99dfb0d9723cdd47fa15860e6c01193cf3eefdb70e5dd6938837de8316c6e7bd

Sharing

Copy URL Twitter E-mail

General

Target

99dfb0d9723cdd47fa15860e6c01193cf3eefdb70e5dd6938837de8316c6e7bd
Size

54KB
MD5

1e98b4ace2aec8844a790ed6584469f1
SHA1

318cb1b1d92bee3250d500f6f81cabeb85004159
SHA256

99dfb0d9723cdd47fa15860e6c01193cf3eefdb70e5dd6938837de8316c6e7bd
SHA512

365272edda1b9c827d9d7e210b6a674f1139d15804cde93bba3da5508745f26135c8632385ebe28a284b6acf5e82edfdb4ed2edf1bfbe42b90a88f77417be9e5
SSDEEP

1536:C0+blOF9IGHEHuS4c6wcJZhGiqeYObZm:C0myZkHWwqGheYOb8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99dfb0d9723cdd47fa15860e6c01193cf3eefdb70e5dd6938837de8316c6e7bd

Files

99dfb0d9723cdd47fa15860e6c01193cf3eefdb70e5dd6938837de8316c6e7bd
.exe windows x86

35fc025fcd57cc6c672fb7423f14f8f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryA

dbghelp

SymGetOptions
SymSetOptions
SymInitialize

kernel32

InterlockedDecrement
GetCurrentProcess
HeapFree
CreateDirectoryW
GetTickCount
EnumTimeFormatsA
OpenProcess
Sleep
GetConsoleWindow
HeapDestroy
HeapCreate
GetFileAttributesW
TerminateProcess
GetTempPathW
GetLastError
MoveFileW
Process32FirstW
RemoveDirectoryW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
DeleteFileW
GetCurrentProcessId
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
HeapAlloc
CreateProcessW
InterlockedExchange
DecodePointer
EncodePointer
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
InterlockedCompareExchange

user32

MessageBoxW
ShowWindow
GetCursorPos

advapi32

OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
GetTokenInformation

shell32

ShellExecuteExW

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringLen
SysAllocString

msvcr100

_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
memset
_exit
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??2@YAPAXI@Z
exit
fclose
_wdupenv_s
fwrite
_wsystem
memcpy_s
??3@YAXPAX@Z
??_V@YAXPAX@Z
_lock_file
setvbuf
wcsstr
_vswprintf_c_l
fsetpos
fgetc
fflush
memchr
_fseeki64
fgetpos
ungetc
malloc
_unlock_file
free
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
fputc
_stricmp
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
memcpy

msvcp100

?id@?$codecvt@DDH@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35fc025fcd57cc6c672fb7423f14f8f2

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

dbghelp

kernel32

user32

advapi32

shell32

oleaut32

msvcr100

msvcp100

wininet

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB