e65433d03a8de1e2a51b1908d63e0d026f8899905f135a360eb4250ef44bf963

Sharing

Copy URL Twitter E-mail

General

Target

e65433d03a8de1e2a51b1908d63e0d026f8899905f135a360eb4250ef44bf963
Size

796KB
MD5

58d19eac6f37a240b6b38a2ff8c848eb
SHA1

04e581a2e2520e7b2f76295f97dfdf4c71531d6e
SHA256

e65433d03a8de1e2a51b1908d63e0d026f8899905f135a360eb4250ef44bf963
SHA512

f0a1c7c39ee615959b525bd318679482992f6e6ce83a4c3cfed95c5b22968a7140f8597ee76db880be6578b59c66a4045d6cd1dfc661fb079f028ca6b5b34473
SSDEEP

24576:BIZOWFlEaXg6AfloWRSAzKPPEn2aunSpm:BIVFhAfloW9WPP82aunSpm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e65433d03a8de1e2a51b1908d63e0d026f8899905f135a360eb4250ef44bf963

Files

e65433d03a8de1e2a51b1908d63e0d026f8899905f135a360eb4250ef44bf963
.exe windows x86

195232277b717b50a355929e44f61d2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xmixer

CreateIXMixer

winmm

mixerOpen
mixerGetDevCapsA
mmioClose
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetNumDevs
mmioSeek
mmioOpenA
mmioWrite
mmioAscend
mmioRead
mmioCreateChunk
mmioDescend
waveOutClose
mixerGetID
waveOutOpen
mixerGetLineControlsA
mixerGetLineInfoA
mixerClose

xsound

CreateIXSoundIn

mp3enc

InitAll
SetInput

iphlpapi

GetAdaptersInfo
SendARP

mfc42

ord860
ord3996
ord2100
ord6334
ord6199
ord924
ord5791
ord3573
ord4299
ord2864
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord781
ord5572
ord2111
ord2642
ord6215
ord4123
ord2086
ord3402
ord3708
ord4396
ord556
ord809
ord1793
ord4275
ord4160
ord6358
ord1088
ord2122
ord2859
ord2574
ord3572
ord609
ord2575
ord3574
ord1842
ord4724
ord4538
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord529
ord366
ord2494
ord2627
ord2626
ord6067
ord6000
ord2117
ord6625
ord4457
ord5252
ord4413
ord1200
ord6069
ord2011
ord3811
ord4151
ord3337
ord1146
ord4163
ord4204
ord3610
ord656
ord5875
ord3874
ord2089
ord616
ord795
ord1247
ord2080
ord2116
ord3721
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord668
ord2770
ord356
ord4476
ord859
ord6283
ord6282
ord2393
ord268
ord1567
ord3742
ord818
ord2152
ord1233
ord755
ord470
ord703
ord404
ord1979
ord665
ord5186
ord354
ord603
ord273
ord275
ord816
ord3908
ord562
ord5442
ord3318
ord1783
ord5308
ord4779
ord5811
ord5482
ord2032
ord4335
ord4863
ord4975
ord4919
ord5797
ord5479
ord1995
ord967
ord3717
ord523
ord791
ord4447
ord4411
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord2763
ord617
ord5301
ord5214
ord296
ord986
ord520
ord926
ord1205
ord4159
ord6117
ord1134
ord5683
ord6515
ord1151
ord3092
ord1158
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord2078
ord4426
ord338
ord652
ord4823
ord922
ord1841
ord4589
ord4588
ord4899
ord4370
ord4892
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord5260
ord4720
ord6379
ord2438
ord6270
ord4220
ord2584
ord3654
ord2863
ord1644
ord2820
ord1105
ord6663
ord5710
ord3499
ord2515
ord355
ord6616
ord2139
ord3215
ord389
ord6385
ord6743
ord1138
ord6172
ord5789
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord283
ord4033
ord433
ord2135
ord1949
ord4034
ord4284
ord5787
ord5788
ord4133
ord4297
ord3693
ord2860
ord3401
ord815
ord561
ord2725
ord4278
ord4167
ord521
ord6307
ord3584
ord543
ord803
ord2077
ord711
ord413
ord5823
ord3664
ord5620
ord940
ord5480
ord501
ord773
ord1083
ord3500
ord5607
ord5621
ord802
ord542
ord1085
ord5601
ord2754
ord2614
ord6453
ord3706
ord2302
ord3716
ord790
ord3797
ord3920
ord6880
ord1576
ord364
ord784
ord4241
ord5037
ord4480
ord6157
ord2688
ord6877
ord6648
ord3089
ord6111
ord2405
ord1795
ord686
ord384
ord2096
ord6119
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord5279
ord5064
ord5248
ord2444
ord3730
ord807
ord554
ord4268
ord4598
ord5882
ord2243
ord4454
ord4694
ord6369
ord713
ord5604
ord414
ord5859
ord4243
ord3910
ord2862
ord6311
ord4171
ord6502
ord676
ord1980
ord3178
ord2782
ord2771
ord369
ord6784
ord2097
ord6612
ord3015
ord6649
ord5922
ord5311
ord3173
ord6740
ord5773
ord5651
ord3127
ord3616
ord350
ord3126
ord3613
ord3873
ord2113
ord548
ord551
ord6242
ord5981
ord3495
ord2713
ord3521
ord1858
ord4216
ord4083
ord1859
ord1816
ord5450
ord5834
ord6394
ord2841
ord2448
ord5440
ord6383
ord2044
ord2107
ord3482
ord4265
ord1930
ord3294
ord1126
ord5884
ord2921
ord6605
ord2012
ord1938
ord6794
ord6887
ord1803
ord6380
ord6197
ord1768
ord3301
ord4224
ord6907
ord693
ord2915
ord415
ord1081
ord2775
ord5605
ord715
ord5809
ord2884
ord1175
ord5715
ord4226
ord2726
ord817
ord565
ord4424
ord4622
ord5289
ord5307
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord1948
ord2379
ord4234
ord325
ord324
ord326
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136

