a45f42f1e5e8657df3d05eff43fe475f08b265f89d5c430ff4ce75fef889d21c

Sharing

Copy URL

Twitter E-mail

General

Target

a45f42f1e5e8657df3d05eff43fe475f08b265f89d5c430ff4ce75fef889d21c
Size

206KB
MD5

7fbe197399da2af038a1195babdb731b
SHA1

736d232415d585b71e4da0f3bae0245f83c234b4
SHA256

a45f42f1e5e8657df3d05eff43fe475f08b265f89d5c430ff4ce75fef889d21c
SHA512

296ae94c4ab42283e9ecb9f97bc302847a581ca9314a30588dfed8a63ddf334367022e41c32aca815db8247c3aded5cf9080a8e2f4e33308b7b5584e2c796112
SSDEEP

3072:7tg44burFalgBrIjIUl2H9dNO1EJF/pstBaDqwONnct437Bl3N2U9jZ4Mm/CzON:73m1OF/p/uwONct43j92U9l49/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a45f42f1e5e8657df3d05eff43fe475f08b265f89d5c430ff4ce75fef889d21c

Files

a45f42f1e5e8657df3d05eff43fe475f08b265f89d5c430ff4ce75fef889d21c
.exe windows x86

8c0a0679e1c19093547d4f5ba4ae0d32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord11717
ord4870
ord782
ord1318
ord8575
ord12086
ord9528
ord4482
ord7265
ord2172
ord469
ord1114
ord540
ord1169
ord758
ord1304
ord7462
ord9255
ord3257
ord3212
ord8434
ord8705
ord4218
ord6581
ord3924
ord2210
ord2524
ord12709
ord4869
ord2199
ord5104
ord13542
ord5194
ord5195
ord11482
ord8036
ord13576
ord9234
ord7873
ord13475
ord8188
ord2251
ord7148
ord644
ord14422
ord2644
ord14046
ord14048
ord12118
ord2298
ord890
ord1389
ord12969
ord4162
ord11319
ord3861
ord6460
ord4807
ord1044
ord316
ord3874
ord6540
ord2520
ord3177
ord4868
ord2822
ord8349
ord6686
ord13079
ord9166
ord6034
ord3933
ord12067
ord5911
ord13628
ord11659
ord4961
ord4910
ord4895
ord4953
ord5000
ord4923
ord4975
ord4990
ord4935
ord4941
ord4947
ord4929
ord4984
ord4914
ord1769
ord1742
ord1764
ord1738
ord1716
ord9204
ord12151
ord14491
ord3830
ord12032
ord8173
ord5291
ord8137
ord8278
ord8207
ord8299
ord2723
ord2701
ord5420
ord4378
ord4024
ord4782
ord14228
ord2077
ord12424
ord3304
ord8952
ord8897
ord14112
ord6277
ord8410
ord12937
ord8774
ord3126
ord14355
ord11037
ord3331
ord11278
ord1768
ord4117
ord2060
ord5064
ord5069
ord3128
ord6250
ord13157
ord12091
ord4009
ord2670
ord8765
ord14230
ord8109
ord13414
ord11110
ord8959
ord8913
ord3224
ord3348
ord2616
ord2106
ord11078
ord3061
ord9247
ord8954
ord8912
ord8919
ord12617
ord13421
ord4008
ord4500
ord11211
ord14213
ord3345
ord12768
ord8351
ord8436
ord13255
ord8024
ord8025
ord8053
ord12592
ord12559
ord6442
ord8650
ord8643
ord3572
ord801
ord8653
ord8654
ord8658
ord3813
ord12813
ord5816
ord5777
ord13259
ord12678
ord2699
ord12817
ord7867
ord14309
ord12165
ord8803
ord11314
ord10314
ord11836
ord9044
ord9063
ord2654
ord4172
ord4185
ord2244
ord1726
ord9938
ord9460
ord9465
ord9475
ord8821
ord4703
ord2087
ord4260
ord3323
ord9337
ord4362
ord8980
ord1977
ord14089
ord2657
ord8895
ord12912
ord8386
ord14169
ord6509
ord13063
ord4899
ord4889
ord1728
ord9213
ord8138
ord8301
ord8181
ord7080
ord5136
ord5415
ord2692
ord4387
ord4040
ord8951
ord8896
ord14113
ord8398
ord12924
ord14354
ord11701
ord11268
ord2632
ord4103
ord4035
ord8107
ord8957
ord8914
ord14275
ord11077
ord3059
ord11431
ord9620
ord8911
ord4006
ord4498
ord14211
ord3162
ord3161
ord3333
ord7854
ord2683
ord14166
ord5417
ord2541
ord3623
ord4041
ord4026
ord14387
ord13209
ord8517
ord3127
