7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016aN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016aN.exe
Size

319KB
MD5

db7742f24bd25fbe716ac0b850e15f90
SHA1

3d8850ea96fea02e2fbf8e9f4ee3107cce9ae50c
SHA256

7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016a
SHA512

74db47dfec60e38642b68f843596402cb83ccda6174cc9a2260ecdbab1ed6c2d2617e04f012d32eb1308eaa2edc6d287150bd383de195f8dbee1f420bb84088a
SSDEEP

6144:EHs/3ZcqyeJVOtCJQWYONOQVdSPh17rCNWzfTq877Aaq8Pg:EHsPZcqyeJn3SPr7eNWz7q83AapPg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016aN.exe

Files

7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016aN.exe
.dll regsvr32 windows:5 windows x86 arch:x86

2de63283063c56b33b6c5091ee17b0b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\ami\bin\releaseU\PictorialIndex.pdb

Imports

mfc90u

ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6795
ord5512
ord2072
ord5602
ord4664
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord2741
ord4816
ord3288
ord2183
ord5304
ord5317
ord4672
ord4882
ord4665
ord5042
ord5045
ord5043
ord4606
ord4611
ord4623
ord4860
ord5394
ord4921
ord4922
ord4939
ord5087
ord4604
ord4932
ord4947
ord5355
ord4986
ord4938
ord4960
ord4961
ord4962
ord5234
ord5235
ord4953
ord5264
ord5259
ord5254
ord5313
ord4871
ord4795
ord4826
ord5229
ord4940
ord5072
ord4956
ord4957
ord4384
ord5937
ord2790
ord2648
ord5005
ord5003
ord5499
ord4125
ord2740
ord5566
ord1532
ord1755
ord6340
ord5248
ord5169
ord5650
ord5970
ord4924
ord4983
ord4591
ord1003
ord5905
ord1408
ord2132
ord3433
ord3494
ord3131
ord5982
ord4822
ord636
ord1353
ord367
ord6098
ord3621
ord3486
ord2238
ord5278
ord5367
ord6200
ord5856
ord6579
ord5825
ord4722
ord6493
ord4306
ord965
ord2139
ord797
ord6577
ord595
ord3642
ord4910
ord3286
ord3140
ord6800
ord2074
ord1714
ord6386
ord5334
ord2597
ord767
ord3736
ord287
ord4044
ord3674
ord1222
ord744
ord6101
ord524
ord2143
ord4454
ord3231
ord2772
ord2984
ord3113
ord4729
ord3125
ord2775
ord2892
ord4349
ord4907
ord6133
ord471
ord4204
ord491
ord718
ord729
ord1207
ord1146
ord4016
ord2830
ord290
ord3874
ord3959
ord3961
ord3500
ord582
ord1250
ord784
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord2446
ord4347
ord4996
ord5680
ord5663
ord6018
ord4210
ord3115
ord3285
ord3596
ord589
ord794
ord1088
ord1092
ord1093
ord1210
ord321
ord1198
ord6777
ord571
ord6727
ord4543
ord6604
ord1599
ord266
ord3220
ord285
ord6630
ord1607
ord935
ord938
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord1792
ord1791
ord3685
ord1727
ord337
ord6096
ord613
ord811
ord2081
ord6789
ord3195
ord6790
ord4735
ord5828
ord2771
ord2983
ord3112
ord4728
ord2966
ord3135
ord2774
ord2893
ord2764
ord3235
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3609
ord499
ord736
ord4405
ord2106
ord2537
ord1183
ord2263
ord4541
ord4410
ord4512
ord2282
ord3577
ord1357
ord2596
ord286
ord6666
ord2130
ord1298
ord306
ord911
ord601
ord481
ord1420
ord2197
ord724
ord1137
ord1108
ord2517
ord3622
ord6091
ord6527
ord6095
ord1354
ord2470
ord280
ord3537
ord3543
ord4324
ord3185
ord799
ord296
ord2702
ord5851
ord4442
ord813
ord909
ord1193
ord605
ord1274
ord1241
ord1239
ord1264
ord1180
ord1233
ord2084
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord322
ord802
ord600
ord1796
ord801

msvcr90

memset
wcscpy_s
strcpy_s
floor
labs
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_CxxThrowException
__RTDynamicCast
_purecall
__CxxFrameHandler3
_ltow_s
_itow_s
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
wcslen
wcsstr
wcsncpy_s
_wtol
memcpy
_wtoi

kernel32

GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
LocalFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetVersionExA
GlobalLock
GlobalAlloc
GlobalUnlock
GetModuleFileNameW
lstrlenW
HeapFree
GetTickCount
GetProcessHeap

user32

GetMenuItemInfoW
ModifyMenuW
GetClientRect
EnableWindow
GetParent
IsWindowVisible
RegisterClipboardFormatW
EqualRect
CopyRect
SystemParametersInfoA
GetSystemMetrics
GetSysColor
InflateRect
SetRect
LoadMenuW
GetSubMenu
ClientToScreen
UpdateWindow
LoadCursorW
SetCursor
CheckMenuRadioItem
IntersectRect
IsWindow
InvalidateRect
PtInRect
OffsetRect
wsprintfW
GetMenuItemCount

gdi32

GetDeviceCaps
GetSystemPaletteEntries
CreatePalette
RealizePalette
CreateDIBSection
CreateCompatibleDC
BitBlt
GetTextMetricsW
StretchDIBits
Rectangle
CreatePen
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
CreateCompatibleBitmap

advapi32

RegCloseKey
RegOpenKeyW
RegSetValueW
RegCreateKeyW
RegSetValueExW

ole32

CoCreateInstance
StringFromGUID2
OleRun

oleaut32

SysAllocString
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
GetErrorInfo

msvcp90

?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?eof@?$char_traits@_W@std@@SAGXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?width@ios_base@std@@QAEHH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?rdbuf@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPAV?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2de63283063c56b33b6c5091ee17b0b2

Headers

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp90

Exports

Exports

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 18KB - Virtual size: 18KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 108KB - Virtual size: 108KB