msvcrt

__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
isxdigit
sscanf
toupper
strncat
_CxxThrowException
abs
strchr
free
isdigit
_onexit
_filelength
isprint
vsprintf
_strdate
fprintf
_strtime
strrchr
_ftol
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
fopen
fseek
_adjust_fdiv
_controlfp
__p__commode
__p__fmode
wcslen
_strdup
_setmbcp
__set_app_type
mktime
ftell
fread
fwrite
strcpy
__CxxFrameHandler
atoi
atol
memset
rand
_purecall
memcpy
srand
time
_mbscmp
_mbsicmp
sprintf
strcat
strlen
_spawnl
strcmp
__p___argv
memmove
_mbsrchr
fclose
localtime

kernel32

SetLastError
SetupComm
GetCommState
SetCommMask
PurgeComm
SetCommState
SetCommTimeouts
GetPrivateProfileStringA
DeleteFileA
CreateToolhelp32Snapshot
CreateFileA
OpenProcess
TerminateProcess
Process32Next
CreateEventA
GetLastError
CloseHandle
CreateProcessA
GetPrivateProfileIntA
Sleep
GetCurrentThreadId
CreateMutexA
SetCurrentDirectoryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetCommTimeouts
ReadFile
WaitCommEvent
SuspendThread
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrA
GetSystemTime
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA
GetVersionExA
WriteFile
WritePrivateProfileStringA
WaitForSingleObject
WinExec
FreeResource
LoadResource
SizeofResource
FindResourceA
LoadLibraryA
GetSystemDefaultLangID
GetModuleFileNameA
WaitForMultipleObjects
SetEvent
MultiByteToWideChar
lstrlenA
InterlockedDecrement
LocalFree
TerminateThread
GetTempPathA
GetStdHandle
DuplicateHandle
GetCurrentProcess
CreatePipe
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateThread
CopyFileA
FreeLibrary
CreateDirectoryA
lstrlenW
WideCharToMultiByte
Process32First
ResetEvent
GetProcAddress

