f1c0c7089be4ef5a812ec4ea990c7b2789f6cf29f8652a63652a1d0bc34301b2

Sharing

Copy URL Twitter E-mail

General

Target

f1c0c7089be4ef5a812ec4ea990c7b2789f6cf29f8652a63652a1d0bc34301b2
Size

2.1MB
MD5

eb121499bfe6f6d536f28525437f9730
SHA1

9b142700ebaa73b319c74bde2964687512cd2a64
SHA256

f1c0c7089be4ef5a812ec4ea990c7b2789f6cf29f8652a63652a1d0bc34301b2
SHA512

6f695091eeb1b2c323f0b51d7b78e62c989a33293b72d4514789ba9f50c800220c9902d5e36998f8cf3619c5a68c66980a2e077e836f6a3f1dbe80454e9c43c2
SSDEEP

49152:yjyTjyXtlmBmo4mw/qEOTrYFM0cW2NmDvnmFQRaz+6okGQL9uEZ:yj8WXbS/w/BFM0cW2NmN6oc9uEZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1c0c7089be4ef5a812ec4ea990c7b2789f6cf29f8652a63652a1d0bc34301b2

Files

f1c0c7089be4ef5a812ec4ea990c7b2789f6cf29f8652a63652a1d0bc34301b2
.exe windows x86

a82df6a18d9dfa6616d7c36f58d4153e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertDeleteCertificateFromStore
CertOpenSystemStoreA
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCreateCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertSetEnhancedKeyUsage
CertSetCertificateContextProperty
CertFreeCertificateContext

ktcontroller

Runtime_Component_LoadLibrary

mfc100

ord10922
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord7355
ord9449
ord11184
ord11153
ord11787
ord5098
ord9281
ord6112
ord888
ord1288
ord1939
ord2063
ord2067
ord9399
ord6835
ord320
ord2076
ord6836
ord13256
ord7322
ord1727
ord11882
ord6970
ord6213
ord1278
ord878
ord3839
ord1263
ord3755
ord2838
ord8231
ord6090
ord4340
ord2184
ord5830
ord4341
ord3439
ord5837
ord300
ord12128
ord322
ord13518
ord265
ord266
ord6829
ord457
ord13131
ord13137
ord5144
ord7060
ord13095
ord12865
ord2769
ord4345
ord12432
ord4343
ord7216
ord1900
ord2187
ord4344
ord3475
ord7863
ord3746
ord5875
ord2061
ord6207
ord6106
ord1004
ord1280
ord4267
ord11627
ord14119
ord14116
ord7206
ord5208
ord11277
ord5141
ord5175
ord422
ord3621
ord978
ord5627
ord421
ord10906
ord977
ord13312
ord2524
ord12440
ord7211
ord12430
ord1012
ord3744
ord8486
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord417
ord11726
ord7510
ord7584
ord4349
ord12541
ord12962
ord10030
ord1210
ord788
ord7832
ord4144
ord1230
ord3636
ord12067
ord1639
ord822
ord3490
ord1025
ord2529
ord11280
ord5212
ord2528
ord13316
ord11240
ord10936
ord480
ord1292
ord2025
ord1008
ord6628
ord2422
ord4432
ord4790
ord3354
ord3253
ord12285
ord12283
ord8139
ord3363
ord6809
ord10300
ord2845
ord8228
ord5302
ord5858
ord915
ord3738
ord2742
ord8222
ord5777
ord12868
ord7871
ord316
ord1316
ord2611
ord5242
ord305
ord13045
ord5207
ord1448
ord14075
ord901
ord1294
ord1296
ord3254
ord12344
ord11150
ord10013
ord10881
ord10880
ord10882
ord10879
ord10148
ord1732
ord7091
ord4868
ord4870
ord11646
ord9571
ord10213
ord1929
ord2219
ord1982
ord4283
ord3988
ord11439
ord4498
ord9992
ord812
ord1227
ord8076
ord6572
ord12438
ord968
ord5821
ord3373
ord3234
ord3361
ord919
ord3429
ord2613
ord7861
ord3741
ord2744
ord5534
ord12535
ord2417
ord8224
ord11154
ord5444
ord8304
ord5784
ord895
ord4785
ord3970
ord13219
ord6678
ord8137
ord9475
ord3390
ord946
ord11067
ord10007
ord10360
ord2974
ord2973
ord2752
ord5532
ord10071
ord12124
ord4130
ord3421
ord11924
ord5774
ord6694
ord8554
ord5007
ord13048
ord4143
ord7876
ord374
ord2183
ord11812
ord11938
ord337
ord796
ord11940
ord7927
ord7491
ord11728
ord3486
ord943
ord6070
ord5776
ord6054
ord2916
ord2763
ord8226
ord5841
ord995
ord1402
ord2514
ord2020
ord311
ord307
ord325
ord909
ord4105
ord4265
ord1437
ord7581
ord7837
ord13329
ord11297
ord2818
ord13310
ord11274
ord2056
ord6010
ord4317
ord11744
ord7487
ord13305
ord7892
ord12531
ord2881
ord2878
ord7349
ord2416
ord14059
ord906
ord2090
ord2040
ord1940
ord323
ord1297
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord8235
ord11025
ord3395
ord10883
ord13294
ord8070
ord11107
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord11806
ord3618
ord2626
ord11902
ord462
ord3676
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2088
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8305
ord5803
ord381
ord3620
ord3406
ord310
ord1313
ord1483
ord1479
ord5827

