24660539c795096a1f397a486e206e116e22e40988efe3f2a4069b27fc4f2c57

Sharing

Copy URL Twitter E-mail

General

Target

24660539c795096a1f397a486e206e116e22e40988efe3f2a4069b27fc4f2c57
Size

282KB
MD5

427f669bb62e9a362a3301e5a64bb33a
SHA1

5b56671fd0d7e193750762983672c5dec75a6d4e
SHA256

24660539c795096a1f397a486e206e116e22e40988efe3f2a4069b27fc4f2c57
SHA512

29c2fe8d3b5be9cf12b5ca5ac198e8bdb133cab6b5c582435a676325edc1ac76248ad4badaa8bd2b1965e260ad488c253a8fc265725fade0e4d72a966de79c27
SSDEEP

6144:4IlDgNYjJ5cxFcoHCHG9HF/p/uwONct43j92U:wNYjJ5cxx/9pGHNu4B2U

Score

N/A

Malware Config

Signatures

Files

24660539c795096a1f397a486e206e116e22e40988efe3f2a4069b27fc4f2c57
.exe windows x86

8b56c0d46bc83f2c787f1fc8edbb3f3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140d

ord4326
ord8952
ord12225
ord15821
ord9646
ord15600
ord306
ord16960
ord9824
ord963
ord1512
ord15206
ord8232
ord6208
ord4884
ord12844
ord269
ord8234
ord1671
ord1880
ord3582
ord7163
ord311
ord535
ord1251
ord4750
ord7631
ord1942
ord2870
ord6385
ord7898
ord2925
ord5026
ord10947
ord12005
ord6986
ord14046
ord3847
ord3966
ord3967
ord4586
ord13999
ord3217
ord7186
ord15975
ord13554
ord8244
ord17052
ord9455
ord17054
ord3628
ord5380
ord11437
ord5394
ord5928
ord5867
ord5852
ord5914
ord5959
ord2581
ord5937
ord5953
ord5894
ord5900
ord5906
ord5888
ord5943
ord5876
ord2027
ord2006
ord2020
ord1994
ord1972
ord14155
ord14159
ord16191
ord3848
ord10973
ord12807
ord8405
ord3086
ord5382
ord14051
ord10692
ord17046
ord13785
ord4467
ord13963
ord10874
ord4306
ord13562
ord6798
ord12039
ord12035
ord12037
ord12038
ord12036
ord17243
ord3309
ord9816
ord3890
ord3893
ord16040
ord7506
ord3744
ord3745
ord4006
ord4007
ord13218
ord12821
ord10769
ord14006
ord6025
ord6106
ord14828
ord14965
ord10392
ord10008
ord2801
ord10084
ord389
ord7110
ord8389
ord6105
ord16747
ord1674
ord316
ord493
ord322
ord270
ord1638
ord10143
ord10043
ord14942
ord9960
ord6440
ord2884
ord14523
ord14524
ord17053
ord9454
ord17051
ord11139
ord4808
ord4747
ord15029
ord9476
ord2371
ord13837
ord13838
ord16915
ord14513
ord9535
ord17125
ord7684
ord17127
ord7686
ord17126
ord7685
ord4483
ord7159
ord14129
ord14137
ord5490
ord9825
ord12187
ord14147
ord14097
ord15010
ord6274
ord6678
ord6956
ord11091
ord6648
ord6959
ord6277
ord6506
ord6256
ord9208
ord4445
ord13563
ord9209
ord9198
ord6504
ord9829
ord12000
ord10946
ord5142
ord3021
ord15253
ord8222
ord1220
ord1171
ord1218
ord1176
ord1141
ord16803
ord4749
ord16241
ord8773
ord15626
ord1036
ord1655
ord1645
ord9532
ord1653
ord1599
ord1090
ord4729
ord2610
ord9109
ord12131
ord5882
ord1646

kernel32

GetLastError
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
Sleep
FreeLibrary
LoadLibraryExA
GetProcAddress
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleHandleExA
GetModuleFileNameA
HeapFree
EnterCriticalSection
SetLastError
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryW
LeaveCriticalSection
OutputDebugStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
VirtualQuery
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar

user32

PeekMessageA
GetSystemMetrics
UnregisterClassA
PostQuitMessage
PostMessageA

gdi32

DeleteDC

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

msvcp140d

?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mbrtowc
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ

vcruntime140d

__std_exception_destroy
memcpy
memset
__std_terminate
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
__CxxFrameHandler3
__std_exception_copy
memmove
_CxxThrowException

ucrtbased

__stdio_common_vsprintf
_CrtDbgReport
_invalid_parameter
_errno
strtol
__stdio_common_vsprintf_s
strlen
_calloc_dbg
wcscpy_s
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
__stdio_common_vsnprintf_s
_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_controlfp_s
strcpy_s
strcat_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_recalloc
_seh_filter_exe
free
malloc
__stdio_common_vswprintf_s
_setmbcp
_CrtDbgReportW
wcslen

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b56c0d46bc83f2c787f1fc8edbb3f3a

Headers

DLL Characteristics

File Characteristics

Imports

mfc140d

kernel32

user32

gdi32

oleaut32

gdiplus

msvcp140d

vcruntime140d

ucrtbased

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 117KB - Virtual size: 116KB

.data Size: 1024B - Virtual size: 10KB

.msvcjmc Size: 512B - Virtual size: 358B

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 1024B - Virtual size: 10KB

.msvcjmc
Size: 512B - Virtual size: 358B

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 8KB - Virtual size: 7KB