03407ede6a02c1c75f31e30439d97367a2a731565dcbf0b9d959fc7de32826a0

Sharing

Copy URL

Twitter E-mail

General

Target

03407ede6a02c1c75f31e30439d97367a2a731565dcbf0b9d959fc7de32826a0
Size

159KB
MD5

de260d3c695b2fb717f5de3469240200
SHA1

7dbc95eaa895809cd2eb398efc070d7cc39e7a6e
SHA256

03407ede6a02c1c75f31e30439d97367a2a731565dcbf0b9d959fc7de32826a0
SHA512

0d74ba93c76809052a383ccc38b445262d6634f8f7b7a601e4aece5c0f630b9b9c58ee80434df256f41562c4c7f49599a7f9b5f43da48188a26b89824139b908
SSDEEP

3072:8rKoQiNjdajHfYY9o4LPIrTAc6BT1jPbSNw:8rwiNj8j/YwXLPIrkP+N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03407ede6a02c1c75f31e30439d97367a2a731565dcbf0b9d959fc7de32826a0

Files

03407ede6a02c1c75f31e30439d97367a2a731565dcbf0b9d959fc7de32826a0
.exe windows x86

009b93bcba9590994e5fef25626e6bf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120

ord4039
ord12759
ord7789
ord1985
ord11803
ord11802
ord14240
ord12345
ord7848
ord14440
ord6225
ord14442
ord6227
ord14441
ord6226
ord3801
ord5797
ord12057
ord8062
ord12069
ord12037
ord5646
ord10083
ord310
ord6096
ord13537
ord2716
ord9048
ord11218
ord4433
ord3353
ord3354
ord3256
ord3253
ord10088
ord8055
ord10118
ord10120
ord10119
ord10117
ord10121
ord2158
ord5764
ord8028
ord316
ord8308
ord2199
ord887
ord1384
ord6484
ord3881
ord4826
ord2482
ord4175
ord8587
ord8658
ord13908
ord14009
ord5536
ord11546
ord11547
ord8977
ord11907
ord3787
ord11756
ord14361
ord4100
ord2706
ord14373
ord2168
ord10867
ord6844
ord10831
ord3217
ord13658
ord12077
ord12075
ord1706
ord1718
ord1726
ord1722
ord1731
ord4863
ord4904
ord4871
ord4883
ord4879
ord4875
ord4912
ord4900
ord4867
ord4916
ord4889
ord4851
ord4858
ord4893
ord4450
ord5672
ord9528
ord4442
ord3008
ord14369
ord7771
ord14367
ord14281
ord6745
ord11538
ord13488
ord5814
ord13914
ord5306
ord2638
ord11942
ord3890
ord3321
ord3322
ord3216
ord11986
ord5136
ord5433
ord5643
ord9186
ord5409
ord5139
ord5295
ord5119
ord7574
ord7575
ord7565
ord5293
ord8064
ord3646
ord1041
ord9234
ord14366
ord7770
ord14368
ord12355
ord12356
ord2442
ord10211
ord5241
ord8167
ord12677
ord12740
ord10264
ord12065
ord8229
ord7507
ord1504
ord8803
ord8311
ord301
ord1656
ord1502
ord3782
ord2365

msvcr120

_setmbcp
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
strncpy
free
_purecall
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_vsnprintf_s
memmove
__getmainargs

kernel32

DecodePointer
GetSystemDefaultLangID
OutputDebugStringW
GetCurrentProcess
GetLastError
CloseHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
WaitForMultipleObjects
OpenProcess
Sleep
CreateMutexA
DeleteCriticalSection
InitializeCriticalSectionEx
OutputDebugStringA

user32

LoadIconW
LoadIconA
GetCursorPos
GetWindowRect
GetClientRect
SetForegroundWindow
DrawIcon
AppendMenuA
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsIconic
PostMessageA
EnableWindow
SendMessageA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0id@locale@std@@QAE@I@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ

