5114474b47200f0e18531c4d5c5fb03152d4c8cc2e4edbe51066755041435f9a

Sharing

Copy URL

Twitter E-mail

General

Target

5114474b47200f0e18531c4d5c5fb03152d4c8cc2e4edbe51066755041435f9a
Size

617KB
MD5

b768553773ff604911eb16a00493ad28
SHA1

1fc324d139ce2cb3260c110379d720e3c17f84b2
SHA256

5114474b47200f0e18531c4d5c5fb03152d4c8cc2e4edbe51066755041435f9a
SHA512

06b38ed906d9145f8475685e3fd04780b4668f5a4e2ec08d370f27cd43481fa55a9e3466d6a9f1e7945dc2bbb3edc18a738c642c6400ba5c682a60751cd7d827
SSDEEP

12288:bgdiOT1X3qv96CqjSZy+56EGZai7dnBD0FJo8F9w0GfoH/fzvitbDT7BjvrEH7T:bgdiODSZyKs/b0flFFGAHjv+ZrEH7T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5114474b47200f0e18531c4d5c5fb03152d4c8cc2e4edbe51066755041435f9a

Files

5114474b47200f0e18531c4d5c5fb03152d4c8cc2e4edbe51066755041435f9a
.dll regsvr32 windows:5 windows x86 arch:x86

0f0050f6da981543b5f00c7fe6774864

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

s:\mars\morpheus\mars\2.8\exe\Release\hpqusg.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetGetConnectedState
InternetGetCookieA

kernel32

InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
WriteFile
Sleep
CreateFileA
ReadFile
GetFileSize
GetFileAttributesA
FreeLibrary
GetLocaleInfoA
LoadLibraryA
GetCurrentProcess
GetVersionExA
GetExitCodeProcess
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeThread
CreateProcessA
WritePrivateProfileStringA
MoveFileA
FindClose
FindFirstFileA
RemoveDirectoryA
DeleteFileA
MoveFileExA
GetSystemDefaultLCID
GetTimeZoneInformation
GetSystemInfo
GlobalMemoryStatus
lstrcpynA
FindCloseChangeNotification
FindFirstChangeNotificationA
FindNextFileA
GetSystemDirectoryA
GetStartupInfoA
GetFullPathNameA
GetPrivateProfileSectionA
DisableThreadLibraryCalls
GetEnvironmentVariableA
GetTempFileNameA
GetTempPathA
GetPrivateProfileSectionNamesA
FreeResource
LockResource
LoadResource
FindResourceExA
GetSystemDefaultLangID
VerLanguageNameA
IsDBCSLeadByte
GetCurrentThreadId
InitializeCriticalSection
GetCurrentDirectoryA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetStringTypeW
GetStringTypeA
CompareStringW
CompareStringA
CopyFileA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableA
GetPrivateProfileStringA
CreateDirectoryA
GetModuleHandleA
CreateEventA
CreateThread
ResetEvent
GetLastError
SetEvent
LocalFree
GetPrivateProfileIntA
CreateMutexA
WaitForSingleObject
CloseHandle
ReleaseMutex
LCMapStringW
LCMapStringA
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetCommandLineA
VirtualQuery
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
GetProcessHeap
SetCurrentDirectoryA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime

user32

wsprintfA
MessageBoxA
SendMessageA
GetClassNameA
GetDesktopWindow
GetWindow
UnregisterClassA
WaitForInputIdle
SetTimer
GetMessageA
LoadIconA
DestroyIcon
DestroyWindow
KillTimer
PostMessageA
GetDC
ReleaseDC
PeekMessageA
TranslateMessage
DispatchMessageA
CharNextW
RegisterClassExA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA

gdi32

GetDeviceCaps

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetCurrentHwProfileA
RegOpenKeyExA
RegEnumValueA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetNamedSecurityInfoA
RegDeleteKeyA
RegEnumKeyA
RegDeleteValueA
GetNamedSecurityInfoA
RegCreateKeyExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHFileOperationA
SHChangeNotify
SHGetMalloc

ole32

CoCreateGuid
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysReAllocString

atl90

ord23
ord61
ord68
ord56
ord49
ord15
ord32
ord58
ord31
ord64

shlwapi

PathFileExistsA
SHDeleteKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f0050f6da981543b5f00c7fe6774864

Headers

File Characteristics

PDB Paths

Imports

version

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl90

shlwapi

Exports

Exports

Sections

.text Size: 382KB - Virtual size: 382KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 31KB - Virtual size: 38KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 382KB - Virtual size: 382KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 31KB - Virtual size: 38KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 20KB - Virtual size: 19KB