cd1088fbd218e1752873d8cde04825b9324348c7cb13dee5f7cbea03f3bc8ce4

Sharing

Copy URL Twitter E-mail

General

Target

cd1088fbd218e1752873d8cde04825b9324348c7cb13dee5f7cbea03f3bc8ce4
Size

198KB
MD5

becff611ec484bb1674c6862dbf1a596
SHA1

43880e3aedb8863b999dba6edb1cedbc4197a224
SHA256

cd1088fbd218e1752873d8cde04825b9324348c7cb13dee5f7cbea03f3bc8ce4
SHA512

e6b5c7350f7010026a6dea53537970017e10eca3aba05dc55af5e640dff7fc1e267e0e6812d1ca4d122028d045e37580f4f71f7e3a9741287abb650ec23c1806
SSDEEP

3072:eYOd/J+siGMw84QHSB0EGmaWd7F8CvK578Wqv07OGFTv:eYOtJX9QyqEGNWdx9v3WquFD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd1088fbd218e1752873d8cde04825b9324348c7cb13dee5f7cbea03f3bc8ce4

Files

cd1088fbd218e1752873d8cde04825b9324348c7cb13dee5f7cbea03f3bc8ce4
.exe windows x86

8b7dc7185e8f954eff8eedf9c6fde827

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120

ord13914
ord1502
ord4425
ord2944
ord545
ord1170
ord11815
ord1687
ord970
ord1441
ord11792
ord12243
ord4613
ord4969
ord2168
ord2199
ord10211
ord7507
ord990
ord1463
ord2259
ord7845
ord2158
ord949
ord13238
ord7175
ord13690
ord1174
ord1438
ord6729
ord10083
ord5646
ord12740
ord12037
ord12069
ord10264
ord8062
ord4537
ord12065
ord12057
ord5797
ord3801
ord6226
ord14441
ord6227
ord14442
ord11547
ord14440
ord7848
ord12345
ord14240
ord11803
ord11802
ord1985
ord7789
ord12759
ord4039
ord4100
ord9234
ord14366
ord7770
ord14368
ord12356
ord12355
ord2442
ord5241
ord8167
ord12677
ord8229
ord8311
ord5005
ord8308
ord2709
ord14346
ord3823
ord2947
ord8586
ord4172
ord3142
ord8969
ord6465
ord4184
ord3208
ord8973
ord6707
ord4826
ord3782
ord1524
ord1384
ord10867
ord14009
ord7667
ord6410
ord8204
ord12734
ord8600
ord12399
ord1645
ord8977
ord11907
ord3787
ord11756
ord14361
ord8803
ord12038
ord6844
ord10831
ord9094
ord3217
ord13658
ord12077
ord12075
ord1706
ord1718
ord1726
ord1722
ord1731
ord4863
ord4904
ord4871
ord4883
ord4879
ord4875
ord4912
ord4900
ord4867
ord4916
ord4889
ord4851
ord4858
ord4893
ord4450
ord9528
ord4442
ord3008
ord14369
ord7771
ord14367
ord6745
ord11538
ord13488
ord5814
ord2638
ord11942
ord3890
ord3322
ord3321
ord11986
ord5136
ord5433
ord5643
ord9186
ord5409
ord5672
ord5139
ord5295
ord5119
ord6007
ord7574
ord7575
ord7565
ord5293
ord8064
ord10088
ord9047
ord310
ord305
ord5801
ord2963
ord1521
ord10302
ord7350
ord3646
ord5306
ord1128
ord6426
ord11949
ord8878
ord10844
ord11218
ord4041
ord3354
ord3353
ord3117
ord6096
ord13537
ord997
ord1108
ord6366
ord6443
ord2716
ord11991
ord2123
ord8595
ord3831
ord4764
ord2256
ord1106
ord462
ord6973
ord300
ord9073
ord3216
ord9048
ord6098
ord13541
ord3256
ord3253
ord8055
ord2717
ord10118
ord10120
ord10119
ord10117
ord10121
ord5536
ord887
ord11546
ord1041
ord316
ord2365
ord6225
ord1504

msvcr120

_setmbcp
_CxxThrowException
memcpy
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
memset
_localtime64_s
atoi
_time64
exit
strtol
_errno
_purecall
malloc
rand
free
memmove
__CxxFrameHandler3

kernel32

WideCharToMultiByte
Sleep
MultiByteToWideChar
GetLastError
GetProcAddress
OutputDebugStringW
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
CreateThread
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx

user32

LoadIconW
GetSystemMenu
AppendMenuA
SetTimer
SendMessageA
GetSystemMetrics
DrawIcon
KillTimer
IsIconic
GetClientRect
EnableWindow

comctl32

InitCommonControlsEx

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z

ws2_32

WSAGetLastError
WSACleanup
gethostbyname
htons
socket
connect
closesocket
shutdown
recv
send
select
WSAStartup

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b7dc7185e8f954eff8eedf9c6fde827

Headers

DLL Characteristics

File Characteristics

Imports

mfc120

msvcr120

kernel32

user32

comctl32

msvcp120

ws2_32

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 11KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 11KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 12KB - Virtual size: 12KB