9a81eab6c1fd7907af517ce51b4b140a0e8ce131bf777529d8ff64065ecd1650

Sharing

Copy URL Twitter E-mail

General

Target

9a81eab6c1fd7907af517ce51b4b140a0e8ce131bf777529d8ff64065ecd1650
Size

226KB
MD5

932008673698b9b64232637d26f3bb0f
SHA1

1af6600cdaf198810b9cfa1a1f8866c92a1e03b7
SHA256

9a81eab6c1fd7907af517ce51b4b140a0e8ce131bf777529d8ff64065ecd1650
SHA512

1ed43d53f47ebcf31f0e88d8beaf81f8c6e609dba3fc9748b5776a2afb94edc3b78877c569ff5ff49096f288331d11c374035969c86e071ec92f94462d8a048b
SSDEEP

6144:PN9gv8MvqfuW8TaSfF/p/uwONct43j92UTyC:19foD9pGHNu4B2UT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a81eab6c1fd7907af517ce51b4b140a0e8ce131bf777529d8ff64065ecd1650

Files

9a81eab6c1fd7907af517ce51b4b140a0e8ce131bf777529d8ff64065ecd1650
.exe windows x86

f64edc5f08c432110ac0cf612b283190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120u

ord2029
ord10722
ord12409
ord5548
ord5547
ord6870
ord14403
ord11526
ord6914
ord11016
ord11524
ord11525
ord6915
ord5355
ord13881
ord1754
ord13880
ord11646
ord4843
ord779
ord1315
ord8498
ord12018
ord9455
ord4448
ord7189
ord2136
ord469
ord1113
ord540
ord1168
ord755
ord1301
ord7385
ord9180
ord3222
ord3175
ord8357
ord8628
ord4184
ord6510
ord3889
ord2173
ord2484
ord12639
ord4842
ord2161
ord5030
ord13474
ord5121
ord5122
ord11410
ord7956
ord13508
ord9159
ord7793
ord13404
ord8107
ord2214
ord7074
ord643
ord14368
ord2604
ord13989
ord13991
ord12050
ord2262
ord887
ord1386
ord12899
ord4128
ord11247
ord3826
ord6389
ord4772
ord1042
ord296
ord3839
ord6469
ord2480
ord3140
ord4841
ord2783
ord8272
ord6613
ord13009
ord9090
ord5961
ord3898
ord11999
ord5838
ord13563
ord11588
ord4907
ord4873
ord4866
ord4901
ord4930
ord4881
ord4911
ord4922
ord4889
ord4893
ord4897
ord4885
ord4918
ord4876
ord1734
ord1725
ord1730
ord1722
ord1710
ord9128
ord12083
ord14436
ord3795
ord11964
ord8092
ord5217
ord8056
ord8199
ord8126
ord8220
ord2683
ord2661
ord5346
ord4344
ord3989
ord4749
ord14173
ord2042
ord12352
ord3269
ord8876
ord8821
ord14057
ord6206
ord8333
ord12867
ord8697
ord3089
ord14301
ord10970
ord3296
ord11206
ord1733
ord4083
ord2025
ord4990
ord4995
ord3091
ord6179
ord13076
ord12023
ord3974
ord2630
ord8688
ord14175
ord8027
ord13340
ord11043
ord8883
ord8837
ord3188
ord3314
ord2576
ord2071
ord11011
ord3024
ord9172
ord8878
ord8836
ord8843
ord12547
ord13347
ord3973
ord4466
ord11145
ord14158
ord3310
ord12698
ord8270
ord8359
ord13174
ord7944
ord7945
ord7973
ord12522
ord12487
ord6371
ord8573
ord8566
ord3537
ord798
ord8576
ord8577
ord8581
ord3778
ord12743
ord5742
ord5701
ord13178
ord12608
ord2659
ord12747
ord7787
ord14255
ord12097
ord8727
ord11242
ord10243
ord11765
ord8968
ord8987
ord2614
ord4138
ord4151
ord2207
ord1717
ord9865
ord9387
ord9392
ord9402
ord8746
ord4670
ord2052
ord4226
ord3288
ord9263
ord4328
ord8904
ord1942
ord14033
ord2617
ord8819
ord12842
ord8308
ord14114
ord6438
ord12993
ord4869
ord4862
ord1719
ord9137
ord8057
ord8222
ord8100
ord7006
ord5063
ord5341
ord2652
ord4353
ord4005
ord8875
ord8820
ord14058
ord8321
ord12854
ord14300
ord11630
ord11202
ord2592
ord4069
ord4000
ord8025
ord8881
ord8838
ord14221
ord11010
ord3022
ord11359
ord9547
ord8835
ord3971
ord4464
ord14156
ord3125
ord3124
ord3298
ord7774
ord2643
ord14111
ord5343
ord2501
ord3588
ord4006
ord3991
ord14333
ord13128
ord8440
ord3090
ord14163
ord4139
ord2056
ord11603
ord14142
ord13186
ord2720
ord2742
ord11472
ord13015
ord12017
ord3075
ord8917
ord9032
ord8980
ord4556
ord8943
ord8513
ord2341
ord2362
ord9632
ord8880
ord11589
ord12820
ord12700
ord2961
ord8089
ord8112
ord13068
ord4935
ord13748
ord11865
ord3346
ord3383
ord13885
ord3141
ord5176
ord2090
ord7404
ord562
ord1188
ord633
ord1236
ord751
ord1297
ord776
ord1314
ord3132
ord9187
ord563
ord4367
ord8436
ord8346
ord13997
ord4331
ord7910
ord3173
ord13487
ord4343
ord3984
ord13334
ord4308
ord1991
ord4435
ord4393
ord8411
ord8572
ord8254
ord13961
ord4813
ord3194
ord2336
ord12219
ord14463
ord12276
ord14516
ord6652
ord13143
ord8655
ord11984
ord2204
ord14382
ord14095
ord786
ord4428
ord11561
ord8200
ord4456
ord13302
ord7200
ord7203
ord8409
ord7206
ord7201
ord7204
ord7205
ord7207
ord13854
ord7202
ord14517
ord8284
ord7622
ord11338
ord9098
ord14451
ord7803
ord9121
ord12058
ord3792
ord4945
ord12334
ord1746
ord13570
ord13568
ord11308
ord5858
ord8715
ord9235
ord11679
ord11674
ord3802
ord3236
ord7693
ord2030
ord10723
ord11368
ord3015
ord14197
ord11291
ord11385
ord1812
ord9086
ord9601
ord11379
ord2020
ord8309
ord12832
ord3283
ord3395
ord5652
ord10025
ord10028
ord10032
ord7542
ord993
ord1468
ord13108
ord7881
ord2265
ord2261
ord2163
ord4416
ord13771
ord8344
ord7830
ord7883
ord7908
ord13937
ord7565
ord7199
ord813
ord1824
ord366
ord1069
ord11902
ord12121
ord14094
ord2280
ord4547
ord462
ord1108
ord6392
ord1110
ord7384
ord4049
ord1873
ord6759
ord10131
ord5667
ord12799
ord12094
ord12126
ord10314
ord8099
ord12122
ord12114
ord5821
ord3809
ord6252
ord14527
ord6253
ord14528
ord6251
ord14526
ord7884
ord12402
ord14326
ord11858
ord11857
ord1992
ord7825
ord12818
ord4047
ord4109
ord9279
ord14454
ord7806
ord14448
ord12413

