f9dd5d3c5734a9435b6acdcdc9d1e61a1e8955c3124311f0add0ce19afb4b283

Sharing

Copy URL

Twitter E-mail

General

Target

f9dd5d3c5734a9435b6acdcdc9d1e61a1e8955c3124311f0add0ce19afb4b283
Size

2.8MB
MD5

bd3d1189fc5d810ff2cef0169f2585dd
SHA1

ae810f86718973e103917ed05785f9c5b7568b11
SHA256

f9dd5d3c5734a9435b6acdcdc9d1e61a1e8955c3124311f0add0ce19afb4b283
SHA512

0d22b8dd7b50b715d9ad78d30c5fef48c0696f03d4b67a590b0a2bfba2501379d17babdb3313df814fd0101dd76cd38bc5b27a11d874bc19a0df2aaee9d57c68
SSDEEP

49152:r5/OSftIbKu/pHY0iuSwIbFLOAkGy3zdnErPSCTomFDS+BHEuSlVnPgMQ:84yV/pHHmFLOAkGkzdnEVomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9dd5d3c5734a9435b6acdcdc9d1e61a1e8955c3124311f0add0ce19afb4b283

Files

f9dd5d3c5734a9435b6acdcdc9d1e61a1e8955c3124311f0add0ce19afb4b283
.exe windows x86

d5553b685cbae313b9557223362e6830

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120u

ord12114
ord5821
ord3809
ord6758
ord992
ord13771
ord6252
ord14527
ord6253
ord14528
ord6251
ord14526
ord7884
ord12402
ord14326
ord11857
ord11858
ord1992
ord7825
ord12818
ord4047
ord4109
ord9279
ord14454
ord7806
ord14448
ord12412
ord12413
ord2444
ord10260
ord5262
ord8206
ord7881
ord4546
ord12736
ord12799
ord10314
ord12122
ord8268
ord1467
ord7542
ord8352
ord2163
ord1449
ord13302
ord949
ord7206
ord286
ord2478
ord3911
ord450
ord13149
ord13907
ord3329
ord4128
ord1105
ord12941
ord887
ord1386
ord3654
ord999
ord5328
ord8699
ord12899
ord14094
ord8636
ord9137
ord9349
ord9582
ord12095
ord3790
ord2719
ord13616
ord6123
ord10919
ord10169
ord3218
ord3324
ord7954
ord4196
ord9019
ord6020
ord6436
ord13135
ord293
ord5330
ord4280
ord7002
ord458
ord12047
ord7382
ord1517
ord6032
ord6400
ord3105
ord4179
ord8626
ord2951
ord3829
ord8099
ord9009
ord6492
ord4182
ord1177
ord9013
ord5887
ord5557
ord11600
ord11601
ord9020
ord11964
ord3795
ord11811
ord14447
ord8846
ord6875
ord10883
ord3224
ord13738
ord12134
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord4867
ord4874
ord4909
ord4459
ord5693
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord6774
ord13333
ord5332
ord11592
ord13563
ord5838
ord3330
ord3223
ord12043
ord5157
ord5454
ord5664
ord9231
ord5430
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord8628
ord4184
ord14237
ord2484
ord4842
ord3889
ord6510
ord13153
ord6392
ord3839
ord2480
ord6469
ord2204
ord4772
ord4621
ord4620
ord2948
ord5824
ord12126
ord12094
ord5667
ord10131
ord9090
ord6389
ord266
ord265
ord1506
ord7704
ord7384
ord9116
ord12048
ord462
ord7004
ord1110
ord7951
ord7946
ord13516
ord5753
ord2262
ord2173
ord2214
ord12006
ord6121
ord13612
ord2718
ord9091
ord1108
ord8921
ord1521
ord1518
ord1042
ord280
ord285
ord296
ord2967
ord10896
ord11271
ord14180
ord8064
ord10353
ord4049
ord3361
ord3362
ord5787
ord3122
ord3263
ord3260
ord10136
ord8092
ord10166
ord10168
ord10167
ord1067
ord10165
ord13997
ord5327
ord5324
ord2640
ord11999
ord6743
ord3898
ord1658
ord4606
ord1508
ord2367

msvcr120

malloc
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
free
strcat_s
memcpy_s
atoi
atof
fseek
fread
strlen
_CxxThrowException
vsprintf_s
strcmp
strcpy_s
fopen_s
fclose
memset
__CxxFrameHandler3
_wtoi64
_wtoi

kernel32

OutputDebugStringW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
DecodePointer
WideCharToMultiByte
LocalFree
IsDBCSLeadByte
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrlenA

user32

GetWindowLongW
KillTimer
SetTimer
LoadIconW
LoadBitmapW
SetWindowLongW
SendMessageW
OffsetRect
GetWindowRect
GetWindowTextW
InvalidateRect
DrawIcon
GetSystemMenu
GetSystemMetrics
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetLayeredWindowAttributes
ShowWindow
DrawEdge
GetCursorPos
MessageBoxW
GetClientRect
RedrawWindow
GetSubMenu
LoadMenuW
EnableWindow

gdi32

CreateCompatibleDC
BitBlt
CreateSolidBrush
GetObjectW
GetStockObject

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoCreateInstance
CoUninitialize
OleRun

oleaut32

SysFreeString
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocString
GetErrorInfo

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5553b685cbae313b9557223362e6830

Headers

DLL Characteristics

File Characteristics

Imports

mfc120u

msvcr120

kernel32

user32

gdi32

shell32

comctl32

ole32

oleaut32

msvcp120

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 16KB - Virtual size: 15KB