d183b635a0a46de996279a7fd1759f9c12239fc3eae53cc2c053ddbd3eded866

Sharing

Copy URL Twitter E-mail

General

Target

d183b635a0a46de996279a7fd1759f9c12239fc3eae53cc2c053ddbd3eded866
Size

402KB
MD5

718bae2300d4a87098d608ab698f8302
SHA1

d01c6a5a90a762c19d45ac3e565aa0c99838e3c0
SHA256

d183b635a0a46de996279a7fd1759f9c12239fc3eae53cc2c053ddbd3eded866
SHA512

d308a63779b30947f2d4fd93855c5d3e571d71f098a1e0342970c718b123df3e0dcf86e3e5731ab712e9278023d91372370cdde9dd8574a1e77a61a1beaeed9d
SSDEEP

6144:0IhkRnmmFiAUUxT7j37/Djv/z5A1iCGTxRH:knN37/Djv/VDCGTxRH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d183b635a0a46de996279a7fd1759f9c12239fc3eae53cc2c053ddbd3eded866

Files

d183b635a0a46de996279a7fd1759f9c12239fc3eae53cc2c053ddbd3eded866
.exe windows x86

be91ba779122218c54a872824b958e9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord14291
ord358
ord7783
ord362
ord1066
ord12969
ord8426
ord7078
ord462
ord3864
ord2988
ord8703
ord4213
ord3142
ord9085
ord6471
ord1068
ord1109
ord1111
ord3689
ord7461
ord8713
ord10963
ord8997
ord10421
ord9167
ord9192
ord12116
ord2758
ord13677
ord6193
ord3159
ord3395
ord3396
ord4084
ord11343
ord12074
ord8718
ord12863
ord6523
ord1131
ord7782
ord500
ord1140
ord11907
ord12294
ord2880
ord14520
ord314
ord10330
ord7618
ord993
ord1468
ord7961
ord2200
ord952
ord13830
ord1444
ord6831
ord10202
ord5742
ord12869
ord12162
ord12194
ord10383
ord8180
ord4580
ord12182
ord5894
ord3844
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11928
ord11927
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord14509
ord12485
ord12484
ord2484
ord5336
ord8285
ord12806
ord8347
ord8429
ord968
ord2241
ord3597
ord890
ord1389
ord10986
ord13556
ord14048
ord13724
ord13730
ord12734
ord14054
ord3005
ord5898
ord305
ord8776
ord4468
ord5401
ord14149
ord6507
ord4227
ord3250
ord9092
ord6806
ord1443
ord501
ord1141
ord4085
ord6290
ord6200
ord3351
ord3231
ord6774
ord1403
ord2165
ord6195
ord13681
ord3298
ord3295
ord8173
ord2759
ord14699
ord13475
ord10239
ord10238
ord10236
ord12521
ord5631
ord11671
ord11672
ord11580
ord3830
ord11881
ord8922
ord6947
ord10950
ord9213
ord3259
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord1751
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4896
ord4911
ord4972
ord4493
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord6848
ord13628
ord5911
ord2680
ord3364
ord3363
ord3258
ord12111
ord5228
ord5528
ord5739
ord9305
ord5504
ord5769
ord5231
ord5390
ord5210
ord7687
ord7688
ord7677
ord5388
ord8182
ord10207
ord9166
ord6777
ord2467
ord13197
ord898
ord4639
ord13230
ord310
ord8326
ord8770
ord13026
ord1692
ord1693
ord1696
ord2986
ord5930
ord6724
ord14571
ord12348
ord2381
ord14518
ord12291
ord2376
ord2524
ord2210
ord4870
ord2251
ord3856
ord13028
ord1507
ord6533
ord13966
ord13234
ord4162
ord13027
ord1526
ord6768
ord6463
ord4865
ord13882
ord8188
ord4869
ord12582
ord265
ord266
ord3924
ord6581
ord4218
ord8705
ord7152
ord1410
ord928
ord300
ord4315
ord1529
ord1169
ord540
ord14044
ord13011
ord2520
ord2518
ord6540
ord3874
ord2383
ord316
ord10237
ord10686
ord1044
ord4807
ord2298
ord6460
ord1106
ord450
ord12501
ord13699
ord3825
ord8732
ord7619
ord1458
ord983
ord1064
ord13202
ord6502
ord1000
ord6464
ord6104
ord3933
ord12067
ord11663
ord4958
ord12163
ord14502
ord12032
ord9083
ord3140
ord4210
ord8322
ord8717
ord8672
ord12826
ord4656
ord4655
ord301
ord13193
ord5192
ord12963
ord14040
ord12960
ord14029
ord8838
ord14032
ord13619
ord13036
ord12808
ord9096
ord12894
ord10240
ord2407
ord12190
ord1509

kernel32

SetCommState
GetCommState
SetCommTimeouts
SetupComm
CreateFileA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
OutputDebugStringW
GetVersion
CloseHandle
WriteFile
ReadFile
SetCommMask
ClearCommError
Sleep
PurgeComm
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
GetExitCodeThread
TerminateThread
lstrlenA
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

DrawTextA
GetMenuItemInfoA
SetRect
DrawEdge
FillRect
GetSysColor
CopyRect
ReleaseDC
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreateMenu
CreatePopupMenu
GetSysColorBrush
GetSubMenu
EnableWindow
TabbedTextOutA
DrawTextExA
GrayStringA
DestroyCursor
SystemParametersInfoA
SendMessageA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
ClientToScreen
WindowFromPoint
GetActiveWindow
GetWindowRect
PostMessageA
FrameRect
InflateRect
OffsetRect
DrawFocusRect
GetClientRect
DrawStateA
GetIconInfo
CreateIconIndirect
LoadImageA
LoadIconW
GetSystemMenu
SetTimer
IsIconic
DrawIcon
KillTimer
DrawIconEx
DestroyIcon
GetDesktopWindow
GetSystemMetrics
GetWindowLongA
GetDC
IsMenu

gdi32

DeleteObject
SelectObject
CreateDIBSection
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateFontIndirectA
GetBkMode
DeleteDC
GetObjectA
CreatePen
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
CreateBitmap
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
SetPixel
GetPixel

advapi32

RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA

shell32

ShellExecuteExA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsA

vcruntime140

__std_terminate
memmove
memset
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
memcpy
__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_register_thread_local_exe_atexit_callback
_errno
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_c_exit
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

fclose
fread
rewind
ftell
fseek
fopen
__p__commode
__stdio_common_vsscanf
_set_fmode

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_setmbcp

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be91ba779122218c54a872824b958e9a

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 291KB - Virtual size: 290KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 291KB - Virtual size: 290KB

.reloc
Size: 11KB - Virtual size: 10KB