msvcr120

__CxxFrameHandler3
__set_app_type
__wgetmainargs
_amsg_exit
_CxxThrowException
__crtGetShowWindowMode
_XcptFilter
memset
free
exit
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
_purecall

kernel32

InitializeCriticalSectionAndSpinCount
OutputDebugStringW
LocalFree
lstrcpyW
InterlockedDecrement
GetLastError
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
DeleteCriticalSection
DecodePointer
InterlockedIncrement

user32

GetSysColor
IsIconic
ClientToScreen
RedrawWindow
GetSystemMetrics
LoadImageW
GetFocus
IsChild
EnableWindow
LoadBitmapW
GetParent
InflateRect
GetWindowRect
UpdateWindow
InvalidateRect
GetClientRect
ScreenToClient
SendMessageW
GetSubMenu
LoadMenuW
SetRectEmpty

gdi32

CreateFontIndirectW
DeleteObject
GetStockObject
GetObjectW

comctl32

InitCommonControlsEx
ImageList_AddMasked

oleaut32

SysAllocString
VariantClear

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f64edc5f08c432110ac0cf612b283190

Headers

DLL Characteristics

File Characteristics

Imports

mfc120u

msvcr120

kernel32

user32

gdi32

comctl32

oleaut32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 142KB - Virtual size: 142KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 142KB - Virtual size: 142KB

.reloc
Size: 11KB - Virtual size: 11KB