0643ef71288bde5c2d85051dd523012082166f202cb2c793fbbb3ee1619b5ba8

Sharing

Copy URL

Twitter E-mail

General

Target

0643ef71288bde5c2d85051dd523012082166f202cb2c793fbbb3ee1619b5ba8
Size

210KB
MD5

317611559486942618192414f0e2d812
SHA1

06e09efd00deb86113eea9266d91b2c81404a120
SHA256

0643ef71288bde5c2d85051dd523012082166f202cb2c793fbbb3ee1619b5ba8
SHA512

252bf922e93c0a0e02aefe7ddab208420ae16605b632955372c22b2c784679e6217888856006e30214aa385ce13a38e648b35b34f4bac7f133571f38baf9d61e
SSDEEP

3072:jVMDRLFHko2q3dF/pstBaDqwONnct437Bl3N2U+jZwMd:5MDNFEm3dF/p/uwONct43j92U+l

Score

1^/10

Malware Config

Signatures

Files

0643ef71288bde5c2d85051dd523012082166f202cb2c793fbbb3ee1619b5ba8
.exe windows x64

29d3e5164562b4fd5d9b47471c2dd46b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140u

ord7037
ord2155
ord457
ord1094
ord528
ord1149
ord746
ord1284
ord7236
ord8990
ord3171
ord3124
ord8172
ord8441
ord4086
ord6361
ord3803
ord2187
ord2479
ord12448
ord4725
ord4957
ord13269
ord5046
ord5047
ord11224
ord7785
ord13301
ord8969
ord7637
ord13199
ord7928
ord2222
ord6920
ord632
ord14129
ord2593
ord13759
ord13761
ord11857
ord2270
ord878
ord1369
ord12706
ord4030
ord11061
ord3745
ord6247
ord4656
ord1033
ord296
ord3756
ord6320
ord2475
ord3089
ord4724
ord2749
ord8088
ord6466
ord12814
ord8900
ord5845
ord3812
ord11806
ord5723
ord13354
ord11402
ord4817
ord4766
ord4751
ord4809
ord4856
ord4779
ord4831
ord4846
ord4791
ord4797
ord4803
ord4785
ord4840
ord4770
ord1752
ord1725
ord1747
ord1721
ord1699
ord8938
ord11890
ord14198
ord3718
ord11771
ord7913
ord5143
ord7885
ord8016
ord7946
ord8036
ord2669
ord2649
ord5259
ord4245
ord3892
ord4633
ord13942
ord2061
ord12163
ord3218
ord8686
ord8631
ord13827
ord6077
ord8148
ord12674
ord8505
ord3043
ord14063
ord10778
ord3245
ord11020
ord1751
ord3985
ord2044
ord4918
ord4923
ord3045
ord6057
ord12891
ord11830
ord3877
ord2619
ord8497
ord13944
ord7857
ord13143
ord10851
ord8693
ord8647
ord3137
ord3263
ord2565
ord2090
ord10819
ord2978
ord8982
ord8688
ord8646
ord8653
ord12357
ord13150
ord3876
ord4367
ord10953
ord13927
ord3259
ord12506
ord8086
ord8174
ord12987
ord7773
ord7774
ord7802
ord12332
ord12297
ord6229
ord8388
ord8381
ord3484
ord789
ord8391
ord8392
ord8396
ord3702
ord12551
ord5630
ord5590
ord12991
ord12418
ord2647
ord12555
ord7631
ord14017
ord11904
ord8535
ord11056
ord10053
ord11579
ord8778
ord8797
ord2603
ord4040
ord4053
ord2215
ord1709
ord9675
ord9197
ord9202
ord9212
ord8554
ord4559
ord2071
ord4128
ord3237
ord9073
ord4229
ord8714
ord1961
ord13803
ord2606
ord8629
ord12649
ord8123
ord13884
ord6289
ord12798
ord4755
ord4745
ord1711
ord8947
ord7886
ord8038
ord7921
ord6852
ord4988
ord5254
ord2640
ord4254
ord3908
ord8685
ord8630
ord13828
ord8136
ord12661
ord14062
ord11444
ord11010
ord2581
ord3971
ord3903
ord7855
ord8691
ord8648
ord13983
ord10818
ord2976
ord11173
ord9357
ord8645
ord3874
ord4365
ord13925
ord3074
ord3073
ord3247
ord7618
ord2632
ord13881
ord5256
ord2496
ord3533
ord3909
ord3894
ord14095
ord12942
ord8255
ord3044
ord13932
ord4041
ord2075
ord11417
ord13912
ord12997
ord2699
ord2721