user32

GetKeyState
GetFocus
ValidateRect
SetCapture
DispatchMessageA
GetMessageA
ScreenToClient
IsRectEmpty
DrawFrameControl
GetMenuItemInfoA
RemovePropA
SetPropA
GetPropA
SetMenuItemInfoA
GetMenuItemCount
IsMenu
GetMenuItemRect
SetWindowsHookExA
UnhookWindowsHookEx
SetWindowLongA
IsWindowVisible
CallNextHookEx
GetWindowLongA
CallWindowProcA
SetRectEmpty
EqualRect
GetMenu
GetSystemMenu
GetForegroundWindow
TrackPopupMenuEx
DestroyIcon
IntersectRect
TrackMouseEvent
MessageBoxA
GetWindowRgn
SetWindowRgn
SetCursor
ReleaseCapture
GetCapture
ClientToScreen
WindowFromPoint
DestroyCursor
SetWindowPos
GetDesktopWindow
GetWindow
ScrollDC
PostThreadMessageA
DrawStateA
InflateRect
CopyRect
DrawFocusRect
GetWindowTextA
GetDC
GrayStringA
DrawTextA
TabbedTextOutA
FillRect
GetSysColor
SetCursorPos
mouse_event
LoadMenuA
RemoveMenu
GetSubMenu
EnableMenuItem
GetCursorPos
CheckRadioButton
MoveWindow
SystemParametersInfoA
LoadCursorA
UpdateWindow
GetClassNameA
SetWindowTextA
GetDlgItem
RedrawWindow
SetTimer
ReleaseDC
GetWindowDC
GetWindowRect
SetMenu
LoadBitmapA
OffsetRect
PtInRect
EnumDisplaySettingsA
ChangeDisplaySettingsA
wsprintfA
KillTimer
GetParent
IsChild
InvalidateRect
SetRect
LoadIconA
DrawEdge
IsWindow
GetSystemMetrics
ShowWindow
FindWindowA
FindWindowExA
SendMessageA
PostMessageA
EnableWindow
GetClientRect
LoadImageA
GetDlgCtrlID

gdi32

SetDIBitsToDevice
FillRgn
StretchDIBits
SetPixel
GetPixel
GetTextColor
GetCurrentObject
GetClipBox
Rectangle
OffsetRgn
CreateDIBSection
ExtCreateRegion
CombineRgn
SelectClipRgn
CreateRectRgn
GetDIBits
Ellipse
SetBkColor
SelectObject
DeleteObject
DeleteDC
GetBkColor
GetDeviceCaps
RoundRect
CreatePen
Escape
ExtTextOutA
TextOutA
StretchBlt
RectVisible
PtVisible
CreateCompatibleBitmap
CreateBitmap
GetTextExtentPoint32A
CreateSolidBrush
RealizePalette
CreateFontA
GetStockObject
BitBlt
CreateCompatibleDC
CreateHalftonePalette
CreatePalette
GetDIBColorTable
GetObjectA
CreateFontIndirectA
SetTextColor
GetTextMetricsA

advapi32

RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

SHGetFileInfoA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Add
_TrackMouseEvent

ole32

CoCreateInstance
CLSIDFromProgID
CoInitialize
CoUninitialize
CLSIDFromString
OleRun

olepro32

ord251

oleaut32

GetErrorInfo
SetErrorInfo
VariantCopy
VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString
CreateErrorInfo

msacm32

acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamOpen
acmStreamSize
acmStreamClose

wsock32

sendto
select
recvfrom
closesocket
inet_addr
socket
setsockopt
htonl
listen
shutdown
htons
WSACleanup
WSAStartup
gethostname
gethostbyname
ioctlsocket

ws2_32

WSAIoctl

netapi32

Netbios

msvcirt

??_Dofstream@@QAEXXZ
??0ofstream@@QAE@PBDHH@Z
?openprot@filebuf@@2HB

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

195232277b717b50a355929e44f61d2e

Headers

File Characteristics

Imports

xmixer

winmm

xsound

mp3enc

iphlpapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

msacm32

wsock32

ws2_32

netapi32

msvcirt

Sections

.text Size: 672KB - Virtual size: 671KB

.rdata Size: 104KB - Virtual size: 101KB

.data Size: 8KB - Virtual size: 194KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 672KB - Virtual size: 671KB

.rdata
Size: 104KB - Virtual size: 101KB

.data
Size: 8KB - Virtual size: 194KB

.rsrc
Size: 8KB - Virtual size: 5KB