dffcec6e4a094ecfb075f6001858c36ef60ffc51b67240878606b04a281c8c38

Sharing

Copy URL

Twitter E-mail

General

Target

dffcec6e4a094ecfb075f6001858c36ef60ffc51b67240878606b04a281c8c38
Size

1.2MB
MD5

88eb0af2db721039ed84706398229075
SHA1

8c794394c14011ba684d5dd94893d69ce7ce1645
SHA256

dffcec6e4a094ecfb075f6001858c36ef60ffc51b67240878606b04a281c8c38
SHA512

d8c851e0eb5c67d05e55403021c91142e5f2fecbe5e0919204ab6bca50c94b0833cfe59b61f51115f10e859c7bf474c482c819c621d6e299c9293dbb27245a2f
SSDEEP

12288:HjfMqp9HxweAjWJ3s/TuG9YyPil7GW0s5WD5RlVZz2ATs81DZPOwv0Yyv:DoHjWts/GciVGW0s5Wl2ATTFPO20h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dffcec6e4a094ecfb075f6001858c36ef60ffc51b67240878606b04a281c8c38

Files

dffcec6e4a094ecfb075f6001858c36ef60ffc51b67240878606b04a281c8c38
.exe windows x86

e8003100a9ae9cfb7e775f85c4e814fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
LocalFree
InterlockedCompareExchange
FormatMessageW
GetFileSizeEx
LocalAlloc
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
GetSystemDirectoryW
GetExitCodeThread
SleepEx
DuplicateHandle
TerminateThread
GetFileType
PeekNamedPipe
GetStdHandle
GetWindowsDirectoryW
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
OpenProcess
RemoveDirectoryW
FindNextFileW
WaitForMultipleObjects
SetFilePointer
SetEndOfFile
ResetEvent
SetEvent
CreateThread
CreateEventW
GetCurrentProcessId
MoveFileExW
CopyFileW
SetFileAttributesW
MoveFileW
DeleteFileW
CreateDirectoryW
ExpandEnvironmentStringsW
Module32NextW
GetFileAttributesW
Module32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetLogicalDriveStringsW
WaitForSingleObject
ReleaseMutex
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetLocalTime
GetFileSize
GetPrivateProfileStringW
FreeLibrary
GetCommandLineW
FreeResource
GetModuleHandleW
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
SetLastError
GetModuleFileNameW
GetCurrentThreadId
GetVersionExW
InterlockedExchange
CreateMutexW
GetPrivateProfileIntW
FlushInstructionCache
MultiByteToWideChar
CloseHandle
ReadFile
GetLastError
CreateFileW
WideCharToMultiByte
FindClose
FindFirstFileW
WriteFile
lstrlenW
FindResourceW
lstrlenA
FindResourceExW
LoadResource
LockResource
GetDiskFreeSpaceExW
SizeofResource

user32

BeginPaint
DrawFrameControl
GetCursorPos
ScreenToClient
CallWindowProcW
DrawIconEx
UnionRect
GetDlgCtrlID
IntersectRect
ClientToScreen
DestroyIcon
KillTimer
InflateRect
SetFocus
LoadImageW
ShowWindow
OffsetRect
LoadIconW
UpdateLayeredWindow
EqualRect
GetNextDlgTabItem
IsWindowVisible
GetDlgItem
SetRectEmpty
MonitorFromWindow
GetMonitorInfoW
SetCapture
SetCursor
DrawTextW
PtInRect
IsChild
EndPaint
SetRect
IsDialogMessageW
IsRectEmpty
ReleaseCapture
SetTimer
PeekMessageW
GetMessageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
ExitWindowsEx
GetClassInfoExW
GetActiveWindow
ReleaseDC
GetDC
GetWindowRect
FindWindowW
IsWindow
EnableWindow
GetWindowThreadProcessId
CreateWindowExW
CopyRect
GetForegroundWindow
UnregisterClassA
SendMessageW
GetDesktopWindow
SystemParametersInfoW
AttachThreadInput
SetWindowPos
SetForegroundWindow
GetWindow
DefWindowProcW
MapWindowPoints
LoadCursorW
InvalidateRect
GetClientRect
RegisterClassExW
SetWindowLongW
SetActiveWindow
IsWindowEnabled
PostMessageW
RegisterWindowMessageW
MoveWindow
DestroyWindow
GetWindowLongW
GetFocus
GetParent

gdi32

CombineRgn
CreateRectRgn
BitBlt
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleDC
RectInRegion
OffsetRgn
CreateRoundRectRgn
CreateRectRgnIndirect
LineTo
CreateDIBSection
MoveToEx
CreatePen
TextOutW
DeleteObject
GetDeviceCaps
SaveDC
SetBkMode
RestoreDC
SetTextColor
GetTextColor
SelectClipRgn
GetObjectW
GetViewportOrgEx
GetCurrentObject
GetTextExtentPoint32W
SetViewportOrgEx
GetClipRgn
GetStockObject
ExtSelectClipRgn
CreateFontIndirectW
Rectangle
RoundRect

