7df857052bf7f8cfd8f569579fe242e32479d81e23afdc76483b4022c776ccce

Sharing

Copy URL Twitter E-mail

General

Target

7df857052bf7f8cfd8f569579fe242e32479d81e23afdc76483b4022c776ccce
Size

289KB
MD5

f8ea95c3cb021a9a5342f8eda3fd14ba
SHA1

9da3da210581226dc3003ae680913cb849e67d30
SHA256

7df857052bf7f8cfd8f569579fe242e32479d81e23afdc76483b4022c776ccce
SHA512

e9039790e155f39a7301de7045bfcd5f719a440e072e521f52fb4dd1f79060639ee6d2b42b83e17079dfc96a650f023b0742f8a443565dfed71720a3a62b000e
SSDEEP

6144:IP1TNdWJxl69g+wwasgVir6F/p/uwONct43j92UJ8o:yTN+rxwauG9pGHNu4B2UJ8o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7df857052bf7f8cfd8f569579fe242e32479d81e23afdc76483b4022c776ccce

Files

7df857052bf7f8cfd8f569579fe242e32479d81e23afdc76483b4022c776ccce
.exe windows x86

60e1d98c1cae1bea036466193d0c433b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl_imp

curl_easy_getinfo
curl_easy_perform
curl_easy_setopt
curl_easy_cleanup
curl_easy_escape
curl_easy_init

casablanca120

?parse@value@json@web@@SA?AV123@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?as_string@value@json@web@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??0value@json@web@@QAE@XZ

resctapt1u

?InvokeProxyPropDlg@@YAHAAUSProxyProp@@@Z

mfc120u

ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord3809
ord5821
ord12114
ord12122
ord4546
ord8099
ord10314
ord12126
ord12094
ord12799
ord5667
ord10131
ord9090
ord6758
ord2848
ord2483
ord3925
ord5793
ord2832
ord1057
ord346
ord1425
ord948
ord13771
ord7206
ord13302
ord949
ord7881
ord1467
ord992
ord7542
ord10260
ord14463
ord4754
ord12219
ord2336
ord4573
ord4774
ord12430
ord4280
ord5019
ord265
ord12006
ord8921
ord11271
ord6121
ord13612
ord3263
ord3260
ord8092
ord2718
ord10166
ord10168
ord10167
ord10165
ord10169
ord5557
ord11600
ord11601
ord9020
ord3795
ord11811
ord8846
ord6875
ord10883
ord9137
ord7825
ord13738
ord12134
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord4867
ord4874
ord4909
ord4459
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord6774
ord11592
ord13563
ord5838
ord2640
ord11999
ord3898
ord3330
ord3329
ord3223
ord12043
ord5157
ord5454
ord5664
ord9231
ord5430
ord5693
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10136
ord9091
ord285
ord5824
ord2967
ord1518
ord1684
ord8636
ord4442
ord12818
ord4047
ord4109
ord9279
ord14454
ord7806
ord14448
ord12413
ord12412
ord2444
ord5262
ord8206
ord12736
ord8268
ord8352
ord5825
ord4772
ord14367
ord3773
ord7004
ord1520
ord296
ord1042
ord280
ord266
ord1506
ord1508
ord305
ord2968
ord1528
ord1525
ord1043
ord310
ord300
ord316
ord12431
ord5021
ord2347
ord2343
ord5027
ord286
ord8346
ord462
ord1108
ord2262
ord3839
ord6469
ord6392
ord1110
ord7384
ord1691
ord14268
ord14265
ord10896
ord10353
ord3362
ord3361
ord3122
ord12048
ord9116
ord6436
ord11964
ord14447
ord14094
ord2954
ord7704
ord4621
ord13997
ord12751
ord4456
ord2520
ord8391
ord5785
ord1648
ord13404
ord10919
ord1386
ord887
ord3790
ord4049
ord6082
ord1654
ord4434
ord5327
ord4842
ord3653
ord3650
ord2204
ord2173
ord1183
ord2367
ord3224
ord555

msvcr120

_CxxThrowException
fclose
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_ctime32
_time32
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
realloc
fseek
fgetpos
fread
wcslen
__mb_cur_max
_isctype
_pctype
getenv
_mbsupr
strchr
strrchr
strncat
fprintf
atoi
vfprintf
sprintf
toupper
_getpid
fopen
__CxxFrameHandler3
malloc
_stricmp
strncpy
memcpy
memset
free
iswdigit
wcsftime
_wcsicmp
__wargv
__argc
wcstol
??1exception@std@@UAE@XZ
_purecall
memmove

