9cde8cd4d3fe1d67bfba4f9524796d31f82def4914490f06d24baf2b8f28290a

Sharing

Copy URL Twitter E-mail

General

Target

9cde8cd4d3fe1d67bfba4f9524796d31f82def4914490f06d24baf2b8f28290a
Size

5.6MB
MD5

b11674264ad89f6c3e7915c40cd7d439
SHA1

eb1129d9f707c9963bff9d241c9ffc6aabfd199c
SHA256

9cde8cd4d3fe1d67bfba4f9524796d31f82def4914490f06d24baf2b8f28290a
SHA512

77b9297e5ca1dae4415b6675cce9d0c0461fe4b2d368629c7bb23daf46f67f77238f6e60beb8f7aa21722db434a0eb757cae2bf94343432b0e7a2d2d70857c81
SSDEEP

98304:Bey+JPf7FzHU8UNjzwF+og9aNaTEI/IFKx7puFLOCkOroGMaDarJ/llbL4bZvLas:sy+JPf7FzHU8UNjzwF+og9aNaTEI/IFV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cde8cd4d3fe1d67bfba4f9524796d31f82def4914490f06d24baf2b8f28290a

Files

9cde8cd4d3fe1d67bfba4f9524796d31f82def4914490f06d24baf2b8f28290a
.exe windows x86

aac67932d034470a3c729664ba4642e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100u

ord8289
ord8238
ord4096
ord8201
ord7782
ord2084
ord8868
ord8139
ord10722
ord11866
ord11749
ord2627
ord7382
ord7404
ord12109
ord12734
ord10983
ord2968
ord3000
ord12850
ord6552
ord2509
ord3978
ord12510
ord5198
ord7001
ord3752
ord8270
ord5325
ord5883
ord1014
ord4511
ord826
ord7524
ord11838
ord4151
ord3763
ord2844
ord8273
ord6117
ord1266
ord1479
ord1476
ord3985
ord1480
ord13398
ord5563
ord12745
ord1233
ord12152
ord11569
ord5185
ord11960
ord5600
ord12266
ord6711
ord381
ord6344
ord8509
ord10409
ord970
ord2763
ord5846
ord8434
ord6362
ord1226
ord2939
ord2824
ord6086
ord4811
ord2774
ord4661
ord423
ord981
ord4197
ord4216
ord7353
ord4956
ord4959
ord4963
ord1264
ord6619
ord844
ord1247
ord6848
ord6161
ord6096
ord4138
ord6080
ord11998
ord7967
ord7529
ord9562
ord12776
ord8481
ord5157
ord4356
ord13181
ord4536
ord9491
ord10904
ord8073
ord8063
ord6854
ord10044
ord8391
ord13097
ord13085
ord12810
ord3705
ord13176
ord13183
ord5045
ord5111
ord7093
ord3673
ord3672
ord3624
ord1535
ord2349
ord12127
ord4449
ord3420
ord3452
ord13072
ord13074
ord3466
ord3188
ord14066
ord9580
ord9013
ord11426
ord3208
ord3194
ord2843
ord6632
ord6727
ord6399
ord2943
ord2841
ord6114
ord1262
ord6358
ord404
ord965
ord10019
ord6719
ord8349
ord9329
ord13822
ord3413
ord13804
ord13950
ord13939
ord13962
ord13743
ord14216
ord13738
ord14129
ord12886
ord12684
ord2504
ord4981
ord5538
ord8220
ord3421
ord10067
ord10296
ord8334
ord11706
ord4950
ord11509
ord14211
ord8615
ord2375
ord11880
ord11085
ord3670
ord3623
ord13309
ord4764
ord4755
ord9496
ord14130
ord13890
ord13891
ord13870
ord13901
ord13871
ord1821
ord6733
ord12800
ord476
ord1025
ord544
ord1070
ord657
ord1126
ord681
ord1143
ord5112
ord7618
ord8439
ord477
ord3925
ord2804
ord12486
ord12652
ord7707
ord666
ord1134
ord3903
ord3563
ord3575
ord13601
ord3870
ord1738
ord3979
ord8175
ord7682
ord7841
ord7534
ord12919
ord4331
ord2823
ord2057
ord11330
ord13396
ord11353
ord13415
ord6036
ord11988
ord11407
ord11101
ord13048
ord691
ord3974
ord10694
ord3893
ord2220
ord3996
ord12325
ord6534
ord6537
ord7680
ord6539
ord6535
ord6538
ord13583
ord14083
ord12830
ord6536
ord13416
ord7563
ord1529
ord11556
ord11990
ord12861
ord10808
ord9081
ord11174
ord4446
ord8315
ord8354
ord13384
ord7105
ord8377
ord3399
ord12564
ord12562
ord10450
ord5296
ord7988
ord8487
ord10803
ord3409
ord2861
ord6995
ord1764
ord9889
ord10509
ord2667
ord13142
ord10433
ord10527
ord1583
ord8342
ord8838
ord10520
ord1754
ord7581
ord11877
ord2906
ord3012
ord5103
ord6633
ord796
ord9957
ord6515
ord6799
ord9232
ord9235
ord9239
ord6869
ord891
ord1293
ord13956
ord7176
ord1986
ord1990
ord1895
ord13797
ord12753
ord7616
ord7131
ord7178
ord7203
ord12898
ord6891
ord6533
ord715
ord1592
ord345
ord923
ord11021
ord3958
ord5261
ord2005
ord2457
ord4087
ord1633
ord7615
ord9498
ord11209
ord6141
ord9328
ord5118
ord11845
ord11240
ord7391
ord11236
ord11228
ord3416
ord13568
ord13571
ord13569
ord13572
ord13567
ord13570
ord7179
ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord11864
ord3625
ord3684
ord8530
ord13387
ord7108
ord13381
ord11477
ord11476
ord2164
ord4744
ord13854
ord11784
ord7548
ord7624
ord11923
ord10894
ord13029
ord8115
ord8345
ord7633
ord13116
ord11515
ord5830
ord4975
ord5528
ord11997
ord12938
ord557
ord1081
ord4090
ord12140
ord3915
ord3897
ord7892
ord562
ord1708
ord561
ord1641
ord1674
ord3961
ord560
ord3853
ord556
ord3945
ord3877
ord559
ord558
ord4089
ord10471
ord3495
ord5542
ord12762
ord892
ord1294
ord4802
ord6145
ord6863
ord13391
ord12135
ord5637
ord1861
ord2723
ord11133
ord12056
ord10613
ord2440
ord2419
ord12217
ord13090
ord10733
ord1790
ord3713
ord13111
ord2735
ord7712
ord12163
ord13273
ord3570
ord3585
ord3198
ord2204
ord4821
ord13062
ord2342
ord7076
ord2920
ord2758
ord2759
ord13104
ord4004
ord3550
ord8103
ord8788
ord10501
ord2673
ord10171
ord13165
ord8106
ord8140
ord7320
ord3579
ord3647
ord2291
ord10346
ord10759
ord13243
ord11899
ord7593
ord13011
ord8088
ord8134
ord3584
ord3913
ord2351
ord4819
ord4555
ord6348
ord7392
ord7508
ord7351
ord12034
ord5832
ord13065
ord7580
ord11887
ord8087
ord2316
ord12986
ord1695
ord8162
ord3890
ord8514
ord2911
ord3790
ord1786
ord4195
ord8019
ord8652
ord8642
ord8637
ord9073
ord1937
ord3725

