2c330a2f85021abc22b13f8da7c2607007365f31c1e2fbe8be9cb59ab5b2be60

Sharing

Copy URL Twitter E-mail

General

Target

2c330a2f85021abc22b13f8da7c2607007365f31c1e2fbe8be9cb59ab5b2be60
Size

524KB
MD5

3494f697d80adce2a40fd8099e28d09f
SHA1

1392c25b9a58e9c064a1cf7b383a9273290c6dda
SHA256

2c330a2f85021abc22b13f8da7c2607007365f31c1e2fbe8be9cb59ab5b2be60
SHA512

4bd0f8e5662020d44b1e8c6379702649cf139b6efacd6ade16ca9777e59d9a900d5a9b0c5b526dc90eca1e6549830f1c22164eb1a47048fcf03fda618ccfec9c
SSDEEP

6144:cH6/MRTk2JYlD8hiz5y0RQpGgeYAjH5d0yr7KZv44lP1:K60RTkOYl4hiz5y0GpGgA5uwKpBP1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c330a2f85021abc22b13f8da7c2607007365f31c1e2fbe8be9cb59ab5b2be60

Files

2c330a2f85021abc22b13f8da7c2607007365f31c1e2fbe8be9cb59ab5b2be60
.exe windows x86

aa103736528b5080c01357f12ad3b7db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo
GetIpForwardTable

mfc140d

ord4480
ord1855
ord6105
ord7110
ord9771
ord14613
ord16747
ord3582
ord311
ord1671
ord1674
ord7163
ord3563
ord5575
ord14965
ord10392
ord10465
ord10466
ord10008
ord10140
ord1061
ord1575
ord17081
ord3466
ord1640
ord1648
ord543
ord3972
ord1257
ord8232
ord9291
ord15446
ord4884
ord16776
ord7541
ord16405
ord963
ord1512
ord1092
ord1601
ord2878
ord4326
ord8234
ord10483
ord5394
ord16538
ord9328
ord8414
ord9824
ord16437
ord5359
ord5986
ord6523
ord15661
ord10461
ord13828
ord15821
ord16960
ord13474
ord7896
ord2581
ord2607
ord10084
ord535
ord1251
ord4750
ord7631
ord594
ord7013
ord6739
ord7475
ord6250
ord15561
ord7067
ord15915
ord8274
ord6831
ord13838
ord9609
ord4513
ord9602
ord1292
ord7012
ord585
ord16055
ord13851
ord3455
ord1286
ord2680
ord6986
ord11437
ord5380
ord3628
ord17054
ord9455
ord17052
ord7603
ord8244
ord7461
ord15749
ord6756
ord13554
ord6208
ord9322
ord15975
ord7186
ord6518
ord3217
ord13999
ord4586
ord3966
ord3967
ord3847
ord14046
ord5826
ord6274
ord6678
ord6956
ord11091
ord6648
ord2777
ord6506
ord6256
ord9208
ord9209
ord9198
ord6504
ord9829
ord1823
ord1835
ord6479
ord17115
ord14376
ord17062
ord5392
ord9945
ord269
ord2656
ord5085
ord2975
ord15253
ord878
ord1655
ord1645
ord1653
ord1470
ord8115
ord2771
ord2773
ord13837
ord16915
ord14513
ord9535
ord17125
ord7684
ord17127
ord7686
ord17126
ord7685
ord1090
ord8222
ord4483
ord7159
ord14129
ord9825
ord14147
ord14097
ord6959
ord12000
ord10946
ord5752
ord322
ord9109
ord12131
ord1942
ord1938
ord1141
ord316
ord2512
ord270
ord8950
ord1638
ord1646
ord306
ord1880
ord267
ord12844
ord14006
ord7506
ord16040
ord3309
ord10947
ord14050
ord5026
ord2925
ord1218
ord10769
ord12821
ord13218
ord12225
ord4749
ord489
ord4006
ord4007
ord3744
ord3745
ord491
ord8567
ord3893
ord3890
ord12005
ord9816
ord17243
ord12036
ord12038
ord12037
ord12035
ord12039
ord6798
ord13562
ord13563
ord10874
ord13963
ord4467
ord13785
ord17046
ord10692
ord5382
ord3086
ord4729
ord8405
ord13421
ord13409
ord11209
ord12807
ord10994
ord3848
ord16191
ord14159
ord14155
ord1972
ord1994
ord2020
ord10143
ord5142
ord3021
ord1599
ord10043
ord14137
ord12187
ord15010
ord14942
ord5490
ord9960
ord6440
ord2884
ord14524
ord14523
ord17053
ord17051
ord9454
ord11139
ord4808
ord4747
ord15029
ord9476
ord6277
ord2371
ord2006
ord2027
ord5876
ord5943
ord5888
ord5906
ord5900
ord5894
ord5953
ord5937
ord5882
ord5959
ord5914
ord5852
ord5867
ord15709
ord5928
ord2610
ord13948
ord2801

