407322f26042e8ac07abfbf625a6197468c7bedaef3ef48a9dd2176cdb378e2e

Sharing

Copy URL Twitter E-mail

General

Target

407322f26042e8ac07abfbf625a6197468c7bedaef3ef48a9dd2176cdb378e2e
Size

563KB
MD5

4a4f80e1fc7d9bfa1f2275fbaa6fd366
SHA1

9344cf537ed6c315dd99e444ce6744d002edd504
SHA256

407322f26042e8ac07abfbf625a6197468c7bedaef3ef48a9dd2176cdb378e2e
SHA512

42336d37efcb96e64eed617e6179857c23e3675cc2319ca7d44d7e5cf56a68220dd01d99ab1211f6b36f78acb5266a9a524115b2ab82ea86eab2d85b2ba6c509
SSDEEP

12288:iz7H2lCvM6C26Ys0w8rxnT8S1ViQO9NBKlJhzYaUREOPyV:iPiCvM6C26Ys0xxnwSf6NBKl8LRG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
407322f26042e8ac07abfbf625a6197468c7bedaef3ef48a9dd2176cdb378e2e

Files

407322f26042e8ac07abfbf625a6197468c7bedaef3ef48a9dd2176cdb378e2e
.exe windows x86

dba50e5aa70328872c452be67d6f473f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
WaitForMultipleObjects
CreateThread
FreeLibrary
GetProcAddress
GetLastError
CloseHandle
ReleaseMutex
CreateMutexA
CreateFileA
FlushFileBuffers
ReadFile
WriteFile
GetStdHandle
GetTempPathA
CreatePipe
CreateProcessA
GetModuleFileNameA
GetModuleHandleA
GetLogicalDriveStringsA
GetCompressedFileSizeA
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
LoadLibraryA
DecodePointer
OutputDebugStringW
LoadLibraryW
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringA
SetLastError
GetModuleFileNameW
EnterCriticalSection

user32

UnregisterClassA

advapi32

GetUserNameA

shell32

SHGetSpecialFolderPathA

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??7ios_base@std@@QBE_NXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Xout_of_range@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

mfc140

ord2387
ord2383

vcruntime140

__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
_purecall
strstr
__current_exception
strchr
memchr

api-ms-win-crt-runtime-l1-1-0

_errno
_controlfp_s
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_c_exit

api-ms-win-crt-string-l1-1-0

tolower
isspace
toupper
strncpy
strncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
_ftelli64
__p__commode
ferror
_wfopen
freopen
__stdio_common_vfprintf
_set_fmode
_get_stream_buffer_pointers
fclose
_popen
_pclose
ftell
fflush
fseek
fgets
fgetc
fgetpos
fputc
fread
__acrt_iob_func
fopen
__stdio_common_vsprintf
fsetpos
ungetc
setvbuf
fwrite
_fseeki64

api-ms-win-crt-heap-l1-1-0

_recalloc
_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-convert-l1-1-0

strtoul
_ecvt_s
strtod
_strtoi64
atof
atoi
_strtoui64
strtol

api-ms-win-crt-filesystem-l1-1-0

_findfirst64i32
_stat64i32
_findnext64i32
_lock_file
_findclose
_unlock_file
_access
_mkdir

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
_localtime64

api-ms-win-crt-math-l1-1-0

_except1
_CIfmod
ceil
floor
_isnan
_finite
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

oleaut32

SysFreeString

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dba50e5aa70328872c452be67d6f473f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

mfc140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

oleaut32

Sections

.text Size: 475KB - Virtual size: 475KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 475KB - Virtual size: 475KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 23KB - Virtual size: 23KB