109a3e6a8db312a5df83eea5d67581e4506f1a06db99d7e3d3789d7db9e2b9b5

Sharing

Copy URL Twitter E-mail

General

Target

109a3e6a8db312a5df83eea5d67581e4506f1a06db99d7e3d3789d7db9e2b9b5
Size

528KB
MD5

d71b5c5491b3e0d65083e264177996a4
SHA1

8ae0decd5ece2cd6bb84fc54e3473774ee6c78fc
SHA256

109a3e6a8db312a5df83eea5d67581e4506f1a06db99d7e3d3789d7db9e2b9b5
SHA512

7c5bbd3229b1e5a00b81f1b2fc8f755e8330e4009a477742d6aeca2be8910b9f003288d479beb9a9994eac3ad395f9d4ecfe21d2bdb415fb86a537cd901074c2
SSDEEP

12288:FMxTNAYUs+elYaR1lc4MWNumpsjcqYpZr:FMxTpz+elFR1lc4MlmpXqYpZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
109a3e6a8db312a5df83eea5d67581e4506f1a06db99d7e3d3789d7db9e2b9b5

Files

109a3e6a8db312a5df83eea5d67581e4506f1a06db99d7e3d3789d7db9e2b9b5
.exe windows x86

c02ce52afa4cc67fb8b0a9f01a92a9f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken
CloseServiceHandle
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
QueryServiceStatus
DeleteService
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
CreateServiceA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA

mfc71

ord5493
ord2703
ord3201
ord380
ord744
ord1452
ord2314
ord6310
ord5097
ord556
ord2328
ord5403
ord1467
ord1207
ord559
ord747
ord3174
ord5975
ord6297
ord262
ord5331
ord5484
ord266
ord265
ord1185
ord3255
ord6174
ord6180
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord2322
ord386
ord2280
ord2288
ord3931
ord2748
ord2468
ord3389
ord1084
ord6013
ord5420
ord1440
ord631
ord3934
ord5563
ord762
ord764
ord1482
ord6118
ord2933
ord299
ord2902
ord1489
ord297
ord304
ord1486
ord876
ord310
ord784
ord5529
ord3997
ord781
ord578
ord911
ord1187
ord2751

msvcr71

malloc
_setmbcp
_fileno
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
sprintf
__CxxFrameHandler
wcscpy
_except_handler3
free
strftime
_localtime64
_time64
realloc
fclose
exit
fwrite
fopen
rand
srand
time
fread
strerror
strncpy
strchr
abort
fprintf
_iob
strcmp
_pctype
_isctype
__mb_cur_max
_ftol
bsearch
qsort
memchr
_errno
fflush
_setmode
ftell
fseek
fgets
tolower
strncmp
sscanf
getenv
wcscat
_wsplitpath
memset
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??0exception@@QAE@ABV0@@Z
_controlfp

kernel32

GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetModuleHandleA
Sleep
CloseHandle
DisconnectNamedPipe
FlushFileBuffers
WriteFile
CreateFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
UnmapViewOfFile
MultiByteToWideChar
CreateFileMappingA
LocalFree
TerminateProcess
DuplicateHandle
OpenProcess
LocalAlloc
GetSystemInfo
RemoveDirectoryA
MoveFileExA
WinExec
SetFileAttributesA
OutputDebugStringA
GetWindowsDirectoryA
CopyFileA
GetPrivateProfileIntA
GetDriveTypeA
GetLogicalDriveStringsA
WaitForSingleObject
CreateProcessA
CreateMutexA
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
GetDiskFreeSpaceA
GetVolumeInformationA
ReadFile
GetCurrentThreadId
GetCurrentProcessId
GlobalMemoryStatus
GetTickCount
QueryPerformanceCounter
QueryDosDeviceA
ExitProcess
GetStartupInfoA
GetSystemTimeAsFileTime
GetLastError
InitializeCriticalSection
GetSystemDirectoryA
DeleteCriticalSection
lstrlenA
MapViewOfFile

user32

ExitWindowsEx

shlwapi

SHDeleteKeyA

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

setupapi

SetupCopyOEMInfW
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW

Sections

.text
Size: 340KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c02ce52afa4cc67fb8b0a9f01a92a9f8

Headers

File Characteristics

Imports

advapi32

mfc71

msvcr71

kernel32

user32

shlwapi

ole32

msvcp71

setupapi

Sections

.text Size: 340KB - Virtual size: 338KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 48KB - Virtual size: 54KB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 340KB - Virtual size: 338KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 48KB - Virtual size: 54KB

.rsrc
Size: 24KB - Virtual size: 22KB