e7b6a139070a571a77e000b818de3200f262b13c1d538b9df3cbeff9caffbbb8

Sharing

Copy URL

Twitter E-mail

General

Target

e7b6a139070a571a77e000b818de3200f262b13c1d538b9df3cbeff9caffbbb8
Size

1.5MB
MD5

00d25c3928c53d2e7dd54fefc3fb96ae
SHA1

1e51d01806b29e045382b96e81809de7bd9029f7
SHA256

e7b6a139070a571a77e000b818de3200f262b13c1d538b9df3cbeff9caffbbb8
SHA512

ec8b802d3e60af04b59e41b6888bd32869e8b290a3038c3dbef1a4d01ded94b9d32b1a048c2765bf784e0233678c8e64b322f38544b3935a5a696a3a3a7053dd
SSDEEP

24576:oxMzAYzNVH3NBPgPpb9PevQ8VQSXaxNyFRjvv:oxMkY7H3HQb9PevBjvv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7b6a139070a571a77e000b818de3200f262b13c1d538b9df3cbeff9caffbbb8

Files

e7b6a139070a571a77e000b818de3200f262b13c1d538b9df3cbeff9caffbbb8
.exe windows x86

3957c44f8ac21d1142d3be1f84b7c97e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord5769
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord14421
ord6848
ord4468
ord11663
ord4457
ord13628
ord5911
ord5401
ord14048
ord12067
ord3933
ord3363
ord3364
ord3258
ord12111
ord5228
ord5528
ord5739
ord9305
ord5504
ord5231
ord5390
ord5210
ord7687
ord4950
ord7677
ord3793
ord1389
ord890
ord2241
ord2297
ord8429
ord7618
ord1468
ord8347
ord12190
ord10383
ord12869
ord12806
ord4580
ord7961
ord8285
ord5336
ord10330
ord2484
ord12485
ord12484
ord5388
ord8182
ord3669
ord3808
ord6463
ord3874
ord6540
ord14509
ord7886
ord14507
ord4807
ord1696
ord1044
ord310
ord9353
ord4143
ord4082
ord12888
ord7905
ord2027
ord4987
ord7688
ord11928
ord11927
ord14380
ord1717
ord7964
ord14581
ord6322
ord14583
ord6324
ord14582
ord6323
ord13830
ord993
ord6831
ord3844
ord5894
ord12182
ord8180
ord12194
ord12162
ord5742
ord10202
ord9166
ord1438
ord963
ord9225
ord11145
ord3007
ord3139
ord1692
ord2459
ord3689
ord1529
ord5406
ord3676
ord3789
ord3683
ord3797
ord7459
ord12115
ord458
ord7076
ord9213
ord14054
ord3795
ord3825
ord14149
ord7783
ord3688
ord3796
ord11917
ord1446
ord12372
ord973
ord8322
ord12863
ord14321
ord8679
ord12706
ord2986
ord2477
ord1526
ord300
ord4656
ord12195
ord13056
ord12433
ord3012
ord13039
ord12430
ord2892
ord1721
ord10700
ord6801
ord8847
ord10979
ord12201
ord4920
ord1772
ord12205
ord13798
ord1751
ord11257
ord7461
ord3259
ord1765
ord9192
ord10950
ord4932
ord6947
ord8922
ord1507
ord14502
ord11881
ord3830
ord12032
ord9096
ord11672
ord11671
ord5631
ord10240
ord12116
ord462
ord10236
ord10238
ord10239
ord10237
ord7078
ord1111
ord1458
ord2022
ord14699
ord8173
ord983
ord2298
ord12074
ord6193
ord10207
ord3295
ord3298
ord3159
ord3396
ord3395
ord4084
ord10421
ord6505
ord5960
ord9089
ord1178
ord8031
ord4216
ord8026
ord13584
ord6563
ord8705
ord4218
ord14291
ord2524
ord4869
ord3924
ord6581
ord4315
ord1131
ord6523
ord7619
ord13677
ord2758
ord6195
ord13681
ord2759
ord12163
ord9167
ord9422
ord1000
ord4655
ord1739
ord2210
ord1109
ord12474
ord8997
ord10986
ord10963
ord2680
ord1698
ord316
ord266
ord265
ord1509
ord11343
ord2407

kernel32

CreateWaitableTimerA
OutputDebugStringW
LocalFree
FormatMessageA
OpenEventA
GetTickCount
ResumeThread
WaitForMultipleObjects
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
GetProcAddress
GetModuleHandleW
GetModuleHandleA
RemoveDirectoryA
FindNextFileA
FindFirstFileA
FindClose
GetCommandLineA
DeleteFileA
SystemTimeToFileTime
CreateDirectoryA
GetLocalTime
SetFilePointer
GetFileSize
CreateFileA
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
GetTimeZoneInformation
GetSystemTime
VirtualFree
VirtualAlloc
OutputDebugStringA
HeapFree
HeapAlloc
GetProcessHeap
ReleaseSemaphore
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateSemaphoreA
GetSystemTimeAsFileTime
VerifyVersionInfoA
CreateNamedPipeA
TlsSetValue
TerminateThread
QueueUserAPC
SetWaitableTimer
WaitForSingleObject
GetQueuedCompletionStatus
DisconnectNamedPipe
ConnectNamedPipe
SetLastError
VerSetConditionMask
TlsGetValue
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
WriteFile
ReadFile
SetEvent
CloseHandle
CreateEventA
TlsFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
GetLastError

user32

GetSystemMetrics
DrawIcon
GetDC
ReleaseDC
GetClientRect
IsIconic
ReleaseCapture
MessageBeep
LoadMenuW
EnableMenuItem
GetSubMenu
GetCursorPos
SetTimer
KillTimer
PostMessageA
LoadIconW
SendMessageA
EnableWindow

gdi32

GetDeviceCaps

comdlg32

GetOpenFileNameA

comctl32

ord17

shlwapi

PathRemoveFileSpecA
PathFileExistsA

ole32

CoUninitialize
CoCreateGuid
CoInitialize

ws2_32

WSACleanup
WSAGetLastError
WSAStartup

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

vcruntime140

memchr
__std_exception_copy
__std_exception_destroy
__current_exception
_CxxThrowException
__std_type_info_compare
memmove
memset
__CxxFrameHandler3
__current_exception_context
_except_handler4_common
_purecall
__std_terminate
memcpy

api-ms-win-crt-runtime-l1-1-0

strerror
_controlfp_s
_register_thread_local_exe_atexit_callback
_beginthreadex
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_c_exit
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-time-l1-1-0

_localtime64
_gmtime64
_time64
_localtime64_s
clock

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__p__commode
__stdio_common_vsscanf
_get_stream_buffer_pointers
fseek
ftell
__stdio_common_vsprintf
fopen
fclose
fflush
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
_set_fmode

api-ms-win-crt-convert-l1-1-0

atoi
_i64toa
_ultoa
_atoi64
atof
_ltoa

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

ispunct
isspace

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3957c44f8ac21d1142d3be1f84b7c97e

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

gdi32

comdlg32

comctl32

shlwapi

ole32

ws2_32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 32KB - Virtual size: 33KB

.rsrc Size: 111KB - Virtual size: 111KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 32KB - Virtual size: 33KB

.rsrc
Size: 111KB - Virtual size: 111KB