a8fab9da3efbdfabb3aa81eed7d5a4b79bc6d9807a0b3c2cba47ffb864ec465bN

Sharing

Copy URL Twitter E-mail

General

Target

a8fab9da3efbdfabb3aa81eed7d5a4b79bc6d9807a0b3c2cba47ffb864ec465bN
Size

336KB
MD5

43cac94a3e76bfb552cd1f02d39f3f20
SHA1

0918607ff1a319cdbd90086676ca66b8878a3748
SHA256

a8fab9da3efbdfabb3aa81eed7d5a4b79bc6d9807a0b3c2cba47ffb864ec465b
SHA512

d71f2d1611d5378e2122917a1d33854873fc2a28a87ee01cc90743aa79af5241a0f9ee5003bb696716267c988df72ea54ac03e7854c280526f29a26a58d3166f
SSDEEP

6144:QBzuyE0BBAiAcmYeJtHJ2gUdOiutwhj/XBD6Y:IzuOB1AcmdJtHnDtwhzsY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8fab9da3efbdfabb3aa81eed7d5a4b79bc6d9807a0b3c2cba47ffb864ec465bN

Files

a8fab9da3efbdfabb3aa81eed7d5a4b79bc6d9807a0b3c2cba47ffb864ec465bN
.exe windows:5 windows x86 arch:x86

9b52d0f49441d3ceb6a53ff3f5451db5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\trayapp\TrayApp\Release\hpqtra08.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

InitCommonControlsEx

kernel32

LoadLibraryExA
GetModuleHandleA
ExitProcess
OpenProcess
GetCommandLineA
GetShortPathNameA
LocalFree
LocalAlloc
GetVersion
GetPrivateProfileIntA
MulDiv
WriteFile
SetFilePointer
CreateFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
FormatMessageA
LocalReAlloc
LocalSize
LocalUnlock
LocalLock
lstrcpynA
LoadLibraryA
SetErrorMode
IsDBCSLeadByte
GetFileAttributesA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileSectionNamesA
ReleaseMutex
WaitForSingleObject
CreateMutexA
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
InterlockedIncrement
GetCurrentThread
lstrcmpiA
InterlockedDecrement
GetLastError
Sleep
DeleteFileA
SetEvent
SetLastError
GetSystemPowerStatus
InterlockedCompareExchange
CreateProcessA
GetCurrentThreadId
FreeLibrary
GetProcAddress
lstrcpyA
GetCurrentProcess
FlushInstructionCache
FindResourceA
LoadResource
LockResource
SizeofResource
RaiseException
InterlockedExchange
OutputDebugStringA
GetTickCount
CreateEventA
CloseHandle
ResetEvent
lstrlenA
GlobalAddAtomA
GlobalDeleteAtom
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateDirectoryA

user32

UnregisterClassA
RegisterClassA
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
IsIconic
MsgWaitForMultipleObjects
PostQuitMessage
TranslateMessage
PeekMessageA
GetDC
ReleaseDC
SystemParametersInfoA
SetRect
IsWindowEnabled
EnableWindow
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
CallWindowProcA
FindWindowA
GetWindowThreadProcessId
MessageBoxA
LoadStringA
CharNextW
CharNextA
GetMessageA
DispatchMessageA
UnregisterDeviceNotification
RegisterDeviceNotificationA
PostMessageA
CreateDialogParamA
DialogBoxParamA
PostThreadMessageA
CreateWindowExA
LoadMenuA
DestroyMenu
RegisterClassExA
MessageBeep
DestroyWindow
LoadCursorA
GetClassInfoExA
SetFocus
KillTimer
SetTimer
BringWindowToTop
SetWindowLongA
IsWindow
RegisterWindowMessageA
EndDialog
GetSystemMetrics
LoadImageA
DefWindowProcA
wsprintfA
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
ShowWindow
ScreenToClient
GetClientRect
GetWindowRect
MoveWindow
SendMessageA
GetWindowLongA

gdi32

GetStockObject
SelectObject
GetTextMetricsA
GetDeviceCaps
GetObjectA
CreateFontIndirectA

advapi32

RegSetValueExA
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenThreadToken
OpenProcessToken
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegQueryInfoKeyA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CreateServiceA
DeleteService
ControlService
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CopySid
GetLengthSid
IsValidSid
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
RegEnumKeyExA

ole32

CreateBindCtx
MkParseDisplayName
GetRunningObjectTable
CoInitializeSecurity
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject
ProgIDFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitialize
CoCreateInstance
CoGetInstanceFromFile
CreateFileMoniker
CoRevokeClassObject

oleaut32

VariantClear
SysFreeString
VarBstrCat
SysStringLen
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VariantInit
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
DispCallFunc
SetErrorInfo
CreateErrorInfo
GetErrorInfo

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

msvcr90

_purecall
_CxxThrowException
__CxxFrameHandler3
_mbsstr
??3@YAXPAX@Z
??_V@YAXPAX@Z
memset
??2@YAPAXI@Z
atol
free
strlen
_adjust_fdiv
_endthreadex
_beginthreadex
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memcpy_s
sprintf_s
_recalloc
__p__commode
malloc
_resetstkoflw
memcmp
_wcsicmp
_mbsnbcpy_s
strcpy_s
wcsncpy_s
strcat_s
puts
vsprintf_s
calloc
_itoa_s
_mbschr
wcscpy_s
toupper
iswctype
isxdigit
_ltoa_s
atoi
_getcwd
_chdir
_chdrive
isdigit
memmove_s
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_mbsicmp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b52d0f49441d3ceb6a53ff3f5451db5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 123KB - Virtual size: 124KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 123KB - Virtual size: 124KB