advapi32

RegCreateKeyExW
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteW

shlwapi

PathAddBackslashW
StrToIntA
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrToIntW
PathAppendW

msvcp80

?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?uncaught_exception@std@@YA_NXZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

msvcr80

memcmp
floor
_CxxThrowException
__CxxFrameHandler3
_putenv
_open
_close
_read
_strnicmp
_strdup
_stricmp
_wcslwr
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_stat64
getenv
_lseeki64
_fstat64
fflush
_gmtime64
strncpy
strerror
__sys_nerr
strcat
sprintf
strcmp
fgets
fputs
_errno
memchr
_strtoi64
_local_unwind4
memcpy
strstr
strtoul
strrchr
strlen
memset
strcpy
__iob_func
_wcsupr_s
isxdigit
toupper
realloc
isdigit
rand
srand
_mbschr
__RTDynamicCast
_time32
_exit
strncpy_s
??3@YAXPAX@Z
calloc
sprintf_s
free
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
memcpy_s
??0exception@std@@QAE@ABV01@@Z
memmove_s
_recalloc
swprintf_s
??0exception@std@@QAE@ABQBD@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
_mbsicmp
wcsstr
_mbscmp
_wtoi
_vscwprintf
wcsspn
vswprintf_s
wcscspn
wcsrchr
_wcslwr_s
_vscprintf
_wtof
vsprintf_s
wcscat_s
_vswprintf
_beginthreadex
_purecall
strtol
_wcsnicmp
wcstol
_waccess
_wcsicmp
_wfopen_s
fclose
malloc
fwrite
wcscpy_s
fseek
ftell
ceil
_wrename
wcschr
iswspace
setlocale
_wfopen
wcspbrk
tolower
_wtol
wcsncpy
wcstok
_time64
_mktime64
fread
fputc
fprintf
_vsnprintf_s
fopen
sscanf
atoi
strncmp
strchr
isspace
isalpha
isalnum
_wtoi64
memmove
_snwprintf

gdiplus

GdipSetStringFormatAlign
GdipAddPathPieI
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdiplusShutdown
GdipDrawImageRectI
GdiplusStartup
GdipDrawImageI
GdipCreateStringFormat
GdipAddPathRectangleI
GdipPrivateAddFontFile
GdipRotateWorldTransform
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipTranslateWorldTransform
GdipMeasureString
GdipResetWorldTransform
GdipDrawString
GdipSetPixelOffsetMode
GdipSetPenDashStyle
GdipFillRectangle
GdipSetSmoothingMode
GdipCreateLineBrushFromRectWithAngleI
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipGetImageWidth
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetImageAttributesColorMatrix
GdipFillPath
GdipDisposeImageAttributes
GdipSetTextRenderingHint
GdipSetPenMode
GdipAddPathArcI
GdipDisposeImage
GdipSetCompositingQuality
GdipFillRectangleI
GdipGetImageHeight
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneFontFamily
GdipDrawImageRectRect
GdipClosePathFigure
GdipAlloc
GdipCreateFromHDC
GdipCloneImage
GdipDrawPath
GdipDeletePath
GdipSetPenEndCap
GdipLoadImageFromFile
GdipSetPenStartCap
GdipSetClipPath
GdipCreateSolidFill
GdipCreatePath
GdipGetFontSize
GdipDeletePen
GdipCloneBrush
GdipDrawRectangleI
GdipDeleteBrush
GdipGetFamily
GdipCreatePen1
GdipDeleteFont
GdipSetStringFormatTrimming
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDrawLinesI
GdipDrawLineI
GdipDrawImageRectRectI
GdipDrawLine
GdipAddPathStringI
GdipSetStringFormatLineAlign
GdipFree
GdipDeleteFontFamily
GdipCreateImageAttributes

ws2_32

accept
__WSAFDIsSet
select
listen
recvfrom
sendto
WSAGetLastError
WSASetLastError
ioctlsocket
connect
inet_addr
getsockname
setsockopt
bind
getsockopt
htons
ntohs
recv
send
inet_ntoa
WSACleanup
gethostbyname
closesocket
socket
WSAStartup

winmm

timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 584KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e8003100a9ae9cfb7e775f85c4e814fc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcp80

comctl32

msimg32

msvcr80

gdiplus

ws2_32

winmm

version

Sections

.text Size: 584KB - Virtual size: 581KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 488KB - Virtual size: 488KB

.text
Size: 584KB - Virtual size: 581KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 488KB - Virtual size: 488KB