2f95b7a48069e18bbd9da07014e1fa9f122406e74eb1f9dd9f7451b25e87b258

Sharing

Copy URL Twitter E-mail

General

Target

2f95b7a48069e18bbd9da07014e1fa9f122406e74eb1f9dd9f7451b25e87b258
Size

406KB
MD5

2ed4411dd6238a0e336e5f15e3f39e88
SHA1

b7c33fc7cfe199b4c9fc177890b9a78c4ad3f2e0
SHA256

2f95b7a48069e18bbd9da07014e1fa9f122406e74eb1f9dd9f7451b25e87b258
SHA512

816d5f45eedaac9ce2c29dcee216b1e938b19f79b31048c651eec6500daba24c2a49816ad99f8fdfdceb576d75bedb8f5db7b944a10f238e34ef01699f833442
SSDEEP

12288:GWAh4yadiuFuTFE/iRR7OWDDuOUzOe94nKewjFs:GWAhUFux7gzRNs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f95b7a48069e18bbd9da07014e1fa9f122406e74eb1f9dd9f7451b25e87b258

Files

2f95b7a48069e18bbd9da07014e1fa9f122406e74eb1f9dd9f7451b25e87b258
.exe windows x86

6116e27809fd4364959acb69d13d27c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

filechecklib

??0CFileCheck@@QAE@XZ
??1CFileCheck@@QAE@XZ
?Init@CFileCheck@@QAE_NXZ
?SetParam@CFileCheck@@QAE_NABUST_PARAM@@PAVCHttpPostData@@@Z
?MultiThreadCheck@CFileCheck@@QAE_NXZ
?PostCheckTask@CFileCheck@@QAEXPAXV?$vector@VAttachment2@@V?$allocator@VAttachment2@@@std@@@std@@@Z
?FinishMultiThreadCheck@CFileCheck@@QAEXXZ
?SetSingleThreadParam@CFileCheck@@QAE_NABUST_PARAM@@@Z
?CheckFile@CFileCheck@@QAE_NABUST_File@@AAV?$vector@UST_FILERESULT@@V?$allocator@UST_FILERESULT@@@std@@@std@@@Z
?UnInit@CFileCheck@@QAEXXZ

kernel32

DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateFileA
GetTempPathA
GetConsoleWindow
GetCompressedFileSizeA
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
LoadLibraryW
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringA
SetLastError
GetModuleFileNameW
GetModuleHandleA
EnterCriticalSection

user32

UnregisterClassA
ShowWindow

msvcp140

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

vcruntime140

memchr
__std_terminate
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__current_exception_context
__CxxFrameHandler3
memcpy
memmove
memset
__current_exception
strchr
_purecall
strstr

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_configure_narrow_argv
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_controlfp_s
_invalid_parameter_noinfo
_errno

api-ms-win-crt-heap-l1-1-0

_callnewh
_recalloc
malloc
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
fread
__stdio_common_vsprintf_s
fsetpos
_ftelli64
_fseeki64
fopen
ferror
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_wfopen
fwrite
setvbuf
_popen
_pclose
ftell
fseek
fgets
ungetc
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vfprintf
fputc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64i32
_access
_lock_file

api-ms-win-crt-string-l1-1-0

toupper
strncmp
strncpy

api-ms-win-crt-convert-l1-1-0

atoi
_strtoi64
strtoul
strtol
_strtoui64
atof
_ecvt_s
strtod

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_gmtime64

api-ms-win-crt-math-l1-1-0

_finite
floor
ceil
_CIfmod
_isnan
__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

oleaut32

SysFreeString

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6116e27809fd4364959acb69d13d27c5

Headers

DLL Characteristics

File Characteristics

Imports

filechecklib

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

oleaut32

Sections

.text Size: 336KB - Virtual size: 336KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 336KB - Virtual size: 336KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 17KB - Virtual size: 17KB