kernel32

CreateProcessW
GetSystemTime
GlobalFree
GlobalUnlock
GlobalLock
OutputDebugStringW
MultiByteToWideChar
GlobalAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
EncodePointer
QueryDosDeviceA
DefineDosDeviceA
DeviceIoControl
QueryPerformanceCounter
WideCharToMultiByte
GetCurrentProcessId
GetTickCount
CreateFileA
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersion
CloseHandle
GetVersionExA
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
DecodePointer
EnterCriticalSection
GetLastError
InitializeCriticalSectionEx
LeaveCriticalSection

user32

wsprintfA
EnableWindow
SetTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
KillTimer

advapi32

GetUserNameA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA

comctl32

InitCommonControlsEx

shlwapi

PathAddBackslashW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate

profuisu

?g_ResourceManager@@3VCExtResourceManagerAutoPtr@CExtResourceManager@@A
?PreTranslateMessage@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEHPAUtagMSG@@@Z
?_TrackWndSystemPopupMenu@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEHPAVCPoint@@H@Z
?WindowProc@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@MAEJIIJ@Z
?SaveWindowRect@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UBEXXZ
?PmBridge_GetPM@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UBEPAVCExtPaintManager@@XZ
??CCExtResourceManagerAutoPtr@CExtResourceManager@@QAEPAV1@XZ
?PostNcDestroy@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@MAEXXZ
?Create@CExtResDlg@@UAEHIPAVCWnd@@@Z
?Create@CExtResDlg@@UAEHPB_WPAVCWnd@@@Z
?CreateIndirect@CExtResDlg@@UAEHPAXPAVCWnd@@@Z
?CreateIndirect@CExtResDlg@@UAEHPBUDLGTEMPLATE@@PAVCWnd@@PAX@Z
?DoModal@CExtResDlg@@UAEHXZ
?OnQuerySkinnedFontParmName@CExtResDlg@@UBEPB_WXZ
?GetThisMessageMap@CExtResDlg@@KGPBUAFX_MSGMAP@@XZ
??1?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAE@XZ
?_InitSizeGripper@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@MAEXXZ
?OnAdjustDialogTemplate@CExtResDlg@@UAEPAUDLGTEMPLATE@@PBU2@@Z
?GetRuntimeClass@CExtResDlg@@UBEPAUCRuntimeClass@@XZ
??0?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@QAE@IPAVCWnd@@@Z
?PmBridge_OnThemeChanged@CExtPmBridge@@UAEXPAVCExtPaintManager@@PAVCWnd@@IJ@Z
?PmBridge_OnDisplayChange@CExtPmBridge@@UAEXPAVCExtPaintManager@@PAVCWnd@@HVCPoint@@@Z
?PmBridge_OnSettingChange@CExtPmBridge@@UAEXPAVCExtPaintManager@@PAVCWnd@@IPB_W@Z
?PmBridge_OnSysColorChange@CExtPmBridge@@UAEXPAVCExtPaintManager@@PAVCWnd@@@Z
?PmBridge_OnPaintManagerChanged@CExtResDlg@@UAEXPAVCExtPaintManager@@@Z
?PmBridge_GetSafeHwnd@CExtResDlg@@UBEPAUHWND__@@XZ
?PmBridge_Uninstall@CExtResDlg@@UAEXXZ
?PmBridge_Install@CExtResDlg@@UAEX_N@Z
?DisableSaveRestore@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEXXZ
?EnableSaveRestore@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEXPB_W0_N@Z
?LoadWindowRect@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEX_N@Z
?ShowSizeGrip@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEXH@Z
?OnQueryAutomaticRTLTransform@CExtResDlg@@MBE_NXZ
?_DoModalImpl@CExtResDlg@@MAEHXZ
?OnInitDialog@CExtResDlg@@UAEHXZ

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

ws2_32

WSAStartup
closesocket
getsockname
bind

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60e1d98c1cae1bea036466193d0c433b

Headers

DLL Characteristics

File Characteristics

Imports

libcurl_imp

casablanca120

resctapt1u

mfc120u

msvcr120

kernel32

user32

advapi32

comctl32

shlwapi

oleaut32

profuisu

msvcp120

ws2_32

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 13KB - Virtual size: 12KB