ord14218
ord4173
ord2091
ord11674
ord14197
ord13267
ord2760
ord2782
ord11544
ord13085
ord12085
ord3112
ord8993
ord9108
ord9056
ord4590
ord9019
ord8590
ord2381
ord2402
ord9705
ord8956
ord11660
ord12890
ord12770
ord2998
ord6942
ord8170
ord8193
ord13149
ord5007
ord13808
ord11935
ord3380
ord3417
ord13944
ord3178
ord5250
ord7481
ord2125
ord562
ord1189
ord634
ord1238
ord754
ord1300
ord779
ord1317
ord5736
ord9262
ord563
ord4401
ord8513
ord8426
ord14054
ord4365
ord12201
ord3210
ord13555
ord4377
ord4019
ord13408
ord4342
ord2026
ord4469
ord4427
ord8488
ord8649
ord8333
ord14020
ord4841
ord3230
ord2376
ord12291
ord14518
ord12348
ord14571
ord6724
ord13224
ord8732
ord12052
ord2241
ord6989
ord14150
ord789
ord4462
ord11632
ord2560
ord4490
ord13378
ord7276
ord7279
ord8486
ord7282
ord13939
ord7280
ord7281
ord7283
ord13913
ord13940
ord14572
ord8362
ord7700
ord11410
ord9174
ord14504
ord7883
ord9197
ord12126
ord3827
ord5019
ord12406
ord1783
ord13635
ord13633
ord11380
ord5931
ord8791
ord9309
ord11750
ord11745
ord3837
ord3271
ord7773
ord2065
ord10791
ord11440
ord3052
ord14252
ord11363
ord11457
ord1848
ord9162
ord9674
ord11451
ord2055
ord8387
ord12902
ord3318
ord3429
ord5727
ord10096
ord10099
ord10103
ord7618
ord994
ord1469
ord13189
ord7961
ord2301
ord2297
ord2200
ord4450
ord13830
ord8421
ord7910
ord7963
ord7988
ord13996
ord7641
ord7275
ord816
ord1860
ord366
ord1070
ord11972
ord12189
ord14149
ord2316
ord4581
ord462
ord1109
ord6463
ord1111
ord7461
ord4084
ord1909
ord6832
ord10202
ord5742
ord12869
ord12162
ord12194
ord10383
ord8180
ord12190
ord12182
ord5894
ord3844
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11928
ord11927
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord14509
ord12485
ord12484
ord2484
ord5336
ord8285
ord12806
ord8347
ord8429
ord8420
ord2799
ord12948
ord11838
ord14131
ord8931
ord9165
ord8438
ord14223

kernel32

OutputDebugStringW
MultiByteToWideChar
LocalFree
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
InterlockedDecrement
TerminateProcess
GetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedIncrement
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
GetProcAddress
GetModuleHandleW
DeleteCriticalSection

user32

GetParent
SetRectEmpty
IsIconic
ClientToScreen
LoadMenuW
GetSubMenu
SendMessageA
ScreenToClient
GetClientRect
RedrawWindow
GetSystemMetrics
InvalidateRect
UpdateWindow
GetWindowRect
InflateRect
GetSysColor
LoadBitmapW
EnableWindow
LoadImageA
GetFocus
IsChild

gdi32

CreateFontIndirectA
DeleteObject
GetStockObject
GetObjectA

comctl32

InitCommonControlsEx
ImageList_AddMasked

oleaut32

SysAllocString
VariantClear

vcruntime140

_except_handler4_common
_CxxThrowException
_purecall
memset
__CxxFrameHandler3
__std_terminate

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_initialize_narrow_environment
_set_app_type
_configure_narrow_argv
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_controlfp_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c0a0679e1c19093547d4f5ba4ae0d32

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

gdi32

comctl32

oleaut32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 11KB - Virtual size: 10KB