5d28794f8614d1903ecb9ae559ee08fdd53059a598a05c6e8e7a97940700539e

Sharing

Copy URL

Twitter E-mail

General

Target

5d28794f8614d1903ecb9ae559ee08fdd53059a598a05c6e8e7a97940700539e
Size

207KB
MD5

5acb960d763030c152062c34cd2b0195
SHA1

899fda31816c02cb573b6652e211bfe823254813
SHA256

5d28794f8614d1903ecb9ae559ee08fdd53059a598a05c6e8e7a97940700539e
SHA512

fd662e0c1c4bab07a53d8fef147c8dad6a974679fc59736d6c5a8e914f75be993866c75f692ebeeee4900feca9a7835d4af3e35251c8af3a100095f4df6fedda
SSDEEP

3072:/Js8Vgy2iesZncPphexFJF/pstBaDqwONnct437Bl3N2U9jZ4Mmc20:VYiWwFJF/p/uwONct43j92U9l49

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d28794f8614d1903ecb9ae559ee08fdd53059a598a05c6e8e7a97940700539e

Files

5d28794f8614d1903ecb9ae559ee08fdd53059a598a05c6e8e7a97940700539e
.exe windows x86

f4188c446ef150e01e555997c1ddd684

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140u

ord14021
ord1796
ord14020
ord11771
ord4886
ord782
ord1320
ord8616
ord12143
ord9574
ord4491
ord7296
ord2178
ord469
ord1116
ord540
ord1171
ord758
ord1306
ord7496
ord9299
ord3264
ord3217
ord8475
ord8746
ord4227
ord6607
ord3932
ord2215
ord2526
ord12768
ord4885
ord2203
ord5120
ord13614
ord5212
ord5213
ord11535
ord8072
ord13648
ord9278
ord7909
ord13544
ord8225
ord2256
ord7179
ord644
ord14508
ord2646
ord14129
ord14131
ord12175
ord2304
ord890
ord1391
ord13028
ord4171
ord11372
ord3869
ord6486
ord4815
ord1045
ord296
ord3882
ord6566
ord2522
ord3182
ord4884
ord2825
ord8390
ord6712
ord13138
ord9209
ord6058
ord3941
ord12124
ord5935
ord13703
ord11713
ord4977
ord4926
ord4911
ord4969
ord5016
ord4939
ord4991
ord5006
ord4951
ord4957
ord4963
ord4945
ord5000
ord4930
ord1774
ord1747
ord1769
ord1743
ord1721
ord9247
ord12208
ord14577
ord3838
ord12089
ord8210
ord5312
ord8174
ord8317
ord8244
ord8338
ord2725
ord2703
ord5441
ord4387
ord4032
ord4792
ord14313
ord2084
ord12481
ord3311
ord8995
ord8940
ord14197
ord6303
ord8451
ord12996
ord8815
ord3131
ord14441
ord11089
ord3338
ord11331
ord1773
ord4126
ord2067
ord5080
ord5085
ord3133
ord6276
ord13216
ord12148
ord4017
ord2672
ord8806
ord14315
ord8145
ord13480
ord11162
ord9002
ord8956
ord3230
ord3356
ord2618
ord2113
ord11130
ord3066
ord9291
ord8997
ord8955
ord8962
ord12676
ord13487
ord4016
ord4509
ord11264
ord14298
ord3352
ord12827
ord8388
ord8477
ord13314
ord8060
ord8061
ord8089
ord12651
ord12616
ord6468
ord8691
ord8684
ord3580
ord801
ord8694
ord8695
ord8699
ord3821
ord12872
ord5839
ord5798
ord13318
ord12737
ord2701
ord12876
ord7903
ord14395
ord12222
ord8845
ord11367
ord10362
ord11890
ord9087
ord9106
ord2656
ord4181
ord4194
ord2249
ord1731
ord9984
ord9506
ord9511
ord9521
ord8864
ord4713
ord2094
ord4269
ord3330
ord9382
ord4371
ord9023
ord1984
ord14173
ord2659
ord8938
ord12971
ord8426
ord14254
ord6535
ord13122
ord4915
ord4905
ord1733
ord9256
ord8175
ord8340
ord8218
ord7111
ord5154
ord5436
ord2694
ord4396
ord4048
ord8994
ord8939
ord14198
ord8439
ord12983
ord14440
ord11755
ord11321
ord2634
ord4112
ord4043
ord8143
ord9000
ord8957
ord14361
ord11129
ord3064
ord11484
ord9666
ord8954
