4847b4241bf6ef561210ef43626b856270efefb39e9bb8432ab0bc1a77097eb4

Sharing

Copy URL Twitter E-mail

General

Target

4847b4241bf6ef561210ef43626b856270efefb39e9bb8432ab0bc1a77097eb4
Size

260KB
MD5

00fb4e883b078a9188932b4475fb21c3
SHA1

7a6e85f889191b406b158421d7e1e63acc00422d
SHA256

4847b4241bf6ef561210ef43626b856270efefb39e9bb8432ab0bc1a77097eb4
SHA512

988407681d27bb5006d879918b9d526507152552655856ba098e252de59d44bb750e18d3db7f447f39bdd5240b6f85a7479096e64e4ca5ae1ad37c88d01be3b0
SSDEEP

3072:TSOC5/egHWNfYhBnHaTKF/pstBaDqwONnct437Bl3N2U3:T8EgpaTKF/p/uwONct43j92U

Score

1^/10

Malware Config

Signatures

Files

4847b4241bf6ef561210ef43626b856270efefb39e9bb8432ab0bc1a77097eb4
.exe windows x64

be9fd2994b66497f37433146e4bf6483

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140ud

ord13779
ord3756
ord3877
ord3876
ord4460
ord13732
ord3160
ord14938
ord6989
ord15708
ord8192
ord9563
ord6044
ord13294
ord8020
ord15552
ord16774
ord9216
ord16768
ord3540
ord5225
ord11172
ord6789
ord5239
ord5762
ord5701
ord5686
ord5748
ord5793
ord5716
ord5771
ord5787
ord5728
ord5734
ord5740
ord5722
ord5777
ord5710
ord2011
ord1990
ord2004
ord1978
ord1956
ord13888
ord13892
ord15915
ord3757
ord12545
ord13213
ord8183
ord4592
ord3035
ord5227
ord8008
ord16766
ord13522
ord4350
ord13696
ord10606
ord13303
ord13302
ord6607
ord11776
ord11772
ord11774
ord11775
ord11773
ord16917
ord9555
ord11742
ord3799
ord3802
ord3652
ord3651
ord3914
ord3913
ord11965
ord12957
ord12559
ord10501
ord2874
ord4872
ord10679
ord3242
ord15769
ord7305
ord13739
ord12582
ord2558
ord4231
ord523
ord1234
ord4612
ord7424
ord1495
ord15646
ord15443
ord9355
ord4367
ord9348
ord7671
ord481
ord13784
ord10705
ord2736
ord2740
ord2764
ord9871
ord1133
ord302
ord9517
ord1863
ord8722
ord1631
ord16524
ord8541
ord1024
ord1203
ord15359
ord1275
ord2536
ord9877
ord4988
ord2970
ord1584
ord9776
ord13870
ord11926
ord14741
ord14674
ord5333
ord9284
ord9693
ord6272
ord2839
ord14256
ord14255
ord16767
ord9215
ord16773
ord10873
ord4671
ord4609
ord14760
ord9236
ord2356
ord13568
ord13567
ord16636
ord14245
ord9287
ord16845
ord7476
ord16847
ord7478
ord16846
ord7477
ord15965
ord1083
ord7998
ord4365
ord6962
ord13862
ord9564
ord13880
ord13830
ord1201
ord4611
ord6110
ord6501
ord6759
ord10825
ord6469
ord6762
ord6113
ord6331
ord6092
ord8978
ord8979
ord8968
ord9817
ord2834
ord951
ord6329
ord9568
ord11737
ord10678
ord1163
ord14982
ord1640
ord1630
ord1638
ord8880
ord582
ord4747
ord2581
ord10424
ord11869

kernel32

CreateProcessW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
K32GetModuleFileNameExW
DecodePointer
HeapDestroy
HeapAlloc
MultiByteToWideChar
SetLastError
Process32NextW
OutputDebugStringW
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeLibrary
VirtualQuery
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCurrentThreadId
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetLastError

user32

LoadMenuW
GetSubMenu
PostQuitMessage
GetCursorPos
UnregisterClassW
PeekMessageW
TrackPopupMenu
GetSystemMetrics
wsprintfW

gdi32

DeleteDC

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

vcruntime140_1d

__CxxFrameHandler4

vcruntime140d

__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list
__C_specific_handler_noexcept
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove
memset
memcpy

ucrtbased

free
malloc
_CrtDbgReportW
wcscpy_s
_CrtDbgReport
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_cexit
_c_exit
__stdio_common_vsnprintf_s
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
_register_thread_local_exe_atexit_callback
__stdio_common_vswprintf_s
wcslen
__stdio_common_vsprintf

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be9fd2994b66497f37433146e4bf6483

Headers

DLL Characteristics

File Characteristics

Imports

mfc140ud

kernel32

user32

gdi32

comctl32

oleaut32

gdiplus

vcruntime140_1d

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 1KB - Virtual size: 14KB

.pdata Size: 13KB - Virtual size: 13KB

.idata Size: 11KB - Virtual size: 11KB

.msvcjmc Size: 1024B - Virtual size: 964B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 3KB - Virtual size: 3KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 1KB - Virtual size: 14KB

.pdata
Size: 13KB - Virtual size: 13KB

.idata
Size: 11KB - Virtual size: 11KB

.msvcjmc
Size: 1024B - Virtual size: 964B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 3KB - Virtual size: 3KB