2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3

Sharing

Copy URL

Twitter E-mail

General

Target

2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3
Size

261KB
MD5

bb5242106d9da0b15a90c48f987c5ec7
SHA1

811fc8b49d83cc079063b26e21aaf72a5dd6f41c
SHA256

2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3
SHA512

025f89a9d345033e737f7163bb4a326d53cd06647bdb859acd19c53a6672178f43094b01a91e3dcf82b0be15583eb7128ba335eb5f70d21dd4ec215f54f83582
SSDEEP

3072:UO2ii3xO1Mcl0U0fOJ5rS0t5F/pstBaDqwONnct437Bl3N2UUjZl8:U5GNShfktRt5F/p/uwONct43j92UUl

Score

1^/10

Malware Config

Signatures

Files

2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3
.exe windows x64

594c43e72a0ee93b720504a74516c681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140u

ord2176
ord4957
ord13269
ord5046
ord5047
ord11224
ord7785
ord13301
ord8969
ord7637
ord13199
ord7928
ord2222
ord6920
ord632
ord14129
ord2593
ord13759
ord13761
ord11857
ord2270
ord878
ord1369
ord12706
ord4030
ord11061
ord3745
ord6247
ord4656
ord1033
ord296
ord3756
ord6320
ord2475
ord3089
ord4724
ord2749
ord8088
ord6466
ord12814
ord8900
ord5845
ord3812
ord11806
ord5723
ord13354
ord11402
ord4817
ord4766
ord4751
ord4809
ord4856
ord4779
ord4831
ord4846
ord4791
ord4797
ord4803
ord4785
ord4840
ord4770
ord1752
ord1725
ord1747
ord1721
ord1699
ord8938
ord11890
ord14198
ord3718
ord11771
ord7913
ord5143
ord7885
ord8016
ord7946
ord8036
ord2669
ord2649
ord5259
ord4245
ord3892
ord4633
ord13942
ord2061
ord12163
ord3218
ord8686
ord8631
ord13827
ord6077
ord8148
ord12674
ord8505
ord3043
ord14063
ord10778
ord3245
ord11020
ord1751
ord3985
ord2044
ord4918
ord4923
ord3045
ord6057
ord12891
ord11830
ord3877
ord2619
ord8497
ord13944
ord7857
ord13143
ord10851
ord8693
ord8647
ord3137
ord3263
ord2565
ord2090
ord10819
ord2978
ord8982
ord8688
ord8646
ord8653
ord12357
ord13150
ord3876
ord4367
ord10953
ord13927
ord3259
ord12506
ord8086
ord8174
ord12987
ord7773
ord7774
ord7802
ord12332
ord12297
ord6229
ord8388
ord8381
ord3484
ord789
ord8391
ord8392
ord8396
ord3702
ord12551
ord5630
ord5590
ord12991
ord12418
ord2647
ord12555
ord7631
ord14017
ord11904
ord8535
ord11056
ord10053
ord11579
ord8778
ord8797
ord2603
ord4040
ord4053
ord2215
ord1709
ord9675
ord9197
ord9202
ord9212
ord8554
ord4559
ord2071
ord4128
ord3237
ord9073
ord4229
ord8714
ord1961
ord13803
ord2606
ord8629
ord12649
ord8123
ord13884
ord6289
ord12798
ord4755
ord4745
ord1711
ord8947
ord7886
ord8038
ord7921
ord6852
ord4988
ord5254
ord2640
ord4254
ord3908
ord8685
ord8630
ord13828
ord8136
ord12661
ord14062
ord11444
ord11010
ord2581
ord3971
ord3903
ord7855
ord8691
ord8648
ord13983
ord10818
ord2976
ord11173
ord9357
ord8645
ord3874
ord4365
ord13925
ord3074
ord3073
ord3247
ord7618
ord2632
ord13881
ord5256
ord2496
ord3533
ord3909
ord3894
ord14095
ord12942
ord8255
ord3044
ord13932
ord4041
ord2075
ord11417
ord13912
ord12997
ord2699
ord2721
ord11286
ord12820
ord11824
ord3029
ord8727
ord8842
ord8790
ord4455
ord8753
ord8328
ord2344
ord2365
ord9442
ord8690
ord11403
ord12627
ord12508
ord2915
ord6724
ord7910
ord7933
ord12883
ord4862
ord13522
ord11672
ord3293
ord3329
ord13657
ord7083
ord838
ord1350
ord8765
ord14111
