStringA
SetLastError
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleExW
SetEvent
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
WriteFile
DeleteFileA
GetStartupInfoA
LoadLibraryA
lstrlenA
GetProcAddress
FreeLibrary
GetSystemFirmwareTable
GetWindowsDirectoryA
CreateProcessA
DeviceIoControl
CreatePipe
ReadFile
CreateFileA
CreateEventA
CloseHandle
FormatMessageA
LocalFree
Sleep
VirtualFree
VirtualAlloc
GetLocalTime
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
DecodePointer
QueryActCtxW
WaitForSingleObject
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
LoadLibraryW
OutputDebugStringW

user32

GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
UpdateWindow
GetDC
ReleaseDC
ScreenToClient
MapWindowPoints
DrawFocusRect
OffsetRect
PtInRect
GetFocus
GetMessagePos
DrawFrameControl
CopyRect
FillRect
GetSysColor
MessageBoxA
UnregisterClassA
GetWindowRect
DrawTextExA
GrayStringA
TabbedTextOutA
SetRect
GetWindow
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
LoadIconW
GetParent
InvalidateRect
DrawTextA
GetClientRect
EnableWindow
PostMessageA
DispatchMessageA
TranslateMessage
KillTimer
GetKeyState
SetTimer
PostThreadMessageA
SendMessageA
wsprintfA

gdi32

GetTextMetricsA
TextOutA
RectVisible
PtVisible
Escape
BitBlt
ExtTextOutA
GetTextExtentPoint32A
Rectangle
CreateSolidBrush
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragEnter
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageCount
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Copy

ole32

CoInitialize

oleaut32

SysFreeString

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

ws2_32

WSAAddressToStringA
inet_ntop
shutdown
setsockopt
freeaddrinfo
getaddrinfo
WSASetLastError
accept
bind
closesocket
connect
getpeername
getsockname
htons
listen
recv
recvfrom
select
send
sendto
socket
gethostbyaddr
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
htonl
inet_ntoa
ntohs

iphlpapi

GetAdaptersInfo

vcruntime140

__std_type_info_destroy_list
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
_local_unwind
memcmp
memset
_CxxThrowException
memchr
_purecall
memcpy
__CxxFrameHandler3
strstr
memmove
__std_terminate
strchr

api-ms-win-crt-stdio-l1-1-0

fseek
fclose
_open_osfhandle
setvbuf
freopen
_getcwd
__acrt_iob_func
fread
__stdio_common_vsprintf
fopen
fgets
feof
fopen_s
ftell
__p__commode
fwrite
__stdio_common_vsprintf_s
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-heap-l1-1-0

free
_recalloc
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

ceil
_fdopen
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_get_narrow_winmain_command_line
_errno
_invalid_parameter_noinfo
_initterm_e
_exit
_configure_narrow_argv
_seh_filter_dll
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_initialize_narrow_environment
_set_app_type
__p___argc
__p___argv
system
_invalid_parameter_noinfo_noreturn
terminate
exit

api-ms-win-crt-string-l1-1-0

isalnum
isspace
strcat_s
isprint
strnlen
strncmp
tolower
_strupr_s
strcmp
strncpy_s
_strupr
strncpy
_stricmp
isdigit
toupper
strcpy_s
strtok

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul
atof
atol

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s

api-ms-win-crt-filesystem-l1-1-0

_splitpath
_findnext64i32
_mkdir
_rmdir
_makepath_s
_findfirst64i32
_findclose
_chdrive
_chdir
_makepath

api-ms-win-crt-utility-l1-1-0

ldiv
qsort

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

639a4c39c737d7ffc17e8c5c595f62b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp140

ws2_32

iphlpapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 329KB - Virtual size: 328KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 19KB - Virtual size: 19KB

.gfids Size: 512B - Virtual size: 84B

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 614KB - Virtual size: 613KB

.text
Size: 329KB - Virtual size: 328KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 19KB - Virtual size: 19KB

.gfids
Size: 512B - Virtual size: 84B

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 614KB - Virtual size: 613KB