msvcr100

_wfopen
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
fclose
fread
wcsrchr
memmove
fopen
_vswprintf
_wtoi
_itow
_mktime64
_localtime64_s
__CxxLongjmpUnwind
strncpy
strstr
sprintf
strchr
strtoul
atoi
fseek
_purecall
fwrite
wcsstr
wcstok
wcsncpy
_wtof
_beginthreadex
free
calloc
_recalloc
wcschr
mbstowcs
fopen_s
_stat64i32
_CIexp
_CIlog
_CIatan2
_setjmp3
memcpy
_CIpow
floor
_CIsqrt
_setmode
_write
_unlink
_open
_close
_read
exit
malloc
ftell
_wcsicmp
ceil
printf
_beginthread
_access
_time64
_localtime64
__iob_func
fprintf
wcsncat
fflush
_stricmp
sscanf
swscanf
rewind
atof
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strtok
vfprintf
isalpha
_lseek
tmpnam
vsprintf
abort
bsearch
getenv
_getcwd
strrchr
isupper
isdigit
fgetc
_errno
putc
__CxxFrameHandler3
_CxxThrowException
memset
_wcsupr
fscanf
fputc
feof
?what@exception@std@@UBEPBDXZ
fgets
ferror
getc
qsort
rand
realloc
ldiv
longjmp
_swab
strncmp
isprint
_msize
_endthreadex
strcspn
isspace
_gmtime64
perror
_strnicmp
tmpfile