ord4014
ord4507
ord14296
ord3167
ord3166
ord3340
ord7890
ord2685
ord14251
ord5438
ord2543
ord3631
ord4049
ord4034
ord14473
ord13268
ord8558
ord3132
ord14303
ord4182
ord2098
ord11728
ord14282
ord13326
ord2762
ord2784
ord11597
ord13144
ord12142
ord3117
ord9036
ord9151
ord9099
ord4599
ord9062
ord8631
ord2383
ord2404
ord9751
ord8999
ord11714
ord12949
ord12829
ord3003
ord6973
ord8207
ord8230
ord13208
ord5023
ord13888
ord11990
ord3388
ord3425
ord14025
ord3183
ord5271
ord7515
ord2132
ord562
ord1191
ord634
ord1240
ord754
ord1302
ord779
ord1319
ord5757
ord9306
ord563
ord4410
ord8554
ord8464
ord1770
ord4374
ord8026
ord3215
ord13627
ord4386
ord4027
ord13474
ord4351
ord2033
ord4478
ord4436
ord8529
ord8690
ord8372
ord14101
ord4856
ord3236
ord2378
ord12348
ord14604
ord12405
ord14657
ord6751
ord13283
ord8773
ord12109
ord11135
ord14522
ord14235
ord789
ord4471
ord11686
ord2562
ord4499
ord13442
ord7307
ord7310
ord8527
ord5450
ord7308
ord7311
ord7312
ord7314
ord11650
ord7309
ord14658
ord8402
ord7735
ord11463
ord9217
ord14592
ord7919
ord9240
ord12183
ord3835
ord5035
ord12463
ord1788
ord13710
ord13708
ord11433
ord5955
ord8833
ord9354
ord11804
ord11799
ord3845
ord3278
ord7809
ord2072
ord10842
ord11493
ord3057
ord14337
ord11416
ord11510
ord1854
ord9205
ord9720
ord11504
ord2062
ord8427
ord12961
ord3325
ord3437
ord5748
ord10144
ord10147
ord10151
ord7653
ord996
ord1473
ord13248
ord7997
ord2307
ord2303
ord2205
ord4459
ord13911
ord8462
ord7946
ord7999
ord8024
ord14077
ord7676
ord7306
ord816
ord1866
ord366
ord1072
ord12027
ord12246
ord14234
ord2322
ord4590
ord462
ord1111
ord6489
ord1113
ord7495
ord4092
ord1915
ord6861
ord10250
ord5763
ord12928
ord12219
ord12251
ord10433
ord8217
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord8461
ord2801
ord13007
ord11893
ord14216
ord8974

kernel32

GetLastError
InitializeCriticalSectionEx
OutputDebugStringW
LocalFree
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
GetProcAddress
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection

user32

LoadMenuW
GetSubMenu
SetRectEmpty
GetParent
SendMessageW
ScreenToClient
GetClientRect
InvalidateRect
UpdateWindow
GetWindowRect
InflateRect
GetSysColor
LoadBitmapW
EnableWindow
IsChild
GetFocus
LoadImageW
IsIconic
GetSystemMetrics
RedrawWindow
ClientToScreen

gdi32

CreateFontIndirectW
GetObjectW
DeleteObject
GetStockObject

comctl32

ImageList_AddMasked
InitCommonControlsEx

oleaut32

SysAllocString
VariantClear

vcruntime140

_purecall
_CxxThrowException
__CxxFrameHandler3
__std_terminate
memset
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-string-l1-1-0

wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_get_wide_winmain_command_line
_exit
_initialize_wide_environment
_configure_wide_argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_controlfp_s
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4188c446ef150e01e555997c1ddd684

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

comctl32

oleaut32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 11KB - Virtual size: 10KB