6e5ab5d49bfa0233d343af2556a553edf82e73cbbed4dc8a9fbecfca6096e8a6

Sharing

Copy URL Twitter E-mail

General

Target

6e5ab5d49bfa0233d343af2556a553edf82e73cbbed4dc8a9fbecfca6096e8a6
Size

185KB
MD5

8d3738dcd45637e3a4f4e0defc5bd270
SHA1

7db70ded8c94acb54a339775e6071fb7ff28efc8
SHA256

6e5ab5d49bfa0233d343af2556a553edf82e73cbbed4dc8a9fbecfca6096e8a6
SHA512

2d37c7c5e9f2d135c54e0ae34c5cd332328b6257eec644d4c62298c3dafd469bbeba3f0edee4fbdcd6e7d6bc7b7bbe08455959c035ad28f34ed9865dd6c7b3c5
SSDEEP

3072:i+Roh42Z8PzF7EDJXUopjoUrNL7yQ3UdO6jrcvA:hRIdZ8PzyDJVjfNLUdO6T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e5ab5d49bfa0233d343af2556a553edf82e73cbbed4dc8a9fbecfca6096e8a6

Files

6e5ab5d49bfa0233d343af2556a553edf82e73cbbed4dc8a9fbecfca6096e8a6
.exe windows x86

d1bb6c71a6b881900ef354563b33e1de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100d

ord311
ord6501
ord3199
ord459
ord1092
ord5102
ord5123
ord8935
ord6082
ord6077
ord1660
ord5124
ord5103
ord1102
ord474
ord5751
ord8920
ord1682
ord6150
ord14890
ord1123
ord503
ord307
ord3092
ord959
ord1397
ord12818
ord13334
ord3106
ord960
ord1398
ord5733
ord5434
ord3184
ord13902
ord1460
ord2449
ord2453
ord9167
ord1805
ord13586
ord13531
ord5503
ord267
ord5058
ord2340
ord2196
ord316
ord306
ord1463
ord9618
ord15644
ord2477
ord1427
ord270
ord5223
ord999
ord322
ord1435
ord13731
ord15586
ord1421
ord986
ord14460
ord4041
ord13865

msvcr100d

_CrtDbgReport
_invoke_watson
_controlfp_s
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_initterm_e
_initterm
_CrtSetCheckCount
__initenv
exit
_cexit
_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_onexit
_lock
__dllonexit
_unlock
free
malloc
_mkdir
_time64
atoi
memmove
printf
_localtime64_s
strftime
_invalid_parameter
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_wassert
memcpy_s
sprintf_s
_CrtDbgReportW
??1exception@std@@UAE@XZ
memcpy

kernel32

VirtualQuery
GetProcessHeap
HeapAlloc
HeapFree
FreeLibrary
LoadLibraryW
GetProcAddress
IsProcessorFeaturePresent
GetModuleFileNameW
InterlockedIncrement
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
OutputDebugStringA
OpenEventA
SetEvent
RaiseException
LocalAlloc
lstrlenA
FormatMessageA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
InitializeCriticalSection
EnterCriticalSection
CloseHandle
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LocalFree
TerminateProcess
GetModuleFileNameA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
GetModuleHandleA
GetCommandLineA
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
InterlockedDecrement
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapSetInformation

ole32

CoCreateInstance
CoUninitialize
CoInitialize
OleRun

oleaut32

GetErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
SysAllocString
VariantCopy
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
WSACleanup

msvcp100d

?_Debug_message@std@@YAXPB_W0I@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z

msvcr100

memset
ceil
_mktime64
_snprintf_s
_errno
_vsnprintf_s
wcsncpy_s
calloc
_recalloc
memcmp
wcslen
__CxxFrameHandler3
_CRT_RTC_INITW
_CxxThrowException

wininet

InternetQueryOptionA

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1bb6c71a6b881900ef354563b33e1de

Headers

DLL Characteristics

File Characteristics

Imports

mfc100d

msvcr100d

kernel32

ole32

oleaut32

ws2_32

msvcp100d

msvcr100

wininet

advapi32

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 3KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 3KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB