4501975e1a09f465692dd1f4f7007fb871b083fb0965d83eb231ef300c364484

Sharing

Copy URL Twitter E-mail

General

Target

4501975e1a09f465692dd1f4f7007fb871b083fb0965d83eb231ef300c364484
Size

244KB
MD5

a15d815155f9e9ad67a55572e22bc349
SHA1

7860a93071541a21a9bb100e30872c27b5a4435a
SHA256

4501975e1a09f465692dd1f4f7007fb871b083fb0965d83eb231ef300c364484
SHA512

b7b2512b621dadc04138476a0c1182692b2a01571ccd083888c2de2c26c8fe546b3748e23157b3c63f619dc7c4b31d099256f4582f050e80cb2df6f659047168
SSDEEP

6144:ZfXzVGzM5ha2R+F3K0MLiq4fwYGGBGTR4z:VcQ5U0kfAGBaRu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4501975e1a09f465692dd1f4f7007fb871b083fb0965d83eb231ef300c364484

Files

4501975e1a09f465692dd1f4f7007fb871b083fb0965d83eb231ef300c364484
.exe windows x86

a36ebc49279aa2e14685dd195ba237f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSimulateHotKey
ImmIsIME

proxy

??1CIEProxyInfo@@UAE@XZ
?CreateSocks5ProxyUDPSocket@CProxyTool@@QAEHAAI0AAUsockaddr_in@@ABVCString@@G222GAAV3@@Z
??1CProxyTool@@UAE@XZ
?IsIESetProxy@CIEProxyInfo@@QAEHXZ
??0CIEProxyInfo@@QAE@XZ
?GetUserProxySetting@CProxyTool@@QAEHAAHAAVCString@@AAG11@Z
??0CProxyTool@@QAE@XZ

mfc42

ord1146
ord4234
ord1233
ord2086
ord6270
ord641
ord1168
ord537
ord6453
ord3663
ord2841
ord2448
ord2864
ord5440
ord6383
ord1644
ord5450
ord2044
ord2107
ord3903
ord5834
ord2614
ord1979
ord5572
ord5442
ord2915
ord3318
ord665
ord5186
ord354
ord6385
ord4278
ord2818
ord6394
ord939
ord6663
ord924
ord926
ord3092
ord6805
ord5981
ord6199
ord4287
ord5875
ord283
ord3797
ord4476
ord3626
ord2414
ord1175
ord6699
ord6803
ord2233
ord6597
ord1768
ord6197
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord941
ord4425
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord1247
ord6117
ord2621
ord1134
ord2725
ord5710
ord539
ord4299
ord4284
ord3920
ord3706
ord1641
ord2380
ord3089
ord3874
ord6880
ord4123
ord3597
ord324
ord801
ord541
ord4129
ord2764
ord861
ord5861
ord3402
ord3721
ord3619
ord795
ord6380
ord640
ord5789
ord1640
ord323
ord2859
ord5683
ord860
ord668
ord1980
ord3178
ord4058
ord2781
ord2770
ord356
ord4202
ord2763
ord857
ord1572
ord465
ord1770
ord1862
ord4220
ord2584
ord3654
ord686
ord559
ord384
ord2438
ord812
ord6144
ord2408
ord5862
ord807
ord3289
ord2097
ord4163
ord2120
ord554
ord3571
ord2567
ord2754
ord2753
ord818
ord800
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord1576
ord5280
ord1775
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord5265
ord4411
ord4447
ord5809
ord5480
ord4919
ord278
ord605
ord3570
ord966
ord1971
ord5478
ord5796
ord4863
ord4335
ord2031
ord5481
ord5810
ord6215
ord2379
ord1639
ord535
ord858
ord823
ord2077
ord2029
ord4275
ord825
ord567
ord540
ord2642
ord6883
ord4079
ord4698
ord6662