ord11286
ord12820
ord11824
ord3029
ord8727
ord8842
ord8790
ord4455
ord8753
ord8328
ord2344
ord2365
ord9442
ord8690
ord11403
ord12627
ord12508
ord2915
ord7910
ord7933
ord12883
ord4862
ord13522
ord11672
ord3293
ord3329
ord13657
ord7083
ord838
ord1350
ord8765
ord14111
ord8779
ord9097
ord4005
ord12826
ord7096
ord2637
ord8912
ord9941
ord5749
ord5063
ord5571
ord7848
ord13151
ord12235
ord9985
ord2972
ord1761
ord10021
ord10966
ord9165
ord9096
ord11181
ord9987
ord8609
ord9094
ord10052
ord10213
ord11106
ord10893
ord11494
ord12465
ord4720
ord5027
ord4619
ord2706
ord9077
ord5638
ord12095
ord14281
ord2863
ord5472
ord3090
ord5102
ord7082
ord7350
ord837
ord1349
ord972
ord1438
ord449
ord1090
ord918
ord841
ord1352
ord854
ord1363
ord1063
ord9029
ord12207
ord13422
ord8173
ord5727
ord11799
ord8911
ord14214
ord7648
ord8941
ord11893
ord8100
ord12160
ord1766
ord11123
ord5743
ord9043
ord11489
ord9048
ord12474
ord11113
ord2546
ord3806
ord5545
ord10920
ord11195
ord2051
ord10533
ord1832
ord8897
ord7169
ord7388
ord9739
ord9738
ord10835
ord8702
ord10811
ord9218
ord11435
ord8604
ord8614
ord10199
ord10807
ord4349
ord9682
ord9677
ord9205
ord9215
ord9200
ord10968
ord10965
ord8003
ord11770
ord11902
ord6630
ord11825
ord11804
ord8917
ord1065
ord375
ord7255
ord550
ord1169
ord956
ord1425
ord8997
ord551
ord4268
ord12956
ord13283
ord11791
ord2212
ord8908
ord14213
ord7647
ord8931
ord11865
ord3715
ord8099
ord4874
ord12145
ord13361
ord13359
ord11122
ord8523
ord9045
ord11493
ord11488
ord3725
ord3185
ord7540
ord2049
ord10531
ord11182
ord2969
ord13965
ord11105
ord11199
ord8896
ord9411
ord11193
ord2039
ord8124
ord12639
ord3232
ord3341
ord5540
ord9835
ord9838
ord7393
ord984
ord1451
ord865
ord1360
ord7716
ord2273
ord2269
ord2178
ord4317
ord13545
ord8159
ord804
ord13064
ord13586
ord1844
ord2931
ord12213
ord365
ord1059
ord11709
ord14155
ord2297
ord14156
ord2285
ord11928
ord13864
ord2288
ord4446

kernel32

CreateProcessW
InitializeCriticalSectionEx
GetLastError
ExitProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
WriteFile
OutputDebugStringW
CloseHandle
CreateEventW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
CreateFileW
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent

user32

GetFocus
IsChild
EnableWindow
LoadBitmapW
GetSysColor
InflateRect
GetWindowRect
UpdateWindow
InvalidateRect
GetClientRect
ScreenToClient
GetSubMenu
LoadMenuW
SetRectEmpty
SendMessageW
GetParent

gdi32

GetObjectW

comctl32

ImageList_AddMasked
InitCommonControlsEx

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__C_specific_handler
__std_terminate
__current_exception_context
__current_exception
_purecall
memcpy

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
terminate
_crt_atexit
_c_exit
_cexit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29d3e5164562b4fd5d9b47471c2dd46b

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

comctl32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 117KB - Virtual size: 117KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 117KB - Virtual size: 117KB

.reloc
Size: 5KB - Virtual size: 4KB