7f51359d87d974d8ba87bd3bd16c52c0089ed674f39933c46d8b9d73447baba3

Sharing

Copy URL Twitter E-mail

General

Target

7f51359d87d974d8ba87bd3bd16c52c0089ed674f39933c46d8b9d73447baba3
Size

296KB
MD5

508a55670e826cd14c5ecb2873e611e5
SHA1

14063fe69305923ed11c5fee73a422da8b0ca880
SHA256

7f51359d87d974d8ba87bd3bd16c52c0089ed674f39933c46d8b9d73447baba3
SHA512

bd4780503e1827072ac6e018d7c17dde0c97b9dc945ec26cb32cdc714c256dc32ea27ce2c813e9084463c6f0bbc3d9824d026a0f70049136f8f03b94c6c03009
SSDEEP

6144:njXEp0z2jk27pDwj4LEajv6OKtF/p/uwONct43j92UgC:njSk2dDE4LEajv6j9pGHNu4B2UgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f51359d87d974d8ba87bd3bd16c52c0089ed674f39933c46d8b9d73447baba3

Files

7f51359d87d974d8ba87bd3bd16c52c0089ed674f39933c46d8b9d73447baba3
.exe windows x86

110082aa43f7ed0c1925caa9b15b604c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutWrite
PlaySoundA

mfc110d

ord16951
ord9382
ord14345
ord16742
ord13675
ord13676
ord2321
ord9324
ord14859
ord4687
ord4748
ord10989
ord16877
ord9302
ord16879
ord14355
ord14356
ord2829
ord6316
ord9805
ord9379
ord5428
ord14772
ord14840
ord12032
ord13975
ord9887
ord1590
ord2966
ord5082
ord9987
ord2506
ord1560
ord1030
ord8804
ord6981
ord9616
ord15184
ord322
ord306
ord1662
ord1930
ord3507
ord5512
ord14832
ord7554
ord1164
ord542
ord3916
ord1250
ord8094
ord9138
ord15264
ord4824
ord16595
ord7412
ord16224
ord957
ord1503
ord1086
ord1592
ord2823
ord4374
ord4386
ord4266
ord4267
ord15036
ord9175
ord8274
ord9669
ord16256
ord9848
ord5297
ord5867
ord6399
ord15478
ord15480
ord10314
ord15640
ord16787
ord13312
ord13351
ord2529
ord9928
ord1047
ord15287
ord16036
ord1213
ord7768
ord492
ord13889
ord10823
ord1846
ord5986
ord5513
ord10245
ord16953
ord7556
ord16952
ord7555
ord16060
ord1084
ord8085
ord4424
ord7030
ord13967
ord9670
ord13985
ord13935
ord6834
ord11845
ord10796
ord8961
ord11976
ord5690
ord1933
ord1929
ord1665
ord1135
ord316
ord1871
ord9032
ord6881
ord12689
ord13844
ord7377
ord15859
ord3254
ord10797
ord13888
ord4966
ord2870
ord1211
ord10620
ord12666
ord13055
ord12070
ord4689
ord488
ord3950
ord3951
ord3688
ord3689
ord490
ord8427
ord3837
ord3834
ord11850
ord9661
ord11881
ord11883
ord11882
ord11880
ord11884
ord6674
ord13400
ord13401
ord10725
ord13801
ord4408
ord13623
ord16872
ord10543
ord5320
ord3031
ord4669
ord8267
ord13259
ord13247
ord11059
ord12652
ord10844
ord3792
ord16010
ord13994
ord13992
ord1957
ord1966
ord1974
ord1970
ord1979
ord5797
ord5834
ord5805
ord5817
ord5813
ord5809
ord5840
ord5830
ord5801
ord5844
ord5822
ord5786
ord5792
ord5825
ord5332
ord6860
ord11285
ord5318
ord3572
ord16880
ord9303
ord16878
ord7474
ord8106
ord7332
ord15568
ord6632
ord13392
ord6088
ord9169
ord15794
ord7057
ord6394
ord3162
ord13837
ord4526
ord3910
ord3911
ord3791
ord13884
ord5764
ord6153
ord6554
ord6831
ord10941
ord6524
ord6156
ord6382
ord6136
ord9058
ord9059
ord9049
ord6380
ord9674
ord1814
ord1826
ord6355
ord16941
ord14209
ord16888
ord5330
ord9791
ord269
ord2603
ord5025
ord2920
ord15083
ord872
ord1646
ord1636
ord1644
ord1461
ord7981
ord2716
ord2718
ord2461
ord2460
ord270
ord267
ord8802
ord1629
ord1637
ord9984
ord2557
ord2746

msvcr110d

_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_CrtSetCheckCount
exit
_exit
_cexit
_ismbblead
__crtTerminateProcess
__setusermatherr
_localtime64
atoi
atof
_strupr
_purecall
sin
_mbsstr
_mbslwr
__crtUnhandledException
_CRT_RTC_INITW
_time64
_onexit
__dllonexit
_calloc_dbg
_unlock
_lock
??1type_info@@UAE@XZ
_configthreadlocale
__CxxFrameHandler3
memmove
_CxxThrowException
_CrtDbgReportW
_setmbcp
_invalid_parameter
_mbsupr
_mbscmp
isdigit
rand
strcmp
strcat
vsprintf
vprintf
strlen
strcpy
fprintf
fopen
fclose
memset
memcpy_s
_crt_debugger_hook
_wsplitpath_s
_wmakepath_s
wcscpy_s
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
_initterm_e

kernel32

GetCurrentProcess
GetCurrentProcessId
ReadProcessMemory
WriteProcessMemory
CloseHandle
GetModuleHandleA
CreateProcessA
CreateThread
OutputDebugStringA
GetNativeSystemInfo
GetTickCount
MulDiv
InitializeCriticalSectionAndSpinCount
OpenProcess
EncodePointer
DecodePointer
IsProcessorFeaturePresent
RaiseException
LoadLibraryExW
lstrlenA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualAllocEx
VirtualFreeEx
GetProcAddress
Sleep
GetModuleFileNameA
IsDebuggerPresent
GetProcessHeap
VirtualQuery
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetLastError

user32

GetWindowRect
ScreenToClient
IsChild
IsWindowVisible
GetKeyState
GetKeyboardState
keybd_event
SendInput
GetSystemMetrics
SendMessageA
AttachThreadInput
GetClientRect
SetForegroundWindow
ClientToScreen
FindWindowA
FindWindowExA
EnumWindows
GetWindowThreadProcessId
GetSysColor
SystemParametersInfoA
GetKeyboardLayout
PostMessageA
MessageBoxA
GetDlgItem
MoveWindow
ShowWindow
SetFocus
IsWindow
SetRect
SetRectEmpty
CopyRect
InflateRect
IntersectRect
UnionRect
SubtractRect
OffsetRect
IsRectEmpty
EqualRect
PtInRect

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

msvcp110d

??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Lockit@std@@QAE@H@Z

psapi

EnumProcesses
GetProcessImageFileNameA

Sections

.textbss
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

110082aa43f7ed0c1925caa9b15b604c

Headers

DLL Characteristics

File Characteristics

Imports

winmm

mfc110d

msvcr110d

kernel32

user32

advapi32

comctl32

oleaut32

msvcp110d

psapi

Sections

.textbss Size: - Virtual size: 69KB

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 9KB - Virtual size: 8KB

.textbss
Size: - Virtual size: 69KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 9KB - Virtual size: 8KB