2227824e42d4d4a798eafa33326296328b390d4096de9a6f2794a50f9bc29c73

Sharing

Copy URL Twitter E-mail

General

Target

2227824e42d4d4a798eafa33326296328b390d4096de9a6f2794a50f9bc29c73
Size

709KB
MD5

bbcf79e40f9a22cd9c0fbcb6be82d2ad
SHA1

8ffe41f8a80a4f5b8c20f7424aae39046682210f
SHA256

2227824e42d4d4a798eafa33326296328b390d4096de9a6f2794a50f9bc29c73
SHA512

d64277de82f016f467fef1daa77bdcebc67b7322f17dab9ead35e0f594089e5865409ef678013217d8e21eb0293fa48a81df1bbe9af3b571b96d43e538478dc6
SSDEEP

12288:bhCXklDGLE+Yb2C3FNjZFAmS5BHu4cVNTXB1:bhq4L1LFpKBHuVjTXB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2227824e42d4d4a798eafa33326296328b390d4096de9a6f2794a50f9bc29c73

Files

2227824e42d4d4a798eafa33326296328b390d4096de9a6f2794a50f9bc29c73
.exe windows x86

df53597a845505f7a135c93d009764e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectW
InternetReadFile
InternetCloseHandle
FtpGetFileSize
InternetOpenW
FtpOpenFileW

shlwapi

PathFileExistsW
PathFindExtensionW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

EncodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
LocalFree
WriteFile
CreateFileW
GetTempPathW
GetLastError
CloseHandle
DeleteFileW
FormatMessageW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateProcessW
WaitForSingleObject
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
DeviceIoControl
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
CreateFileA
GetFileAttributesA
GetFullPathNameW
ReadFile
DecodePointer
GetExitCodeProcess
HeapAlloc
HeapFree
GetProcessHeap
Sleep
GetStdHandle
SearchPathA
DuplicateHandle
SetHandleInformation
CreatePipe
GetCurrentProcess
CreateProcessA
OpenProcess
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
PeekNamedPipe

user32

TranslateMessage
GetMessageW
EndPaint
DestroyWindow
SetTimer
GetWindowRect
PostQuitMessage
KillTimer
LoadCursorW
BeginPaint
RegisterClassExW
LoadIconW
GetDlgItem
SetWindowPos
ShowWindow
IsWindow
CreateWindowExW
MessageBoxW
GetSystemMetrics
SendMessageW
UpdateWindow
SetWindowTextW
DefWindowProcW
WaitForInputIdle
DispatchMessageW

gdi32

CreateFontIndirectW
DeleteObject

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegOpenKeyW
RegQueryValueExW

odbc32

ord136
ord9
ord13
ord18
ord141
ord139
ord72
ord31
ord24
ord43
ord119
ord173
ord127
ord61
ord138
ord75
ord12

msvcp120

?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z

msvcr120

wcschr
_open
mbstowcs
toupper
wcsncpy
sprintf
strncpy
memchr
_mktime64
_mkgmtime64
isprint
strnlen
strcspn
strspn
_localtime64_s
strtol
isdigit
isspace
_except1
bsearch
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_except_handler4_common
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_CxxThrowException
__CxxFrameHandler3
_open_osfhandle
_wcsicmp
memmove
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
_wgetcwd
realloc
_time64
wcscpy_s
setlocale
_errno
wcscat_s
_wfopen_s
_wstat64i32
_vsnwprintf
fclose
_beginthreadex
abort
calloc
memcpy
memset
_close
_umask
_wunlink
_wrename
_get_osfhandle
exit
__iob_func
fprintf
_wrmdir
_wcsdup
wcsncmp
wcsrchr
_setmode
_lseeki64
_wopen
_strdup
strchr
___mb_cur_max_func
_snprintf
strncmp
strrchr
wcrtomb

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDeriveKeyPBKDF2
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df53597a845505f7a135c93d009764e3

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shlwapi

version

kernel32

user32

gdi32

advapi32

odbc32

msvcp120

msvcr120

bcrypt

Sections

.text Size: 313KB - Virtual size: 312KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 303KB - Virtual size: 302KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 313KB - Virtual size: 312KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 303KB - Virtual size: 302KB

.reloc
Size: 10KB - Virtual size: 10KB