6174b1980e87c404eb98297f48ee6ded35e389b554789e367c57e236b8ff3058

Sharing

Copy URL

Twitter E-mail

General

Target

6174b1980e87c404eb98297f48ee6ded35e389b554789e367c57e236b8ff3058
Size

490KB
MD5

cc056e4b69d53fc76d08829d6c06c23c
SHA1

90b7285abdb59619f80c76ab9e799ac01293b582
SHA256

6174b1980e87c404eb98297f48ee6ded35e389b554789e367c57e236b8ff3058
SHA512

2b5646063111fdf7948be63e680099b6619574532859c5d3af84710fd8c52b1f9837b0e7e2b5535c05e1d9951343dec328086d2b18d695864c596b0c63bf08d2
SSDEEP

12288:OGR/p0Nnt9seIvjfy2n6GZe9pGHNu4B2U0Zj:pR/p0NntPi7fI4r0

Score

1^/10

Malware Config

Signatures

Files

6174b1980e87c404eb98297f48ee6ded35e389b554789e367c57e236b8ff3058
.exe windows x86

09954775fc0fee0424ce3f8682962ed1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140u

ord8470
ord8386
ord12865
ord8324
ord5357
ord2486
ord12541
ord12542
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11982
ord11983
ord14466
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord3852
ord5918
ord12239
ord12247
ord4589
ord8217
ord10433
ord12251
ord12219
ord12928
ord5763
ord10250
ord6860
ord4092
ord13911
ord12531
ord7313
ord13442
ord952
ord2205
ord7997
ord1472
ord995
ord7653
ord10379
ord4664
ord6220
ord13756
ord3305
ord3302
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord3009
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord13085
ord6489
ord358
ord8365
ord8811
ord13293
ord13086
ord6795
ord898
ord4649
ord3605
ord1193
ord566
ord1391
ord890
ord7654
ord6559
ord6566
ord3882
ord4815
ord2304
ord8757
ord2385
ord2389
ord1476
ord1002
ord7441
ord8756
ord12430
ord5114
ord2899
ord4806
ord1711
ord14461
ord8499
ord14623
ord13669
ord13053
ord4312
ord11971
ord5585
ord5588
ord5581
ord6837
ord5893
ord2885
ord12351
ord11962
ord494
ord6555
ord5512
ord5514
ord12784
ord296
ord1142
ord5921
ord500
ord14606
ord285
ord2439
ord462
ord5117
ord1111
ord2990
ord1113
ord1523
ord7495
ord6129
ord6549
ord1133
ord3872
ord12429
ord12367
ord2993
ord8744
ord4222
ord6332
ord11972
ord3147
ord9128
ord6497
ord1070
ord1045
ord2215
ord2246
ord3697
ord10472
ord4885
ord8464
ord13544
ord3833
ord11038
ord7820
ord2383
ord5882
ord6533
ord9210
ord9235
ord12173
ord2760
ord13752
ord6218
ord3164
ord3403
ord3404
ord11396
ord9040
ord5109
ord1511
ord11015
ord4927
ord12131
ord1525
ord286
ord1449
ord973
ord265
ord266
ord2409
ord1513

kernel32

GetLastError
DeleteCriticalSection
lstrlenW
lstrcpyW
GetACP
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
FormatMessageW
LocalFree
TlsAlloc
TlsFree
CreateEventW
CloseHandle
InitializeCriticalSectionAndSpinCount
Sleep
WaitForMultipleObjects
TerminateThread
QueueUserAPC
WaitForSingleObject
EnterCriticalSection
SleepEx
SetWaitableTimer
GetQueuedCompletionStatus
SetLastError
VerSetConditionMask
VerifyVersionInfoW
CreateWaitableTimerW
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsSetValue
CreateThread
GetModuleHandleW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InitializeCriticalSectionEx
LeaveCriticalSection
CreateIoCompletionPort
OutputDebugStringW
SetEvent
PostQueuedCompletionStatus

user32

AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow
SendMessageW
IsWindow
GetClientRect
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
InvalidateRect

gdi32

GetTextExtentPoint32W
Ellipse

comctl32

InitCommonControlsEx

msvcp140

?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
_Cnd_do_broadcast_at_thread_exit
?id@?$ctype@D@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_function_call@std@@YAXXZ
?classic@locale@std@@SAABV12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
_Mtx_unlock
_Mtx_lock
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Thrd_join
_Thrd_id
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
_Query_perf_counter
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?toupper@?$ctype@D@std@@QBEDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?uncaught_exception@std@@YA_NXZ

ws2_32

getaddrinfo
freeaddrinfo
ntohl
htonl
htons
WSASend
accept
bind
connect
getpeername
WSAAddressToStringW
WSARecv
listen
select
WSAStartup
shutdown
ioctlsocket
closesocket
WSAGetLastError
setsockopt
getsockopt
getsockname
WSAIoctl
WSASetLastError
ntohs
WSACleanup
WSASocketW
__WSAFDIsSet

vcruntime140

_CxxThrowException
memmove
__current_exception_context
__current_exception
_except_handler4_common
memset
__std_type_info_compare
_purecall
__std_exception_destroy
__std_terminate
__CxxFrameHandler3
memchr
__std_exception_copy
memcpy

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-convert-l1-1-0

_wtof
_wtoi
wcstombs_s
strtoul
atoi

api-ms-win-crt-string-l1-1-0

tolower
strncpy

api-ms-win-crt-stdio-l1-1-0

fgets
__p__commode
__stdio_common_vsprintf
_set_fmode

api-ms-win-crt-heap-l1-1-0

free
_recalloc
calloc
_set_new_mode

api-ms-win-crt-time-l1-1-0

_gmtime64_s
strftime
_localtime64_s
_time64
wcsftime

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

advapi32

CryptAcquireContextA
CryptGenRandom
CryptEnumProvidersA
CryptReleaseContext

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09954775fc0fee0424ce3f8682962ed1

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

comctl32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 18KB - Virtual size: 19KB

.rsrc Size: 70KB - Virtual size: 69KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 18KB - Virtual size: 19KB

.rsrc
Size: 70KB - Virtual size: 69KB

.reloc
Size: 22KB - Virtual size: 21KB