0323b303f88998704cad6cd1ee3ffad4583e1ae6e7224573e7e54314880f56f9

Sharing

Copy URL Twitter E-mail

General

Target

0323b303f88998704cad6cd1ee3ffad4583e1ae6e7224573e7e54314880f56f9
Size

1.1MB
MD5

aa3780b807073c9abab5300f0949c645
SHA1

8918da50e95c8f4ca94ac6edbdafafe8fc6f2c51
SHA256

0323b303f88998704cad6cd1ee3ffad4583e1ae6e7224573e7e54314880f56f9
SHA512

1f018a2ac609d53347ce332deaae7e0f2c5909909396c051d91513bfcfd4df787a2813983fd945cbdd58ebadedda5889098c10f07b8ede8f3fa5ecf676f365d3
SSDEEP

12288:xuCZHz41zsGTOHneoOXekheLdE2IjPsbnh:0CZT41zBKH/OXP2Ijkbnh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0323b303f88998704cad6cd1ee3ffad4583e1ae6e7224573e7e54314880f56f9

Files

0323b303f88998704cad6cd1ee3ffad4583e1ae6e7224573e7e54314880f56f9
.exe windows x86

ed7ab16ac341e87f904efef562f701bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tinyxml2

??0XMLDocument@tinyxml2@@QAE@_NW4Whitespace@1@@Z
?GetText@XMLElement@tinyxml2@@QBEPBDXZ
?Attribute@XMLElement@tinyxml2@@QBEPBDPBD0@Z
?Parse@XMLDocument@tinyxml2@@QAE?AW4XMLError@2@PBDI@Z
?Value@XMLNode@tinyxml2@@QBEPBDXZ
?NextSiblingElement@XMLNode@tinyxml2@@QBEPBVXMLElement@2@PBD@Z
??1XMLDocument@tinyxml2@@UAE@XZ
?FirstChildElement@XMLNode@tinyxml2@@QBEPBVXMLElement@2@PBD@Z

mfc140u

ord8913
ord11746
ord11122
ord9011
ord11146
ord10047
ord10048
ord6559
ord2473
ord3580
ord3605
ord8746
ord4227
ord6607
ord3932
ord2526
ord14377
ord4885
ord290
ord1687
ord4663
ord991
ord1468
ord7649
ord12123
ord10509
ord7653
ord995
ord1472
ord997
ord1474
ord14667
ord6348
ord8757
ord6350
ord14669
ord2345
ord7997
ord2205
ord952
ord13442
ord7313
ord13911
ord8462
ord6860
ord10250
ord5763
ord12928
ord12219
ord12251
ord10433
ord8217
ord4589
ord12247
ord12239
ord3237
ord3852
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord4238
ord9137
ord6836
ord1448
ord8817
ord1843
ord1852
ord13945
ord6897
ord14600
ord14598
ord3259
ord11038
ord5954
ord12762
ord12584
ord3363
ord3254
ord6830
ord1442
ord7418
ord4239
ord3366
ord3260
ord9138
ord1454
ord8070
ord7642
ord7109
ord462
ord1113
ord12173
ord13275
ord6880
ord13935
ord13042
ord7495
ord11905
ord4224
ord3359
ord1180
ord6589
ord5984
ord9132
ord4225
ord9235
ord4094
ord8923
ord8171
ord2766
ord2256
ord7820
ord1133
ord7125
ord13985
ord2383
ord4882
ord3864
ord13070
ord2520
ord1108
ord450
ord13028
ord2215
ord2522
ord6486
ord1525
ord12921
ord9526
ord277
ord1653
ord2990
ord1692
ord8464
ord3849
ord1689
ord12317
ord11995
ord8745
ord7027
ord4881
ord266
ord265
ord6499
ord5962
ord9509
ord9986
ord4886
ord4091
ord365
ord6973
ord6489
ord6566
ord3882
ord4815
ord2304
ord357
ord4649
ord8345
ord1391
ord890
ord7654
ord1446
ord6834
ord9135
ord3257
ord4236
ord7410
ord8776
ord3697
ord286
ord1070
ord1002
ord6497
ord9209
ord6129
ord12220
ord9128
ord2761
ord13756
ord6220
ord3147
ord4222
ord8744
ord2993
ord3872
ord1511
ord3833
ord9468
ord14131
ord14234
ord4477
ord5422
ord14668
ord285
ord5921
ord3009
ord6349
ord7107
ord280
ord12131
ord9040
ord11015
ord11396
ord3404
ord3403
ord3164
ord6218
ord13752
ord3305
ord3302
ord8210
ord2760
ord14785
ord10285
ord9514
ord10287
ord11279
ord10286
ord10284
ord509
ord11118
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12172
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord12763
ord9991
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9210
ord6531
ord4092
ord13473
ord2994
ord1523
ord5427
ord10472
ord11276
ord8304
ord12088
ord6876
ord2681
ord9226
ord7432
ord1147
ord507
ord6196
ord1111
ord458
ord6226
ord1179
ord7493
ord6588
ord1045
ord296
ord3874
ord14573
ord1513
ord9039
ord9524
ord2753
ord5882
ord9131
ord2750
ord13544
ord14137
ord5850
ord5173
ord13337
ord8360
ord8719
ord2172
ord6316
ord11014
ord4093
ord1143
ord501
ord8067
ord2409
ord3189
ord8062
ord13656
ord8754
ord4499
ord2562
ord2246
ord4323
ord1405
ord545
ord6801
ord5918