bcgcbpro2210120

?GetWorkspace@@YAPAVCBCGPWorkspace@@XZ
?SetForceShadow@CBCGPPopupMenu@@SAXH@Z
?StoreWindowPlacement@CBCGPWorkspace@@MAEHABVCRect@@HH@Z
?ShowPopupMenu@CBCGPWorkspace@@UAEHIABVCPoint@@PAVCWnd@@@Z
?SaveState@CBCGPWorkspace@@UAEHPBDPAVCBCGPFrameImpl@@@Z
?SaveCustomState@CBCGPWorkspace@@MAEXXZ
?ReloadWindowPlacement@CBCGPWorkspace@@MAEHPAVCFrameWnd@@@Z
?PreSaveState@CBCGPWinApp@@MAEXXZ
?PreLoadState@CBCGPWorkspace@@MAEXXZ
?OnViewDoubleClick@CBCGPWorkspace@@UAEHPAVCWnd@@H@Z
?OnSelectSkin@CBCGPWorkspace@@UAEXXZ
?OnCustomizeToolBars@CBCGPWinApp@@MAEHXZ
?OnCmdMsg@CBCGPWinApp@@UAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z
?OnClosingMainFrame@CBCGPWorkspace@@MAEXPAVCBCGPFrameImpl@@@Z
?OnBeforeCreateCustomizationDlg@CBCGPWinApp@@MAEXPAVCBCGPToolbarCustomize@@@Z
?OnBeforeChangeVisualTheme@CBCGPWinApp@@MAEXAAUCBCGPAppOptions@@PAVCWnd@@@Z
?OnBCGPIdle@CBCGPWorkspace@@UAEHPAVCWnd@@@Z
?OnAppContextHelp@CBCGPWorkspace@@UAEXPAVCWnd@@QBK@Z
?OnAfterDownloadSkins@CBCGPWorkspace@@UAEXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?OnAfterChangeVisualTheme@CBCGPWinApp@@MAEXPAVCWnd@@@Z
?LoadWindowPlacement@CBCGPWorkspace@@MAEHAAVCRect@@AAH1@Z
?LoadState@CBCGPWinApp@@UAEHPBDPAVCBCGPFrameImpl@@@Z
?LoadCustomState@CBCGPWorkspace@@MAEXXZ
?GetContextMenuManager@CBCGPWorkspace@@QAEPAVCBCGPContextMenuManager@@XZ
?GetRegSectionPath@CBCGPWorkspace@@UAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?ExitInstance@CBCGPWinApp@@UAEHXZ
?CleanState@CBCGPWorkspace@@UAEHPBD@Z
??1CBCGPWinApp@@UAE@XZ
?SetVisualTheme@CBCGPWinApp@@QAEXW4BCGP_VISUAL_THEME@1@@Z
?InitInstance@CBCGPWinApp@@UAEHXZ
??0CBCGPWinApp@@QAE@XZ
?BCGPMessageBox@@YAHPAUHWND__@@PBD1I1PAH@Z
?SetActiveMenu@CBCGPDialog@@MAEXPAVCBCGPPopupMenu@@@Z
?PreTranslateMessage@CBCGPDialog@@UAEHPAUtagMSG@@@Z
?PreInitDialog@CBCGPDialog@@MAEXXZ
?OnSetPlacement@CBCGPDialog@@UAEHAAUtagWINDOWPLACEMENT@@@Z
?OnOK@CBCGPDialog@@UAEXXZ
?OnDrawBackstageWatermark@CBCGPDialog@@UAEXPAVCDC@@VCRect@@@Z
?OnCommand@CBCGPDialog@@MAEHIJ@Z
?OnCancel@CBCGPDialog@@UAEXXZ
?DoModal@CBCGPDialog@@UAEHXZ
?Create@CBCGPDialog@@UAEHPBDPAVCWnd@@@Z
?Create@CBCGPDialog@@UAEHIPAVCWnd@@@Z
?AdjustControlsLayout@CBCGPDialog@@UAEXXZ
??1CBCGPComboBox@@UAE@XZ
??0CBCGPComboBox@@QAE@XZ
??1CBCGPDialog@@UAE@XZ
?GetThisMessageMap@CBCGPDialog@@KGPBUAFX_MSGMAP@@XZ
?OnInitDialog@CBCGPDialog@@MAEHXZ
?GetRuntimeClass@CBCGPDialog@@UBEPAUCRuntimeClass@@XZ
??0CBCGPDialog@@QAE@IPAVCWnd@@@Z
?GetThisClass@CBCGPDialog@@SGPAUCRuntimeClass@@XZ
?GetRuntimeClass@CBCGPWinApp@@UBEPAUCRuntimeClass@@XZ
?EnableVisualManagerStyle@CBCGPDialog@@QAEXHHPBV?$CList@II@@@Z

libsys

sys_threadbox_cancel
sys_threadbox_stop
sys_threadbox_start
sys_threadbox_uninit
sys_threadbox_init
sys_waitforsingleobject
sys_readint
sys_startup
sys_sprintfn
sys_enumdisk
sys_getcurrentpath
sys_writestr
sys_readstr
sys_getprocessidEx
sys_writeint

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

009b93bcba9590994e5fef25626e6bf7

Headers

DLL Characteristics

File Characteristics

Imports

mfc120

msvcr120

kernel32

user32

advapi32

shell32

msvcp120

bcgcbpro2210120

libsys

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 128KB - Virtual size: 127KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 128KB - Virtual size: 127KB