fc047eca39be606f854cc65e9a22c03342f3ef7e3a820a768005441f8e0266d2

Sharing

Copy URL Twitter E-mail

General

Target

fc047eca39be606f854cc65e9a22c03342f3ef7e3a820a768005441f8e0266d2
Size

1.5MB
MD5

9fd97256edc57fd416e9d61098a29f9e
SHA1

d3271425b245c0522edd8fd764341dad991a9669
SHA256

fc047eca39be606f854cc65e9a22c03342f3ef7e3a820a768005441f8e0266d2
SHA512

5f6d123360681cce512d314af11c0756e138901140811cf37e35bddea8add23de2ef5466d48b9418d596bf44b78c7c0cc2fdf8613d42966a3ad8e37b41d438a2
SSDEEP

12288:NFsgwk3LwG5UJhX/N/9MH2PpUsm3/tb8g:jsgwk3LwG5UvX/2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc047eca39be606f854cc65e9a22c03342f3ef7e3a820a768005441f8e0266d2

Files

fc047eca39be606f854cc65e9a22c03342f3ef7e3a820a768005441f8e0266d2
.exe windows x86

5d26120751c298359f128c6b31f9146f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140u

ord6129
ord6497
ord1070
ord3694
ord7820
ord5423
ord3359
ord3237
ord6801
ord1405
ord2335
ord501
ord1143
ord4093
ord6316
ord500
ord1142
ord11962
ord12351
ord1526
ord2885
ord14606
ord5882
ord6559
ord13289
ord14047
ord13087
ord5109
ord3702
ord4477
ord13544
ord3846
ord7111
ord469
ord1116
ord7496
ord11535
ord8817
ord9299
ord13122
ord4977
ord4915
ord4905
ord4969
ord5016
ord4939
ord4991
ord5006
ord4951
ord4957
ord4963
ord4945
ord5000
ord4930
ord1774
ord1747
ord1733
ord12175
ord14577
ord5312
ord8175
ord8317
ord8244
ord8340
ord2725
ord8218
ord8225
ord2703
ord5441
ord5154
ord5436
ord2694
ord4396
ord4032
ord4792
ord4048
ord12481
ord3311
ord8994
ord8939
ord14198
ord6303
ord8439
ord12983
ord8815
ord14129
ord3131
ord14440
ord11755
ord11089
ord3338
ord11321
ord2634
ord4112
ord2067
ord5080
ord5085
ord3133
ord6276
ord13216
ord12148
ord4017
ord8806
ord14315
ord4043
ord8143
ord13480
ord11162
ord9000
ord8957
ord3230
ord3356
ord2618
ord2113
ord14361
ord11129
ord3064
ord11484
ord9666
ord8997
ord8954
ord12676
ord13487
ord4014
ord4507
ord11264
ord14296
ord3167
ord3166
ord3340
ord7890
ord2685
ord14251
ord5438
ord2543
ord3631
ord4049
ord4034
ord14473
ord13268
ord8558
ord3132
ord14303
ord4182
ord2098
ord11728
ord14282
ord13326
ord2762
ord2784
ord11597
ord3696
ord4466
ord2562
ord1689
ord3009
ord5921
ord285
ord1692
ord4499
ord13654
ord12897
ord3849
ord6486
ord8776
ord4881
ord6865
ord10144
ord10147
ord10151
ord7653
ord995
ord1472
ord443
ord1102
ord13248
ord7997
ord2307
ord2205
ord4459
ord13911
ord8462
ord953
ord1866
ord366
ord1072
ord12027
ord12246
ord2322
ord4589
ord6860
ord10250
ord5763
ord7384
ord12219
ord12251
ord10433
ord8217
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord6533
ord7121
ord7501
ord481
ord1128
ord10976
ord9212
ord10251
ord5765
ord4703
ord12660
ord12418
ord13352
ord2843
ord7655
ord9128
ord8395
ord14065
ord13832
ord2858
ord5609
ord6199
ord9081
ord3857
ord11024
ord11267
ord9197
ord12786
ord5577
ord12575
ord11252
ord9484
ord2718
ord12964
ord12093
ord4138
ord4088
ord14511
ord5377
ord5837
ord10431
ord10721
ord11138
ord11139
ord9363
ord11743
ord9979
ord7166
ord10149
ord10150
ord7510
ord4226
ord890
ord11146
ord11746
ord8913
ord8923
ord10509
ord11118
ord9526
ord9991
ord9986
ord9514
ord9524
ord9509
ord11279
ord11276
ord8304
ord9133
ord12088
ord6876
ord2681
ord12105
ord9226
ord1078
ord376
ord4130
ord8746
ord4227
ord6607
ord3932
ord2526
ord4885
ord5850
ord14377
ord5390
ord2256
ord9467
ord13320
ord4025
ord7139
ord7506
ord515
ord1152
ord966
ord1444
ord758
ord1306
ord754
ord1302
ord9303
ord4349
ord13474
ord3215
ord13627
ord4384
ord12103
ord8399
ord4463
ord9352
ord9214
ord5934
ord13700
ord14591
ord7918
ord9238
ord2557
ord4495
ord12178
ord12081
ord8209
ord3174
ord5033
ord5034
ord6130
ord12461
ord1788
ord13709
ord5939
ord13707
ord5938
ord11431
ord5955
ord8832
ord11801
ord11796
ord5369
ord3844
ord4587
ord11495
ord10402
ord2070
ord10840
ord2060
ord5747
ord11509
ord1854
ord9204
ord9719
ord11503
ord266
ord265
ord4485
ord9418
ord2750
ord14234
ord2350
ord4886
ord2246
ord2945
ord14479
ord4316
ord1418
ord2895
ord8464
ord5117
ord12559
ord13646
ord8067
ord1523
ord2303
ord11968
ord8062
ord8773
ord12793
ord8476
ord3697
ord2385
ord2389
ord1180
ord6589
ord9209
ord5984
ord9256
ord12220
ord9132
ord2761
ord13756
ord6220
ord4225
ord1460
ord984
ord1476
ord1002
ord5110
ord1653
ord12131
ord9040
ord11396
ord4092
ord3404
ord3403
ord3164
ord6218
ord13752
ord3305
ord3302
ord8210
ord2760
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12173
ord6978
ord11002
ord9235
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord3147
ord4222
ord8744
ord2993
ord3872
ord9468
ord2522
ord8365
ord8811
ord1068
ord362
ord1511