msvcr100

vsprintf
fflush
fprintf
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
fgetc
fputc
ungetc
_lock_file
_unlock_file
setvbuf
fgetpos
_fseeki64
fsetpos
ftell
fseek
realloc
abort
calloc
_stricmp
_setmbcp
_strrev
ferror
fread
feof
isdigit
isspace
qsort
strncmp
strtoul
getenv
wcsstr
raise
__iob_func
tolower
isupper
_strnicmp
strcmp
isxdigit
_errno
_wfopen
_setmode
_fileno
fgets
_gmtime64_s
fputs
signal
_getch
__dllonexit
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
_ltoa
_unlock
memcpy_s
_localtime64
fopen
fwrite
fclose
strtok
strncat
_ismbcdigit
_localtime64_s
strftime
_resetstkoflw
malloc
atof
atoi
_mbscmp
sscanf
_vsnprintf
ceil
free
_time64
_gmtime64
strrchr
atol
sprintf
_itoa
memset
_purecall
memchr
strncpy
strstr
strchr
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memmove
memcpy
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z

kernel32

LoadLibraryA
GetProcAddress
GetTempFileNameA
GetTempPathA
GetCurrentDirectoryA
CreateDirectoryA
GetModuleHandleA
SetLastError
DeactivateActCtx
GetLastError
ActivateActCtx
GlobalFree
GlobalLock
MultiByteToWideChar
FreeLibrary
GetWindowsDirectoryA
SetFileAttributesA
lstrlenA
FindNextFileA
CreateMutexA
GetSystemDirectoryA
GetPrivateProfileIntA
InterlockedIncrement
HeapFree
CopyFileA
GetVersionExA
OutputDebugStringA
ResumeThread
SuspendThread
GetVersion
LocalFree
LocalAlloc
DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
Sleep
TerminateProcess
InterlockedDecrement
lstrlenW
GetPrivateProfileStringA
DeleteCriticalSection
TerminateThread
GetExitCodeThread
InitializeCriticalSection
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GlobalUnlock
GlobalAlloc
FindClose
FindFirstFileA
HeapAlloc
GetSystemTimeAsFileTime
CreateThread
WideCharToMultiByte
WaitForSingleObject
WriteFile
GetFileType
GetStdHandle
GlobalMemoryStatus
FlushConsoleInputBuffer
EncodePointer
CloseHandle
GetProcessHeap