kernel32

FreeLibrary
HeapAlloc
SystemTimeToFileTime
HeapFree
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
UnlockFileEx
GetProcessHeap
FormatMessageA
InitializeCriticalSection
SetEndOfFile
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
ReadFile
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
DeleteFileW
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
ReleaseSemaphore
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
ResumeThread
WaitForSingleObject
GlobalFree
LocalFree
lstrcpyW
GetLocalTime
CreateDirectoryW
InterlockedIncrement
TerminateProcess
CreateMutexW
GetVersionExW
GetCurrentProcess
GetSystemDefaultLangID
GetThreadUILanguage
CloseHandle
CreateFileW
GetDriveTypeW
GetLogicalDriveStringsW
OutputDebugStringW
InterlockedDecrement
GetTickCount
GetFileAttributesW
lstrlenA
CreateSemaphoreW
Sleep
GlobalUnlock
GlobalAlloc
GlobalLock
GetProcAddress
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
GetModuleHandleW
MultiByteToWideChar
SetThreadUILanguage
IsDebuggerPresent
WriteFile
WideCharToMultiByte
GetLastError
GetModuleFileNameW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
FormatMessageW
IsProcessorFeaturePresent

user32

GetWindowLongW
SetRectEmpty
LoadMenuW
GetSubMenu
ScreenToClient
UpdateWindow
InflateRect
GetSysColor
IsChild
GetSystemMetrics
SetParent
ShowScrollBar
SetCursor
PeekMessageW
TranslateMessage
SetScrollPos
GetKeyState
ClientToScreen
SetWindowLongW
OffsetRect
RedrawWindow
CopyRect
SetCaretPos
IsRectEmpty
PtInRect
LoadBitmapW
SetCapture
DrawEdge
ReleaseDC
GetWindowRect
LoadCursorW
MessageBoxW
LoadIconW
GetDC
SetScrollRange
FillRect
KillTimer
GetFocus
SetTimer
GetParent
GetClientRect
SendMessageA
wsprintfW
InvalidateRect
EnableWindow
SetDlgItemTextW
SendMessageW
GetScrollPos
ReleaseCapture
GetScrollRange
DispatchMessageW

gdi32

Rectangle
PtInRegion
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
BitBlt
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
CreatePolygonRgn
GetObjectW
StretchBlt
GetStockObject
CreateFontW
GetCurrentObject
DeleteEnhMetaFile
CreateSolidBrush
DPtoLP
EnumFontFamiliesW
PatBlt
CreatePen
BeginPath
EndPath
FillPath
GetEnhMetaFileHeader
CreatePalette
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
SetEnhMetaFileBits
SelectPalette
SetWinMetaFileBits
SetDIBitsToDevice
CreateDIBSection
GetDIBits
CreateRectRgnIndirect
SaveDC
RealizePalette
StretchDIBits
GetClipBox
ExtSelectClipRgn
RestoreDC
ExtTextOutW
GetDeviceCaps
LPtoDP
CreateRectRgn
DeleteDC
SetTextColor
SetBkColor
SetStretchBltMode
FillRgn
CreateRoundRectRgn
SetPixel
SetBkMode

shell32

ShellExecuteW
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
StrStrIW

ole32

CreateStreamOnHGlobal

oleaut32

VariantClear
OleLoadPicture
SysAllocString
SysFreeString

ws2_32

WSAStartup
htonl
htons
ntohs

msvcp100

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flags@ios_base@std@@QBEHXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?width@ios_base@std@@QBE_JXZ
?_Xlength_error@std@@YAXPBD@Z