kernel32

VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
WideCharToMultiByte
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcess
CreateEventA
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcessId
FindNextFileA
FindFirstFileA
DeleteFileA
RemoveDirectoryA
GetTempFileNameA
GetTempPathA
CreateProcessA
GetModuleHandleA
LoadLibraryA
GetLocalTime
WinExec
FindClose
GlobalUnlock
GlobalLock
GetProcAddress
FreeLibrary
GetModuleFileNameA
OutputDebugStringA
CloseHandle
Sleep
CreateThread
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
OutputDebugStringW

user32

PostMessageA
SendMessageA
IsWindowVisible
IsChild
PostQuitMessage
PeekMessageA
CloseClipboard
ScreenToClient
GetWindowRect
GetClientRect
GetDlgItem
MoveWindow
ShowWindow
IsWindow
CopyRect
UnregisterClassA
ExitWindowsEx
SystemParametersInfoA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
FindWindowExA
FindWindowA
GetSysColor
MessageBoxA
GetSystemMetrics
GetAsyncKeyState
GetClipboardData

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
InitiateSystemShutdownA
OpenProcessToken

oleaut32

SysFreeString

msvcp140d

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setf@ios_base@std@@QAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?setf@ios_base@std@@QAEHHH@Z

ws2_32

setsockopt
htons
WSAWaitForMultipleEvents
WSASocketA
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError
sendto
recvfrom
inet_addr
closesocket
inet_ntoa
WSACleanup
WSAStartup
socket

winmm

waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInClose
waveInOpen
waveInReset

vcruntime140d

memset
__CxxFrameHandler3
memcpy
_purecall
memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
strchr
strrchr
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW

ucrtbased

__stdio_common_vsprintf
__stdio_common_vsnprintf_s
free
malloc
_CrtDbgReportW
_invalid_parameter_noinfo
_errno
_CrtDbgReport
__acrt_iob_func
__stdio_common_vfprintf
strcat
strcpy
strlen
_invalid_parameter
__stdio_common_vsscanf
_wassert
strcmp
__stdio_common_vsprintf_s
strpbrk
_mbscmp
_mbslwr
__p___argc
__p___argv
fclose
fopen
fread
fwrite
_localtime64_s
_time64
_mkdir
fopen_s
strtok
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_except1
_seh_filter_exe
_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_controlfp_s
_wmakepath_s
_wsplitpath_s
_recalloc
wcslen
_setmbcp
wcscpy_s
__stdio_common_vswprintf_s

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 409B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa103736528b5080c01357f12ad3b7db

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

mfc140d

kernel32

user32

advapi32

oleaut32

msvcp140d

ws2_32

winmm

vcruntime140d

ucrtbased

Sections

.text Size: 415KB - Virtual size: 415KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 14KB

.idata Size: 14KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 409B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 415KB - Virtual size: 415KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 14KB

.idata
Size: 14KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 409B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 17KB - Virtual size: 17KB