f259c34d14c2314f605d1c028e3b32acabd56c16c5f97f60a7c23decf0486d3f

Sharing

Copy URL Twitter E-mail

General

Target

f259c34d14c2314f605d1c028e3b32acabd56c16c5f97f60a7c23decf0486d3f
Size

3.5MB
MD5

b7d8e82de14d3577183877a0ad94a985
SHA1

59900bc5efc4454d08a317002a456d914fc44914
SHA256

f259c34d14c2314f605d1c028e3b32acabd56c16c5f97f60a7c23decf0486d3f
SHA512

7bb5f940972ec71c1f5bfc48c427280ae9cb1c769688a4d37c943c917e006c37b407ec51f0aa943c4e5e0ef672ecd0d57ba994387fe8ece810d20fe2ab7be05f
SSDEEP

98304:p8l5fETbfcwjvECcDuGXLH5JnH45uuiBLr2:4ASyGXLHnH4BiBLy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f259c34d14c2314f605d1c028e3b32acabd56c16c5f97f60a7c23decf0486d3f

Files

f259c34d14c2314f605d1c028e3b32acabd56c16c5f97f60a7c23decf0486d3f
.exe windows x86

089bedcffb1ec7aea945babf766343c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
HeapAlloc
ReadFile
FindNextFileA
SetErrorMode
GetProcessHeap
FileTimeToSystemTime
Sleep
LoadLibraryA
OpenSemaphoreA
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CopyFileA
SetFileAttributesA
GetEnvironmentVariableA
TlsAlloc
ReleaseSemaphore
GetSystemTime
SystemTimeToFileTime
WaitForSingleObject
GetFileSize
GetVolumeInformationA
GetLocalTime
GetCurrentProcessId
FindFirstFileA
TlsSetValue
InterlockedCompareExchange
InterlockedIncrement
SearchPathA
GetCurrentProcess
GetProcAddress
GetCurrentThreadId
HeapReAlloc
LocalAlloc
GetVersion
GetComputerNameW
FreeLibrary
CreateSemaphoreA
WriteFile
TlsGetValue
CreateFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcpyA
GlobalAlloc
GlobalReAlloc
GlobalFree
GetModuleFileNameA
DeleteFileA
CloseHandle
WinExec
LocalFree
OpenMutexA
CreateMutexA
DeviceIoControl
CreateDirectoryA
GetFileAttributesA
_lwrite
_lread
_llseek
_lcreat
_lclose
_lopen
GlobalUnlock
GlobalFlags
GlobalLock
GetTickCount
SetCurrentDirectoryA
InterlockedDecrement
MultiByteToWideChar
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
GlobalMemoryStatus
MoveFileA
GetComputerNameA
GetPrivateProfileIntA
lstrlenA
GetModuleHandleA
GetStartupInfoA
WideCharToMultiByte
GetLastError

user32

SetTimer
DrawFrameControl
ScreenToClient
GetCursorPos
SetCapture
ReleaseCapture
DrawFocusRect
ClientToScreen
AppendMenuA
CreatePopupMenu
EqualRect
GetWindowRect
GetTabbedTextExtentA
GetMenuItemInfoA
GetMenuItemRect
MenuItemFromPoint
GetWindowLongA
GetUpdateRect
DrawStateA
DrawTextA
WindowFromDC
GetParent
OffsetRect
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
GetSysColor
SystemParametersInfoA
GetDlgCtrlID
GetSystemMetrics
GetMenu
ModifyMenuA
RemoveMenu
GetSubMenu
IsRectEmpty
GetClassLongA
SetClassLongA
LoadCursorA
GetCursor
SetCursor
PtInRect
ReleaseDC
IntersectRect
GetDC
PostMessageA
SendMessageA
SetRect
GetClientRect
FillRect
InvalidateRect
UnionRect
IsWindow
CopyRect
InflateRect
EnableWindow
GetDesktopWindow
GetWindow
GetPropA
IsIconic
SetForegroundWindow
GetLastActivePopup
UpdateWindow
SetPropA
RemovePropA
KillTimer

gdi32

Arc
SelectObject
GetBkColor
GetStockObject
GetObjectA
PatBlt
GetROP2
Polyline
Rectangle
CreateFontA
GetTextExtentPoint32A
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateBitmap
DeleteObject
CreateSolidBrush
DPtoLP
Ellipse
SetPixel
TextOutA
SetTextColor
SetBkMode
GetDeviceCaps
FillRgn
CreatePolygonRgn
CreatePen
LineTo
MoveToEx
GetPixel
DeleteDC
GetBitmapBits