kernel32

CreateFileW
SetFilePointer
ReadFile
CloseHandle
WideCharToMultiByte
CreateMutexW
GetLastError
WritePrivateProfileStringW
GetLocalTime
GetPrivateProfileIntW
InitializeCriticalSectionEx
MultiByteToWideChar
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleFileNameW
lstrcpyW
lstrlenW
OutputDebugStringW
GetProcAddress
GetPrivateProfileStringW
DeleteCriticalSection

user32

GetSysColor
KillTimer
SetWindowTextW
DrawIcon
FillRect
GetClientRect
LoadIconW
LoadCursorW
GetDesktopWindow
PostQuitMessage
SendMessageW
EnableWindow
SetRectEmpty
UpdateWindow
SetWindowPos
PostMessageW
SetCursor
GetWindowRect
PtInRect
LoadMenuW
GetSubMenu
EnableMenuItem
GetWindowLongW
SetWindowLongW
RedrawWindow
DialogBoxParamW
EndDialog
ModifyMenuW
DrawMenuBar
InvalidateRect
SetCapture
SetTimer
GetDC
wsprintfW
GetDlgItem

gdi32

CreateSolidBrush
DeleteObject
CreateFontIndirectW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon

oleaut32

SystemTimeToVariantTime
VarDateFromStr
VariantTimeToSystemTime
VarUdateFromDate

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree

msvcp140

_Thrd_sleep
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
_Query_perf_counter
?_Xlength_error@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

vcruntime140

__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
memset
__current_exception
__current_exception_context
_except_handler4_common
memmove
_CxxThrowException
memcpy

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
wcsftime
_mktime64

api-ms-win-crt-convert-l1-1-0

_wtoi
_itow_s
atoi
atof

api-ms-win-crt-runtime-l1-1-0

exit
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
terminate
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-string-l1-1-0

isalpha
strcat_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf_s
__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr
_libm_sse2_pow_precise

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d26120751c298359f128c6b31f9146f

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

shell32

comctl32

oleaut32

gdiplus

msvcp140

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 17KB - Virtual size: 16KB