msvcrt

__p__commode
_except_handler3
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
srand
strncpy
_beginthreadex
rand
time
_ftol
swprintf
_wtol
_wtoi
_adjust_fdiv
_mbsnbcmp
_mbsstr
_mbsncmp
_mbschr
_vsnprintf
fprintf
sprintf
fwrite
rename
fopen
fclose
atoi
_mbscmp
atol
_mbsnbcpy
realloc
free
__CxxFrameHandler
__p__fmode
__set_app_type
wcslen
_mbsicmp
__setusermatherr
_controlfp
_initterm
memmove
_fstat
_fileno
_setmbcp

kernel32

OpenProcess
CreateProcessA
RemoveDirectoryA
CreateDirectoryA
GetFileAttributesA
GetCurrentProcess
SetProcessWorkingSetSize
LoadLibraryA
GetProcAddress
GetVersion
GetVersionExA
GlobalMemoryStatus
GetDiskFreeSpaceExA
CopyFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcpynA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
CreateFileA
GetFileSize
ReadFile
lstrlenW
WideCharToMultiByte
GetModuleHandleA
CloseHandle
CreateMutexA
MultiByteToWideChar
GetLocalTime
DeleteFileA
GetModuleFileNameA
lstrlenA
GetTickCount
GetLastError
GetTempPathA
GetStartupInfoA
GetTempFileNameA
WaitForMultipleObjects

user32

DrawTextA
DrawIconEx
GetWindowTextW
GetWindowTextA
ClientToScreen
GetWindowThreadProcessId
IsWindowEnabled
RedrawWindow
InvalidateRect
OffsetRect
DrawTextW
WindowFromPoint
ScreenToClient
GetTopWindow
BeginPaint
EndPaint
GetWindowRgn
GetWindowDC
GetMenuItemInfoA
InflateRect
SetCursor
CreateWindowExA
GetWindowLongA
CopyRect
SystemParametersInfoA
GetSystemMetrics
IsZoomed
AppendMenuA
MessageBoxA
PtInRect
EnableMenuItem
GetKeyboardLayout
SetClassLongA
GetClassLongA
GetSysColor
PostMessageA
GetParent
GetClientRect
GetWindowRect
SetWindowPos
CallWindowProcA
SetRect
SetWindowRgn
SetWindowLongA
GetDC
ReleaseDC
LoadImageA
GetWindow
GetPropA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
SetForegroundWindow
GetClassNameA
MoveWindow
SendMessageA
wsprintfA
GetDesktopWindow
RemovePropA
CreatePopupMenu
IsWindowVisible
RegisterWindowMessageA
GetCursorPos
IsWindow
SetPropA
LoadIconA
EnableWindow
SetTimer
KillTimer

gdi32

SetTextColor
SetStretchBltMode
CreateCompatibleDC
CreateDIBSection
ExtCreateRegion
SelectObject
StretchBlt
Rectangle
CreateSolidBrush
CreatePen
Ellipse
CreateFontA
CreateDCA
GetTextExtentPoint32A
SetBkColor
CreateRectRgn
OffsetRgn
SelectClipRgn
ExcludeClipRect
ExtSelectClipRgn
CreateRectRgnIndirect
CreateRoundRectRgn
SetBkMode
DeleteDC
CombineRgn
MoveToEx
LineTo
GetStockObject
RoundRect
FillRgn
BitBlt
CreateFontIndirectA
GetDeviceCaps
CreateBitmap
DeleteObject
GetObjectA
CreateDIBitmap
GetDIBits

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

InitCommonControlsEx
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent

ole32

CoCreateInstance
CoLoadLibrary

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayUnaccessData

urlmon

URLDownloadToFileA

wsock32

ntohs
WSAGetLastError
htonl
ntohl
closesocket
htons

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

msimg32

GradientFill

winmm

mixerClose
mixerGetNumDevs
mixerGetLineInfoA
mixerOpen

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a36ebc49279aa2e14685dd195ba237f9

Headers

File Characteristics

Imports

imm32

proxy

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

wsock32

msvcp60

msimg32

winmm

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 24KB - Virtual size: 22KB