user32

GetUserObjectInformationW
GetProcessWindowStation
TrackPopupMenu
SetMenuDefaultItem
SetForegroundWindow
GetMenuItemID
SetFocus
UpdateWindow
LoadMenuA
DrawTextA
FillRect
CopyRect
LoadIconA
PostQuitMessage
GetSystemMetrics
IsIconic
DrawIcon
FindWindowA
IsWindow
ReleaseCapture
GetSysColor
GetParent
SetCapture
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
GetWindowRect
InflateRect
PtInRect
LoadCursorA
CopyIcon
SetCursor
LoadStringA
RegisterClipboardFormatA
GetCursorPos
GetWindowLongA
SetWindowLongA
LoadIconW
ScreenToClient
ClientToScreen
LoadMenuW
GetSubMenu
DeleteMenu
SendMessageA
EnableWindow
KillTimer
SetTimer
PostMessageA
MessageBoxA
RegisterWindowMessageA

gdi32

Rectangle
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject
BitBlt

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

advapi32

RegisterEventSourceA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyExA
RegCreateKeyA
ReportEventA
DeregisterEventSource

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteExA

shlwapi

PathFileExistsA
PathIsDirectoryA

ole32

DoDragDrop
CreateStreamOnHGlobal
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
OleInitialize
RegisterDragDrop
CoCreateGuid
StringFromGUID2

oleaut32

GetErrorInfo
OleLoadPicture
VariantChangeType
VariantCopy
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocStringLen
SysAllocString
VariantClear

msvcp100

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

pkiutil

KTPKI_GetCertChain
KTPKI_SetCertChainUpdataState
KTPKI_CertFindPrvKey

pkisdk10

KTPKI_PutData
KTPKI_Der2Pem
KTPKI_Pem2Der
KTPKI_ImportKey
KTPKI_PutDataByTrustLevelCAAltName
KTPKI_GetErrorString
KTPKI_CU_ImportCert
KTPKI_CU_ImportCertByTrustLevel

uibasic

KTBsc_GetLastErrNum
KTBsc_UILogin
KTBsc_ListData
KTBsc_B64_Code
KTBsc_GetObject
KTBsc_LoginPubSession
KTBsc_GetTokenInfo
KTBsc_Finalize
KTBsc_LockUILoginfo
KTBsc_Logout
KTBsc_GetSlotInfo
KTBsc_GetSlotCount
KTBsc_Initialize
KTBsc_GetLoginfo
KTBsc_GetData
KTBsc_RemoveData

uicgnt

KTCgnt_ShowCertitificateProperty
KTBsc_ListDataByTrustLevel
KTCgnt_VerifyTimeStamp
KTCgnt_TimeStamp
KTCgnt_TranslateCertStatus
KTCgnt_CheckCertByCRL
KTCgnt_CheckHandleCertByCRL
KTBsc_ListData2
KTCgnt_PutCRLs
KTBsc_GetData2

uicipher

KTCore_Decrypt
KTCore_DeleteFilesFolders
KTCore_GetEnvelopSignFileRecipientInfo
KTCore_Sign
KTCore_VerifySign
KTCore_Encrypt
KTCore_GetSignedFileSignInfo

ktcertbkdll

ord3
ord5
ord1
ord4
ord2

Sections

.text
Size: 1022KB - Virtual size: 1021KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 770KB - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a82df6a18d9dfa6616d7c36f58d4153e

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ktcontroller

mfc100

msvcr100

kernel32

user32

gdi32

comdlg32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp100

pkiutil

pkisdk10

uibasic

uicgnt

uicipher

ktcertbkdll

Sections

.text Size: 1022KB - Virtual size: 1021KB

.rdata Size: 285KB - Virtual size: 284KB

.data Size: 16KB - Virtual size: 541KB

.rsrc Size: 770KB - Virtual size: 769KB

.reloc Size: 94KB - Virtual size: 94KB

.text
Size: 1022KB - Virtual size: 1021KB

.rdata
Size: 285KB - Virtual size: 284KB

.data
Size: 16KB - Virtual size: 541KB

.rsrc
Size: 770KB - Virtual size: 769KB

.reloc
Size: 94KB - Virtual size: 94KB