kernel32

InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
FreeLibrary
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EnterCriticalSection
Sleep
LoadLibraryW
WaitForSingleObject
SetUnhandledExceptionFilter
SetErrorMode
GetTempPathW
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetModuleHandleW
GetLocalTime
GetProcAddress
MultiByteToWideChar
SetThreadUILanguage
MulDiv
GetModuleFileNameW
OutputDebugStringW
FindClose
FindFirstFileW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount

user32

GetCursorPos
EnableMenuItem
GetSubMenu
LoadMenuW
PostMessageW
GetKeyState
LoadBitmapW
EnumChildWindows
GetClassNameW
GetWindowTextW
ReleaseDC
GetDC
GetParent
LoadImageW
FillRect
GetClientRect
InvalidateRect
GetWindowRect
SendMessageW
EnableWindow
GetSystemMetrics
DrawIcon
TranslateAcceleratorW
ClientToScreen
CheckMenuItem
CheckMenuRadioItem
SetParent
SetMenuItemInfoW
GetClassInfoW
LoadIconW
SetActiveWindow
GetMenuItemCount
DeleteMenu
AppendMenuW
LoadAcceleratorsW
GetSystemMenu
SetTimer
SetWindowLongW
IsIconic
KillTimer

gdi32

DeleteObject
CreateDIBSection
StretchBlt
SetBrushOrgEx
GetObjectW
CreateCompatibleDC
GetDeviceCaps
GetTextExtentPoint32W

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegCloseKey

shell32

DragQueryFileW
DragFinish
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathIsDirectoryW
ord191

ole32

CoCreateInstance
OleInitialize
OleUninitialize

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Xbad_function_call@std@@YAXXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

dbghelp

MiniDumpWriteDump

vcruntime140

memchr
__RTDynamicCast
__CxxFrameHandler3
__std_terminate
_purecall
__std_exception_copy
__std_exception_destroy
memset
__current_exception
__current_exception_context
_except_handler4_common
memmove
_CxxThrowException
memcpy

api-ms-win-crt-runtime-l1-1-0

terminate
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_controlfp_s

api-ms-win-crt-filesystem-l1-1-0

_wfindnext64i32
_unlock_file
_findclose
_wfindfirst64i32
_lock_file

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vswprintf
fclose
_get_stream_buffer_pointers
fputc
ungetc
fgetc
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__p__commode
_set_fmode

api-ms-win-crt-convert-l1-1-0

atoi
_wtof
_wtoi
wcstoul

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-string-l1-1-0

wcscpy_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 814KB - Virtual size: 814KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed7ab16ac341e87f904efef562f701bf

Headers

DLL Characteristics

File Characteristics

Imports

tinyxml2

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

msvcp140

dbghelp

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 814KB - Virtual size: 814KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 814KB - Virtual size: 814KB

.reloc
Size: 24KB - Virtual size: 23KB