91bba9d51509b4619de42200b7e0252866b6624f84468a03c32a17eb147b6cd3

Sharing

Copy URL Twitter E-mail

General

Target

91bba9d51509b4619de42200b7e0252866b6624f84468a03c32a17eb147b6cd3
Size

417KB
MD5

3c0c35391e4d25d0f3111c0bbafb1892
SHA1

965f5a191f41f8d5f3352fb5c149ae19b78a98ce
SHA256

91bba9d51509b4619de42200b7e0252866b6624f84468a03c32a17eb147b6cd3
SHA512

bb87cbdf44efb9aabd5b83923f8dcace41a795fca171e6e719de873f171a5bf1c81a9f11a9fda9ca5285fae4760ca4c754d966325d862b357eb5ffaf9cef8523
SSDEEP

6144:gqWABTTdpEWemF/p/uwONct43j92UTyw:gzAlhpum9pGHNu4B2UT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91bba9d51509b4619de42200b7e0252866b6624f84468a03c32a17eb147b6cd3

Files

91bba9d51509b4619de42200b7e0252866b6624f84468a03c32a17eb147b6cd3
.exe windows x86

eea9f54e0fa992f7f16225b283e4071d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc110d

ord2471
ord4126
ord2716
ord1634
ord9681
ord2504
ord2603
ord14223
ord370
ord9889
ord5946
ord1163
ord4777
ord957
ord1503
ord579
ord3708
ord4447
ord2007
ord1275
ord617
ord9938
ord8095
ord8266
ord1301
ord10796
ord8096
ord7415
ord15894
ord5764
ord4526
ord13837
ord7057
ord15794
ord16350
ord9169
ord6088
ord14940
ord14941
ord16845
ord9508
ord15568
ord6756
ord16788
ord10844
ord3031
ord5320
ord4408
ord13801
ord2969
ord5085
ord9661
ord2554
ord2626
ord3790
ord15673
ord15733
ord9469
ord5432
ord15000
ord9289
ord2560
ord13856
ord5314
ord13855
ord5439
ord13389
ord9658
ord9686
ord17018
ord15658
ord6112
ord6111
ord845
ord9605
ord9708
ord9824
ord6240
ord6414
ord6409
ord3206
ord16423
ord7483
ord10385
ord16348
ord3655
ord12743
ord3878
ord12986
ord5788
ord5782
ord5819
ord5799
ord5827
ord5836
ord5807
ord5803
ord5832
ord5811
ord5815
ord5842
ord5824
ord5794
ord1977
ord1968
ord1962
ord16861
ord4708
ord13196
ord2354
ord5924
ord5929
ord9799
ord3657
ord7452
ord15142
ord13861
ord4628
ord4613
ord5663
ord10374
ord16558
ord9571
ord3844
ord15487
ord12816
ord10582
ord10536
ord16713
ord3756
ord3895
ord14286
ord3098
ord2402
ord12785
ord3184
ord3584
ord13144
ord10881
ord10577
ord14566
ord15495
ord4612
ord5342
ord12928
ord16538
ord10519
ord10541
ord7943
ord803
ord3744
ord3892
ord14733
ord9891
ord9992
ord9894
ord9995
ord15295
ord9447
ord9491
ord14665
ord14542
ord14509
ord7698
ord4391
ord14781
ord6924
ord6868
ord15302
ord5995
ord5202
ord15072
ord9968
ord14908
ord14630
ord3182
ord14785
ord2371
ord9278
ord16664
ord13448
ord13939
ord10416
ord13027
ord11960
ord3326
ord13573
ord12990
ord1411
ord3126
ord3152
ord10670
ord16556
ord10690
ord3136
ord2913
ord5018
ord9446
ord4788
ord4802
ord10535
ord10534
ord10575
ord1976
ord17008
ord5791
ord5785
ord1965
ord1973
ord1956
ord11573
ord11099
ord11104
ord11114
ord4722
ord13388
ord13924
ord10835
ord10437
ord5560
ord2381
ord4885
ord3867
ord10973
ord5185
ord10603
ord2267
ord16398
ord3139
ord10517
ord14883
ord9935
ord16484
ord7186
ord8431
ord7770
ord499
ord1216
ord3692
ord3880
ord13891
ord3693
ord13432
ord9606
ord6032
ord10574
ord10518
ord3114
ord9263
ord9956
ord14895
ord9671
ord3165
ord9826
ord16481
ord16615
ord4639
ord9569
ord6411
ord3012
ord4191
ord4644
ord4645
ord4630
ord16712
ord16749
ord16424
ord5213
ord15219
ord3175
ord15056
ord3656
ord10580
ord3582
ord10890
ord10867
ord13032
ord4610
ord11258
ord10533
ord5340
ord16536
ord16543
ord12784
ord4789
ord2385
ord13403
ord16521
ord15312
ord3256
ord3282
ord13261
ord692
ord8612
ord826
ord1425
ord13684
ord3640
ord15078
ord11165
ord10616
ord10736
ord10682
ord3930
ord3973
ord10642
ord11343
ord10579
ord14861
ord16022
ord14735
ord3519
ord15133
ord16205
ord2916
ord5021
ord8499
ord2740
ord10159
ord10214
ord10221
ord10144
ord10226
ord10231
ord10227
ord10084
ord3709
ord6175
ord8824
ord7981
ord1461
ord872
ord2920
ord5025
ord2565
ord1871
ord322
ord1135
ord9984
ord9791
ord5330
ord16888
ord14209
ord16941
ord6355
ord1826
ord1814
ord3762
ord5727
ord10336
ord16357
ord14328
ord15640
ord13123
ord16823
ord7083
ord3808
ord2908
ord5013
ord13481
ord4416
ord5857
ord15802
ord15800
ord4405
ord1083
ord1589
ord823
ord1424
ord9873
ord8623
ord15445
ord16313
ord2320
ord15240
ord5188
ord799
ord3742
ord15680
ord1407
ord682
ord1346
ord15481
ord5254
ord9410
ord9081
ord2068
ord608
ord607
ord4623
ord2359
ord5200
ord5162
ord12470
ord14268
ord13153
ord5298
ord16463
ord5227
ord3575
ord16584
ord16802
ord13076
ord13899
ord9908
ord16874
ord10804
ord10945
ord10828
ord13822
ord9162
ord2461
ord13170
ord10792
ord11312
ord13476
ord13093
ord13164
ord10403
ord2349
ord9937
ord14873
ord3861
ord3985
ord1296
ord6814
ord10897
ord13361
ord833
ord5291
ord6828
ord16942
ord8626
ord8629
ord8624
ord8627
ord8628
ord8625
ord16164
ord8630
ord2420
ord10220
ord10052
ord10079
ord10050
ord11739
ord11742
ord11746
ord8804
ord8961
ord1164
ord11845
ord6834
ord16462
ord3689
ord3688
ord3951
ord3950
ord4689
ord12070
ord13055
ord12666
ord10620
ord1211
ord2870
ord4966
ord10797
ord3254
ord15859
ord7377
ord13844
ord13935
ord13985
ord9670
ord13967
ord7030
ord4424
ord390
ord1171
ord9979
ord16060
ord15180
ord7555
ord16952
ord7556
ord16953
ord7554
ord16951
ord9382
ord14345
ord16742
ord2080
ord13675
ord13676
ord2321
ord13723
ord13974
ord9324
ord14859
ord4687

