884e89af7b4cca63e06f822891edad57ce43d0bafb69481bae6e86254c649c77

Sharing

Copy URL

Twitter E-mail

General

Target

884e89af7b4cca63e06f822891edad57ce43d0bafb69481bae6e86254c649c77
Size

821KB
MD5

d7a7a88a07e0214b86fd12e6781a58ec
SHA1

e01a6c3df90a98a27f648c89f123eff05e310b4e
SHA256

884e89af7b4cca63e06f822891edad57ce43d0bafb69481bae6e86254c649c77
SHA512

e32d693bb4671fb93866f70707e1da66c87e8d4150c29cb8f51e52bc858188b54fd5861919c0be4f2e7b2f9cb9de6d6d4e813b8fc6fe3ea609fba1cb4b5ad417
SSDEEP

24576:k/Nf86geJzyHDnUMKhJkYc1zxRaFhq/oW:kjSIMSkYc1zjam7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
884e89af7b4cca63e06f822891edad57ce43d0bafb69481bae6e86254c649c77

Files

884e89af7b4cca63e06f822891edad57ce43d0bafb69481bae6e86254c649c77
.exe windows x86

4b87b3d2951c96d9149f13a85fc902ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdiplusShutdown
GdiplusStartup

imm32

ImmDisableIME

kernel32

EncodePointer
DecodePointer
CreateMutexW
FreeLibrary
LoadLibraryW
GetLastError
GetProcAddress
CloseHandle
SetFilePointer
IsDebuggerPresent
GetModuleFileNameW
CreateFileW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentVariableW
VirtualQuery
GetLogicalDriveStringsW
QueryDosDeviceW
GetUserDefaultLangID
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteFile
GetVolumeInformationW
FormatMessageW
InterlockedExchangeAdd
GetFileSizeEx
lstrcpyW
lstrcatW
GetFileTime
ReadFile
SetEndOfFile
GetFileSize
SetFileAttributesW
DeleteFileW
GetWindowsDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
MoveFileW
GetCurrentDirectoryW
GetTempPathW
lstrlenW
CopyFileW
GetSystemDirectoryW
SetFileTime
CreateDirectoryW
MoveFileExW
GetTempFileNameW
GetFullPathNameW
LocalFileTimeToFileTime
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
FindNextFileW
FindClose
GlobalFree
GlobalAlloc
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
GetCurrentProcess
LoadLibraryA
GetFileAttributesW
LoadLibraryExW
GetDiskFreeSpaceW
GetShortPathNameW
GetFileAttributesExW
GetLongPathNameW
FindFirstFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
ReleaseMutex
OpenMutexW
Sleep
MultiByteToWideChar
GetACP
WideCharToMultiByte
lstrcmpiW
GetSystemInfo
LockResource
GetVersionExW
LoadResource
FindResourceW
GetDriveTypeW
SearchPathW
LocalFree
WaitForMultipleObjects
GetExitCodeProcess
GetModuleHandleW
WaitForSingleObject
CreateProcessW
ExpandEnvironmentStringsW

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW

msvcp120

??0_Container_base12@std@@QAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
_Inf
_Nan
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getname@_Locinfo@std@@QBEPBDXZ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?uncaught_exception@std@@YA_NXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
??0id@locale@std@@QAE@I@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xruntime_error@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??7ios_base@std@@QBE_NXZ

msvcr120

fseek
_CxxThrowException
fread
rewind
_wfopen_s
memmove
_purecall
??3@YAXPAX@Z
_hypot
??2@YAPAXI@Z
atoi
free
malloc
wcsrchr
realloc
??_V@YAXPAX@Z
wcschr
towlower
??_U@YAPAXI@Z
wcsstr
_vsnwprintf
towupper
_wtoi
_errno
rand
srand
_time64
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_unlock_file
ungetc
strstr
fgetpos
_fseeki64
_except1
fflush
fgetc
fsetpos
setvbuf
_lock_file
memcpy_s
fwrite
fclose
calloc
?terminate@@YAXXZ
_wcsnicmp
sprintf
atof
_stricmp
_splitpath_s
_mktime64
_localtime64
strchr
memchr
tolower
toupper
wcsncpy
_wcsicmp
_vswprintf_c_l
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
__CxxFrameHandler3
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
ftell
__crtGetShowWindowMode
sprintf_s
_dtest
strpbrk
abort
modf
sscanf
__iob_func
localeconv
fprintf
memcpy
memset

Sections

.text
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b87b3d2951c96d9149f13a85fc902ce

Headers

DLL Characteristics

File Characteristics

Imports

version

gdiplus

imm32

kernel32

advapi32

msvcp120

msvcr120

Sections

.text Size: 645KB - Virtual size: 645KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 2KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 645KB - Virtual size: 645KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 2KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 35KB - Virtual size: 34KB