ord8779
ord9097
ord4005
ord12826
ord7096
ord2637
ord8912
ord9941
ord5749
ord5063
ord5571
ord7848
ord13151
ord12235
ord9985
ord2972
ord1761
ord10021
ord10966
ord9165
ord9096
ord11181
ord9987
ord8609
ord9094
ord10052
ord10213
ord11106
ord10893
ord11494
ord12465
ord4720
ord5027
ord4619
ord2706
ord9077
ord5638
ord12095
ord14281
ord2863
ord5472
ord9835
ord9838
ord9842
ord7393
ord984
ord1451
ord865
ord12923
ord1360
ord7716
ord2273
ord2269
ord2178
ord4317
ord13545
ord8159
ord7673
ord7718
ord7739
ord13709
ord7416
ord7047
ord804
ord13064
ord13586
ord1844
ord2931
ord12213
ord2288
ord4446
ord450
ord1089
ord6250
ord1091
ord7235
ord3951
ord8161
ord1893
ord5102
ord6615
ord5555
ord12606
ord11901
ord11933
ord10124
ord7920
ord11929
ord11921
ord5706
ord3731
ord6122
ord14289
ord6123
ord14290
ord6121
ord14288
ord7719
ord12212
ord14088
ord11665
ord11664
ord5441
ord7668
ord12625
ord3949
ord4011
ord9089
ord14216
ord7650
ord14210
ord12223
ord12222
ord2439
ord5183
ord8023
ord12544
ord8084
ord8167
ord8158
ord2725
ord12685
ord11582
ord13846
ord8665
ord8899
ord8176
ord13937
ord12264
ord6287
ord8901
ord8926
ord11855
ord2697
ord13397
ord6000
ord3071
ord3307
ord3308
ord10163
ord11085
ord10704
ord8731
ord11813
ord11523
ord11522
ord4725
ord9693
ord11473
ord11513
ord9706
ord7355
ord861
ord1364
ord10668
ord466
ord12828
ord6704
ord5973
ord3803
ord5981
ord2479
ord9942
ord5579
ord5554
ord3728
ord4549
ord12341
ord12100
ord13023
ord2767
ord7395
ord2511
ord8093
ord13697
ord13469
ord2779
ord8772
ord3739
ord10716
ord10960
ord8891
ord12467
ord5376
ord12256
ord10941
ord9175
ord2663
ord12644
ord11776
ord3998
ord3947
ord14132
ord5197
ord5190
ord10123
ord10412
ord10827
ord10828
ord9054
ord11432
ord9670
ord5541
ord1880
ord12369
ord14148
ord6115
ord11215
ord5937
ord5090
ord8118
ord12690
ord10027
ord9947

kernel32

ExitProcess
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
OutputDebugStringW
LocalFree
GetLastError
Sleep
GetSystemTimeAsFileTime
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress

user32

GetSubMenu
SendMessageW
ScreenToClient
GetClientRect
InvalidateRect
UpdateWindow
InflateRect
GetSysColor
LoadMenuW
EnableWindow
IsChild
GetFocus
ClientToScreen
LoadImageW
GetSystemMetrics
IsIconic
SetRectEmpty
LoadBitmapW
GetParent
GetWindowRect

gdi32

CreateFontIndirectW
GetStockObject
DeleteObject
GetObjectW

comctl32

InitCommonControlsEx
ImageList_AddMasked

oleaut32

VariantClear
SysAllocString

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uncaught_exceptions@std@@YAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
memset
__C_specific_handler
__std_terminate
__current_exception_context
_CxxThrowException
__current_exception
memcpy

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-string-l1-1-0

wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
terminate
_crt_atexit
_c_exit
_cexit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

594c43e72a0ee93b720504a74516c681

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

comctl32

oleaut32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 135KB - Virtual size: 135KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 7KB - Virtual size: 6KB