msvcr110d

_CrtDbgReportW
_unlock
_lock
_errno
calloc
free
_recalloc
memset
strcpy
__CxxFrameHandler3
strlen
wcscpy
wcsncpy_s
_snprintf_s
_vsnprintf_s
_snwprintf_s
_vsnwprintf_s
_CrtDbgReport
_CxxThrowException
memcmp
memmove_s
_wcsicmp
wcslen
malloc
_setmbcp
??1type_info@@UAE@XZ
_CRT_RTC_INITW
??_V@YAXPAX@Z
_purecall
strcpy_s
_wsplitpath_s
_wmakepath_s
wcscpy_s
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
_CrtSetCheckCount
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__dllonexit
_calloc_dbg

kernel32

lstrlenW
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
VirtualAlloc
GetSystemInfo
GetCurrentThread
GetCurrentProcessId
MulDiv
OpenEventW
SetEvent
CloseHandle
OutputDebugStringW
OutputDebugStringA
InterlockedDecrement
IsProcessorFeaturePresent
lstrcpyA
GetLastError
GetProcAddress
LoadLibraryExW
lstrlenA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount64
HeapAlloc
GetProcessHeap
InterlockedIncrement
VirtualQuery
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
EncodePointer
RaiseException
DecodePointer
IsDebuggerPresent
HeapFree

user32

PtInRect
IsRectEmpty
OffsetRect
SubtractRect
UnionRect
IntersectRect
InflateRect
CopyRect
SetRectEmpty
SetRect
LoadImageA
GetSystemMetrics
GetSysColor
EnableWindow
GetFocus
IsChild
EqualRect

gdi32

DeleteObject
GetStockObject

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantInit
VariantChangeType
CreateErrorInfo
VariantClear
SetErrorInfo

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Sections

.textbss
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eea9f54e0fa992f7f16225b283e4071d

Headers

DLL Characteristics

File Characteristics

Imports

mfc110d

msvcr110d

kernel32

user32

gdi32

comctl32

oleaut32

advapi32

Sections

.textbss Size: - Virtual size: 70KB

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 13KB - Virtual size: 12KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 15KB - Virtual size: 15KB

.textbss
Size: - Virtual size: 70KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 15KB - Virtual size: 15KB