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetOpenUrlW

component

_NMK_AddCodebar@12
_NMK_GetCodebarAttrib@4
_NMK_MoveTo@12
_NMK_GetContent@8
_NMK_SetCodebarAttrib@8
_NMK_ReleaseComponent@4
_NMK_MoveFinish@4
_NMK_GetComponentName@4
_NMK_SetScale@12
_NMK_SetDpi@8
_NMK_Encode@4
_NMK_AddText@12
_NMK_SetContent@8
_NMK_AddEllipse@12
_NMK_AddPicture@12
_NMK_AddRfid@12
_NMK_AddLine@12
_NMK_SetSelected@8
_NMK_GeneratePrintInstruct@16
_NMK_GetEllipseAttrib@4
_NMK_SetEllipseAttrib@8
_NMK_Draw@16
_NMK_GetCrisisRect@4
_NMK_GetComponentLeft@4
_NMK_GetComponentTop@4
_NMK_GetComponentKind@4
_NMK_SetFontName@20
_NMK_SetNextPoint@16
_NMK_Stretch@28
_NMK_Moving@12
_NMK_PointInFocus@12
_NMK_GetComponentAngle@4
_NMK_PointInSelf@12
_NMK_IsSelected@4
_NMK_SetFontSize@8
_NMK_SelfInRect@20
_NMK_GetLogFont@4
_NMK_SetFontItalic@8
_NMK_SetFontUnderLine@8
_NMK_SetFontBold@8
_NMK_SetComponentName@8
_NMK_SetBoxAttrib@8
_NMK_SetTop@8
_NMK_SetWidth@8
_NMK_SetHeight@8
_NMK_SetRepeat@16
_NMK_SetPicture@8
_NMK_PreparePicture@4
_NMK_Print@16
_NMK_GetBoxAttrib@4
_NMK_ShiftVert@8
_NMK_ShiftHori@8
_NMK_GetLineAttrib@4
_NMK_SetLineAttrib@8
_NMK_SetRfidAttrib@8
_NMK_GetRfidAttrib@4
_NMK_SetPictureAttrib@8
_NMK_GetPictureAttrib@4
_NMK_GetTextAttrib@4
_NMK_SetTextAttrib@8
png_write_info
png_destroy_write_struct
png_set_bKGD
png_set_write_fn
png_get_tRNS
png_read_info
png_create_read_struct
png_write_end
png_get_io_ptr
png_create_info_struct
png_set_error_fn
png_set_read_fn
png_read_end
png_write_row
png_create_write_struct
png_read_row
png_set_bgr
png_set_pHYs
png_error
png_set_IHDR
png_set_interlace_handling
png_set_compression_level
png_destroy_read_struct
_NMK_SetLeft@8
_NMK_AddBox@12
_NMK_SetComponentAngle@8

database

_Ado_GetDbType@4
_Ado_SetDbStruct@8
_Ado_SetDbType@8
_Ado_SetDbSource@8
_Ado_Close@4
_Ado_Connect@4
_Ado_GetDbTablesList@8
_Ado_IncreaseParameter@4
_Ado_UpdateRecord@4
_Ado_GetFieldValue@12
_Ado_Open@8
_Ado_GetDbFieldList@8
_Ado_CreateInstance@0

datasource

_DS_GetDatabaseStructLen@0
_DS_GetDateStructLen@0
_DS_GetTimeStructLen@0
_DS_GetSerialStructLen@0
_DS_GetScreenStructLen@0
_DS_GetObjectStructLen@0
_DS_GetAiCodeStructLen@0
_DS_ReleaseDataSourceManager@4
_DS_ClearTextDataSourceList@4
_DS_ParameterIncrease@4
_DS_UpdateContent@4
_DS_GetObjectContent@8
_DS_GetAiCodeList@4
_DS_GetDate@8
_DS_GetTime@8
_DS_GetDataSourceCount@4
_DS_SetContent@12
_DS_GetExcelStructLen@0
_DS_CreateDataSourceManager@4
_DS_GetTextDataSourceList@8
_DS_SetDataSourceList@8

symbol

_ShowSymbolDialog@0
_SetSymbolDialogInputHwnd@4
_ShowSymbolDlg@4

language

_Lang_LoadLanguage@4
_Lang_GetResContent@8

regedit

_Reg_DDERegister@20

bitmapfont

_BmpFont_GetSupportFontList@4
_BmpFont_Initialize@0

xml

_xml_readtext@12
_xml_read_node_tag@12
_xml_print@8
_xml_create@0
_xml_load_buf@8
_xml_write_attrib@16
_xml_read@12
_xml_writeEx@12
_xml_free@4
_xml_init@4
_xml_firstchildnode@8
_xml_read_attrib@16
_xml_read_node_val@12
_xml_write@12

fontui

_Font_GetMichromaFont@0

lzma

_Lzma_Uncompress@16
_Lzma_Compress@16

Exports

Exports

_CreateComponentManager@0
_DestroyComponentManager@4

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aac67932d034470a3c729664ba4642e4

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

msvcp100

wininet

component

database

datasource

symbol

language

regedit

bitmapfont

xml

fontui

lzma

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 417KB - Virtual size: 417KB

.data Size: 21KB - Virtual size: 97KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 125KB - Virtual size: 125KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 417KB - Virtual size: 417KB

.data
Size: 21KB - Virtual size: 97KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 125KB - Virtual size: 125KB