shlwapi

PathRemoveExtensionA
PathFileExistsA
PathFindFileNameA

mfc42

ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2725
ord617
ord5301
ord5214
ord296
ord986
ord520
ord823
ord4159
ord6117
ord2621
ord6215
ord1134
ord2864
ord860
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord3663
ord3626
ord2414
ord4133
ord4297
ord5788
ord472
ord6199
ord3874
ord3092
ord537
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4387
ord3454
ord3198
ord6080
ord4623
ord4426
ord801
ord652
ord541
ord338
ord5861
ord6143
ord668
ord3310
ord2781
ord2770
ord858
ord941
ord6329
ord356
ord4823
ord2399
ord926
ord1175
ord4858
ord2818
ord5710
ord665
ord603
ord1969
ord6383
ord273
ord1979
ord5442
ord3318
ord5186
ord354
ord1200
ord1168
ord2515
ord6175
ord939
ord2764
ord3481
ord6385
ord5440
ord5450
ord6394
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord6055
ord1776
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord807
ord554
ord4268
ord6197
ord2012
ord4800
ord2089
ord5882
ord4614
ord4613
ord4341
ord4349
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4108
ord5240
ord5290
ord3748
ord1725
ord4432
ord5260
ord3573
ord1641
ord2754
ord5766
ord3754
ord2859
ord4129
ord535
ord656
ord609
ord4960
ord2379
ord793
ord616
ord2841
ord692
ord3790
ord6129
ord6131
ord6216
ord3831
ord2107
ord2293
ord2366
ord6334
ord3610
ord567
ord4275
ord4284
ord1146
ord5076
ord5037
ord5829
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3402
ord3639
ord2302
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord527
ord529
ord366
ord794
ord2863
ord4146
ord2494
ord2627
ord2626
ord5871
ord6067
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord5852
ord2252
ord5732
ord6209
ord3797
ord6270
ord6069
ord4499
ord4413
ord3571
ord686
ord384
ord640
ord6172
ord5873
ord5785
ord1640
ord323
ord2096
ord5572
ord2915
ord2763
ord5875
ord2567
ord2860
ord613
ord5789
ord289
ord4278
ord4202
ord536
ord1905
ord1658
ord4375
ord2527
ord482
ord4257
ord4852
ord1949
ord3619
ord818
ord755
ord470
ord6442
ord6283
ord6379
ord6605
ord6170
ord5787
ord283
ord4200
ord6119
ord2575
ord4396
ord3574
ord1871
ord6571
ord5821
ord3662
ord6141
ord414
ord713
ord2062
ord5859
ord5604
ord5768
ord3984
ord2740
ord2801
ord819
ord568
ord5608
ord2065
ord1567
ord268
ord3721
ord795
ord2301
ord2370
ord4224
ord3873
ord940
ord2614
ord6282
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3719
ord2294
ord2362
ord2358
ord3317
ord4123
ord2537
ord1920
ord4589
ord4588
ord4899
ord4370
ord4892
ord784
ord484
ord517
ord4262
ord4723
ord4889
ord3755
ord2535
ord1945
ord4890
ord4964
ord4961
ord1726
ord813
ord560
ord4273
ord4220
ord2584
ord3654
ord2438
ord1644
ord4467
ord3403
ord4538
ord4774
ord6828
ord4724
ord816
ord562
ord2921
ord3289
ord1938
ord4978
ord4977
ord4873
ord2453
ord2922
ord2920
ord1642
ord2405
ord2753
ord6880
ord5052
ord4822
ord2681
ord5063
ord4454
ord1262
ord3337
ord551
ord3811
ord1834
ord4750
ord5016
ord4834
ord355
ord4229
ord4608
ord3175
ord5683
ord3499
ord3184
ord4287
ord2116
ord2080
ord2078
ord6883
ord3452
ord4023
ord2820
ord4277
ord4204
ord2448
ord6781
ord923
ord924
ord5834
ord2044
ord5466
ord5465
ord6407
ord2917
ord1997
ord2808
ord964
ord6317
ord4182
ord6392
ord5448
ord6010
ord5778
ord2606
ord5194
ord3180
ord3183
ord3176
ord3511
ord3724
ord798
ord533
ord4083
ord1899
ord3701
ord772
ord5606
ord2064
ord500
ord3991
ord5611
ord5860
ord6142
ord922
ord6928
ord6877
ord879
ord882
ord6876
ord5856
ord2450
ord2247
ord3517
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307

msvcrt

isalpha
isdigit
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
__set_app_type
__p__fmode
__p__commode
_purecall
_atoi64
time
srand
rand
sscanf
sprintf
_CIacos
__doserrno
atol
fseek
fgets
_makepath
strtok
strchr
atoi
_CIpow
fwrite
memmove
_mkdir
_chdir
atof
fopen
fread
fclose
strrchr
_stricmp
_splitpath
_ftol
__CxxFrameHandler
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
fprintf
_setmbcp
_CIasin
_CIfmod
memset
memcmp
_EH_prolog
_CxxThrowException
wcslen
_except_handler3
_itoa

comctl32

ImageList_AddMasked
ImageList_GetIcon
ImageList_Draw
ImageList_SetBkColor
ord8

msvcirt

?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
?close@ifstream@@QAEXXZ
??1ifstream@@UAE@XZ
??0ifstream@@QAE@XZ
??_Difstream@@QAEXXZ
??1ios@@UAE@XZ
?get@istream@@QAEAAV1@AAD@Z
??0ios@@IAE@XZ

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

oleaut32

SysAllocString
SysFreeString
VariantClear

rockey2

RY2_Read
RY2_Find
RY2_Close
RY2_Write
RY2_GenUID
RY2_Open

olepro32

ord251

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

089bedcffb1ec7aea945babf766343c5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

mfc42

msvcrt

comctl32

msvcirt

msvcp60

oleaut32

rockey2

olepro32

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 96KB - Virtual size: 682KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 96KB - Virtual size: 682KB

.rsrc
Size: 28KB - Virtual size: 27KB