16637dee4354cde1c3bcf8c9b43b51b66fff7edd7a8192fba088a95a90f0be71

Sharing

Copy URL Twitter E-mail

General

Target

16637dee4354cde1c3bcf8c9b43b51b66fff7edd7a8192fba088a95a90f0be71
Size

26KB
MD5

180d10b740c4826c655c883d4191cf7e
SHA1

0968baf12919c7fce3ebde0981d2e8f16d37d06a
SHA256

16637dee4354cde1c3bcf8c9b43b51b66fff7edd7a8192fba088a95a90f0be71
SHA512

68fb14e464c40f84f3d825b7b73c70973bbdc1128231ac5eb4c7df3d26d7d912986c77c0846ba60760c99523afecaa155ab95f0dfac9ad0ed0ec9a3ed3103f81
SSDEEP

384:SKmJ+CmVNgNR2T3YGjToVSiwyhIab6AqTEpV0TuV6OtQNsx7cuPeHv:SKFCmVO4TLToVSWOHEpVb0OtpBLP0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16637dee4354cde1c3bcf8c9b43b51b66fff7edd7a8192fba088a95a90f0be71

Files

16637dee4354cde1c3bcf8c9b43b51b66fff7edd7a8192fba088a95a90f0be71
.dll windows x86

99110435ac3cd97bda4f32f7be1ea969

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc90u

ord1152
ord391
ord1239
ord799
ord286
ord4457
ord6729
ord6096
ord290
ord6547
ord6183
ord6187
ord814
ord2479
ord1137
ord811
ord6013
ord4324
ord367
ord6094
ord636
ord6095
ord6101
ord2097
ord3185
ord4410
ord4541
ord6091
ord1353
ord3486
ord4405
ord3537
ord3488
ord1354
ord3622
ord2106
ord296
ord2537
ord909
ord1183
ord600
ord3543
ord265
ord403
ord6813
ord1552
ord266
ord663
ord801

msvcr90

_initterm
_itoa
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
__CxxFrameHandler3
memset
memcpy
realloc
free
malloc
fread
fseek
fopen
fclose
_decode_pointer
_encode_pointer
_malloc_crt
_encoded_null
_initterm_e

kernel32

CloseHandle
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateFileW
ReadFile
WideCharToMultiByte

user32

MessageBoxW

gdi32

Ellipse
CreatePenIndirect
SetPixel
TextOutW
StretchDIBits
GetDIBits
GetTextExtentPoint32W
PatBlt
GetStockObject
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
GetBitmapBits
CreateFontIndirectW
CreateBrushIndirect

Exports

Exports

_GetTextSize@16
_GetTextSizeW@16
_On_Change3@8
_On_Change4@8
_On_ConvertToMonoBmp@28
_On_CreateBMP@16
_On_DrawEtFont@28
_On_FontToGraphicFile@72
_On_Get_Pattern@40
_On_OpenChineseFont@8
_On_ReadBMPFile@24
_SaveMaxicodeToBMPFile@12
_UTF8Convert@4

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99110435ac3cd97bda4f32f7be1ea969

Headers

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB