e27ce6659259323adfcda2ddc696cccd1feb70da346d801f8d4aee7b0e9c1211

Sharing

Copy URL Twitter E-mail

General

Target

e27ce6659259323adfcda2ddc696cccd1feb70da346d801f8d4aee7b0e9c1211
Size

362KB
MD5

335cddc6167f40de4dedb77418fc53d3
SHA1

e35647efcf5cdeb800108ed9c1ee1995b2e34a4f
SHA256

e27ce6659259323adfcda2ddc696cccd1feb70da346d801f8d4aee7b0e9c1211
SHA512

d2ad70ae7e680664c45050ed765ee176cae96ee4b5b56629e76a4c1cd272aefad406a260a1db540caeb0df4c6eb72a5f6cb8a99e66822dfe86901ebd41b25f60
SSDEEP

6144:L5Agdi3Yo/MS4OGmUtSMUcTCDj9bGSwMkTInkE9C5wl1Wh8FeL4ov:6PYo/MS/UtSM0Vbzbnkl5csh88Lt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e27ce6659259323adfcda2ddc696cccd1feb70da346d801f8d4aee7b0e9c1211

Files

e27ce6659259323adfcda2ddc696cccd1feb70da346d801f8d4aee7b0e9c1211
.exe windows x86

ccabda3216784a8f9d24b444423a51dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100

ord915
ord2626
ord5207
ord13045
ord305
ord5242
ord1929
ord5837
ord4283
ord3439
ord5774
ord2184
ord1900
ord2183
ord11924
ord7933
ord3390
ord5777
ord8222
ord2742
ord3738
ord6060
ord2819
ord2932
ord1224
ord1267
ord869
ord3373
ord3254
ord7871
ord1313
ord310
ord1210
ord943
ord374
ord788
ord12868
ord13300
ord4785
ord3970
ord12962
ord1483
ord3839
ord1854
ord2406
ord266
ord265
ord2611
ord13219
ord4498
ord7889
ord4341
ord5830
ord4345
ord6090
ord8231
ord2838
ord3755
ord1263
ord917
ord11941
ord341
ord12790
ord6836
ord5858
ord5302
ord5532
ord3744
ord7211
ord12170
ord7206
ord6601
ord11882
ord6628
ord7266
ord12531
ord2881
ord2878
ord7349
ord2416
ord7074
ord14059
ord14061
ord8465
ord14058
ord14062
ord14045
ord13972
ord11067
ord8235
ord11025
ord3395
ord10883
ord13294
ord8070
ord11107
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord5123
ord9286
ord8305
ord5803
ord381
ord6637
ord1890
ord1316
ord7322
ord1982
ord3620
ord1294
ord4078
ord1448
ord901
ord1288
ord7584
ord7510
ord11726
ord13767
ord4724
ord2163
ord11420
ord11421
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord11806
ord7091
ord12128
ord3977
ord8554
ord1012
ord12095
ord12096
ord2061
ord12720
ord1292
ord2872
ord5534
ord12535
ord2417
ord11154
ord5444
ord895
ord6678
ord14060
ord946
ord1732
ord14075
ord10922
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord8137
ord10007
ord10360
ord9475
ord2974
ord2973
ord13482
ord13484
ord13973
ord2752
ord2661
ord13481
ord3409
ord5238
ord13302
ord8228
ord11172
ord11180
ord7355
ord9449
ord11184
ord11153
ord11787
ord4622
ord4903
ord5095
ord8439
ord4881
ord5098
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9281
ord8304
ord6112
ord888
ord316
ord9399
ord6835
ord6970
ord1296
ord2088

msvcr100

memmove
?what@exception@std@@UBEPBDXZ
_setmbcp
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
_purecall
fputs
_itoa
strncpy
fopen
fgets
atoi
fclose
remove
memset
sprintf
strstr
strrchr
_splitpath
_snprintf
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memchr
memcpy
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z

kernel32

GetCurrentDirectoryA
LocalFree
FormatMessageA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
FindFirstFileA
GetPrivateProfileIntA
FreeLibrary
LoadLibraryA
WritePrivateProfileStringA
GetPrivateProfileStringA
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetStartupInfoA
CreateProcessA
GetVersionExA
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
CreateMutexA
Sleep
GetLastError
GetProcAddress
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess

user32

LoadCursorA
GetParent
SetCursor
EnumWindows
SetWindowTextA
MessageBoxA
GetSystemMetrics
LoadIconW
EnableWindow
InvalidateRect
UpdateWindow
GetClientRect
IsIconic
DrawIcon
LoadBitmapW
GetClassNameA
SendMessageA
GetWindowRect

gdi32

DeleteObject
CreateCompatibleDC
GetTextExtentPoint32A
GetStockObject
CreateFontIndirectA
BitBlt
AddFontResourceA
GetObjectA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetFolderPathA

comctl32

_TrackMouseEvent

shlwapi

PathRemoveFileSpecA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString

msvcp100

?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccabda3216784a8f9d24b444423a51dd

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp100

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 258KB - Virtual size: 258KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 258KB - Virtual size: 258KB

.reloc
Size: 9KB - Virtual size: 8KB