b08f47a0d26076526e679da868db38a0c4da77c2aaa25c4c5275687c4a660d02

Sharing

Copy URL Twitter E-mail

General

Target

b08f47a0d26076526e679da868db38a0c4da77c2aaa25c4c5275687c4a660d02
Size

285KB
MD5

f5d4d3ca5cf4fbaac6bd9e569e8827fc
SHA1

c7f2baccadcfb8d409900ec434ad329291f7a5bb
SHA256

b08f47a0d26076526e679da868db38a0c4da77c2aaa25c4c5275687c4a660d02
SHA512

fc5fb0897ae3c6a547faf196456bbf3d35b0bd8dbb12aed8126b9f8b41456677a81ee96c43c14a0b165739cbaed2f86451c5c8d1994d99fc69216235e47f138f
SSDEEP

6144:xgXZXO5XZu4duzIu3F/p/uwONct43j92U+0:IXO5Ju4OB9pGHNu4B2U

Score

N/A

Malware Config

Signatures

Files

b08f47a0d26076526e679da868db38a0c4da77c2aaa25c4c5275687c4a660d02
.exe windows x64

6cae590c8d3e57b04f508332c84aeddf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140ud

ord3799
ord3802
ord15773
ord7307
ord3663
ord5807
ord5808
ord7189
ord14165
ord6988
ord15705
ord15715
ord6993
ord15713
ord6992
ord3034
ord5226
ord12991
ord10278
ord10827
ord1244
ord9554
ord10682
ord13374
ord6282
ord4356
ord5331
ord10707
ord13688
ord13056
ord11892
ord8403
ord592
ord3680
ord8948
ord2911
ord4918
ord13714
ord9795
ord4459
ord13791
ord2024
ord13376
ord7016
ord13381
ord4346
ord8741
ord4460
ord2023
ord5102
ord4538
ord7015
ord10776
ord8406
ord595
ord3773
ord9078
ord2912
ord4919
ord13716
ord9796
ord10828
ord13793
ord13383
ord10685
ord13377
ord4358
ord5809
ord15716
ord15714
ord4347
ord10709
ord5100
ord1048
ord15593
ord1557
ord1066
ord9883
ord1570
ord11631
ord11634
ord11638
ord8880
ord8722
ord1163
ord10678
ord11737
ord6762
ord13732
ord6989
ord15708
ord16739
ord16370
ord3035
ord5227
ord4350
ord13696
ord9555
ord3652
ord3651
ord3914
ord3913
ord4611
ord11965
ord12957
ord12559
ord10501
ord1201
ord2874
ord4872
ord10679
ord3242
ord15769
ord7305
ord13739
ord13830
ord13880
ord9564
ord13862
ord6962
ord4365
ord390
ord1170
ord7998
ord1083
ord9869
ord15965
ord15090
ord7477
ord16846
ord7478
ord16847
ord16917
ord16845
ord9287
ord14245
ord16636
ord2114
ord13567
ord13568
ord2356
ord13615
ord13869
ord9236
ord14760
ord4609
ord4671
ord10873
ord16773
ord9215
ord16767
ord14255
ord14256
ord2839
ord6272
ord9693
ord5186
ord9284
ord5333
ord14674
ord14741
ord11926
ord13870
ord11742
ord1584
ord2970
ord4988
ord9877
ord856
ord2651
ord2658
ord2673
ord2536
ord1203
ord7671
ord481
ord13784
ord10705
ord8728
ord1623
ord2497
ord4362
ord9677
ord8349
ord500
ord16166
ord15860
ord3340
ord9606
ord15734
ord6551
ord7278
ord10545
ord4375
ord12518
ord12568
ord12826
ord10666
ord14589
ord6516
ord14361
ord12811
ord9791
ord8884
ord3327
ord15254
ord3038
ord14122
ord14454
ord5446
ord10962
ord3194
ord14777
ord13701
ord4879
ord2881
ord1218
ord4657
ord4607
ord16684
ord6290
ord6281
ord11924
ord11738
ord12224
ord12686
ord12687
ord10838
ord13322
ord11458
ord10681
ord6764
ord11636
ord11637
ord8876
ord9575
ord10726
ord13831
ord8660
ord1078
ord4649
ord9669
ord12835
ord12838
ord10987
ord11002
ord10992
ord11465
ord11470
ord11004
ord12666
ord12001
ord10382
ord10372
ord13325
ord12694
ord11529
ord1579
ord4987
ord2969
ord3159
ord8019
ord10695
ord13731
ord13695
ord11773
ord11775
ord11774
ord11772
ord11776
ord6607
ord13302
ord13303
ord10606
ord13522
ord16766
ord10424
ord4592
ord8183
ord12545
ord3757
ord15915
ord13892
ord13888
ord1956
ord1978
ord2004
ord1990
ord2011
ord5710
ord5777
ord5722
ord5740
ord5734
ord5728
ord5787
ord5771
ord5716
ord5793
ord5748
ord5686
ord5701
ord5762
ord5239
ord6789
ord11172
ord5225
ord3540
ord16768
ord9216
ord16774
ord8020
ord13294
ord3160
ord3876
ord3877
ord3756
ord13779
ord6110
ord6501
ord6759
ord10825
ord6469
ord6113
ord6331
ord6092
ord9776
ord3243
ord8978
ord8979
ord8968
ord6329
ord9568
ord14982
ord1640
ord1630
ord1638
ord8738
ord7476
ord2581
ord1631
ord2764

kernel32

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
RaiseException
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DecodePointer
SetLastError
HeapSize
OutputDebugStringW
DeleteCriticalSection
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeLibrary
VirtualQuery
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetLastError

user32

UnregisterClassW
PostQuitMessage
PeekMessageW

gdi32

DeleteDC

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

vcruntime140d

_purecall
__CxxFrameHandler3
__C_specific_handler
__vcrt_InitializeCriticalSectionEx
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove
memset

ucrtbased

__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
free
malloc
_CrtDbgReportW
_CrtDbgReport
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
wcslen
wcscpy_s
__stdio_common_vswprintf

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 391B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cae590c8d3e57b04f508332c84aeddf

Headers

DLL Characteristics

File Characteristics

Imports

mfc140ud

kernel32

user32

gdi32

comctl32

oleaut32

gdiplus

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 2KB - Virtual size: 14KB

.pdata Size: 14KB - Virtual size: 13KB

.idata Size: 13KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 391B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 95KB - Virtual size: 95KB

.reloc Size: 4KB - Virtual size: 3KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 2KB - Virtual size: 14KB

.pdata
Size: 14KB - Virtual size: 13KB

.idata
Size: 13KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 391B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 95KB - Virtual size: 95KB

.reloc
Size: 4KB - Virtual size: 3KB