1eef6c7456c72e08ce66b6c3b50a0bda028cbf12368004248e8edea50baa3ba1

Sharing

Copy URL Twitter E-mail

General

Target

1eef6c7456c72e08ce66b6c3b50a0bda028cbf12368004248e8edea50baa3ba1
Size

3.0MB
MD5

4b934d11e9376aff2e770d764718ecfc
SHA1

035fc8e077eaf7d035a2d21f6630eede89f48dcc
SHA256

1eef6c7456c72e08ce66b6c3b50a0bda028cbf12368004248e8edea50baa3ba1
SHA512

02b5a0c85bbe2917ee0ae4460a7bfbb01428ddd2d0ebc3947838f18d3870d5c0413b18cc0a04995ae8c95642e1c7670c37f007e08e737d6f47e4d62aa59ea6ec
SSDEEP

24576:+AUqW6tg90E0AC5HOMmzqDI11w/uaqB/1dbSe1nk:+v0l5HOMmGD81YuaS/1dee1nk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1eef6c7456c72e08ce66b6c3b50a0bda028cbf12368004248e8edea50baa3ba1

Files

1eef6c7456c72e08ce66b6c3b50a0bda028cbf12368004248e8edea50baa3ba1
.exe windows x86

d3b4d7df64bf6b75d0df33a31c84f1e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlite3

sqlite3_prepare16
sqlite3_open16
sqlite3_step
sqlite3_finalize
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_int
sqlite3_column_text
sqlite3_bind_blob
sqlite3_open
sqlite3_exec
sqlite3_close
sqlite3_prepare

mfc120u

ord7376
ord8920
ord10895
ord1428
ord3320
ord3204
ord6726
ord10309
ord9299
ord1421
ord3202
ord6719
ord11780
ord6777
ord13795
ord6025
ord1459
ord7793
ord7956
ord13508
ord5719
ord6752
ord12958
ord10919
ord1682
ord13514
ord2308
ord1442
ord965
ord1455
ord981
ord7394
ord9183
ord10283
ord11370
ord11956
ord9118
ord11977
ord4544
ord3800
ord12052
ord5274
ord11670
ord11675
ord9094
ord8091
ord1148
ord9233
ord8713
ord5858
ord11305
ord4452
ord2515
ord5841
ord13567
ord5842
ord13569
ord13560
ord5837
ord1746
ord12331
ord6033
ord4944
ord13095
ord4943
ord3600
ord8280
ord3132
ord514
ord7033
ord2214
ord7704
ord906
ord3537
ord4949
ord10030
ord11963
ord11998
ord9107
ord6773
ord9929
ord9928
ord11027
ord8892
ord11003
ord11621
ord8794
ord8804
ord10390
ord9407
ord9872
ord9867
ord9395
ord9405
ord9390
ord8186
ord4087
ord2261
ord7521
ord11159
ord11156
ord7671
ord10998
ord2638
ord1422
ord4047
ord7288
ord7511
ord9460
ord10996
ord1396
ord9358
ord11944
ord2626
ord8802
ord13711
ord900
ord7266
ord461
ord7546
ord3651
ord878
ord881
ord1534
ord8006
ord12440
ord2498
ord3274
ord843
ord842
ord12899
ord880
ord1209
ord13226
ord593
ord2167
ord6713
ord7382
ord458
ord6434
ord3914
ord4839
ord358
ord9258
ord2823
ord5324
ord3803
ord7543
ord7703
ord7002
ord7398
ord9013
ord1177
ord4182
ord7946
ord7951
ord6874
ord5574
ord5716
ord13516
ord13506
ord6492
ord9011
ord1159
ord3300
ord3133
ord6473
ord12955
ord12738
ord12824
ord11508
ord14188
ord4573
ord4754
ord895
ord8639
ord4620
ord4128
ord5857
ord13841
ord14437
ord11953
ord11973
ord12046
ord3896
ord8054
ord12328
ord8221
ord3799
ord4212
ord4242
ord4208
ord4166
ord4136
ord4070
ord2609
ord7533
ord4904
ord8873
ord11651
ord11591
ord2584
ord2608
ord5744
ord3325
ord3219
ord7317
ord4109
ord9279
ord14454
ord7806
ord14448
ord12413
ord12412
ord2444
ord10260
ord9001
ord8206
ord7881
ord4546
ord7025
ord12799
ord10314
ord12122
ord8268
ord1467
ord7542
ord8352
ord10131
ord5667
ord9349
ord6389
ord4838
ord2478
ord450
ord3821
ord1105
ord12941
ord2341
ord6462
ord12956
ord8693
ord8247
ord4605
ord265
ord5491
ord8059
ord4692
ord1684
ord6731
ord3212
ord3321
ord1437
ord3653
ord8242
ord2954
ord12792
ord2967
ord285
ord5824
ord2948
ord3761
ord5753
ord7775
ord503
ord1141
ord4672
ord6128
ord5027
ord12430
ord8346
ord13997
ord2130
ord2347
ord266
ord3659
ord2343
ord5082
ord13197
ord6429
ord3120
ord13915
ord7545
ord1102
ord6735
ord3215
ord4193
ord1441
ord9016
ord12047
ord6393
ord3103
ord4176
ord1063
ord9007
ord501
ord1140
ord4050
ord6219
ord2520
ord4456
ord3754
ord1658
ord296
ord280
ord286
ord1042
ord1518
ord1520
ord1521
ord6696
ord1506
ord999
ord4843
ord12043
ord3223
ord3329
ord3330
ord3898
ord11999
ord2640
ord5327
ord5838
ord13563
ord8699
ord14094
ord11592
ord4434
ord13404
ord6774
ord14367
ord9173
ord10875
ord5675
ord1522
ord290
ord12634
ord293
ord12219
ord14463
ord12276
ord14516
ord261
ord6652
ord2336
ord4280
ord5019
ord1687
ord12455
ord4621
ord12755
ord8594
ord8638
ord8655
ord12664
ord9582
ord10618
ord2173
ord6510
ord3889
ord4842
ord2484
ord3918
ord14237
ord4184
ord8628
ord2204
ord5789
ord3911
ord6248
ord13828
ord8358
ord2903
ord13172
ord13181
ord5043
ord5488
ord2844
ord540
ord3140
ord4841
ord1168
ord5487
ord5485
ord13142
ord1648
ord949
ord12094
ord12126
ord8099
ord12114
ord5821
ord3809
ord7206
ord500
ord11837
ord12919
ord13529
ord12222
ord14465
ord14455
ord7807
ord14449
ord3013
ord4451
ord9574
ord5693
ord4459
ord4909
ord4874
ord4867
ord4905
ord4932
ord4883
ord4916
ord4928
ord4891
ord4895
ord4899
ord4887
ord4920
ord4879
ord1736
ord1727
ord2843
ord1139
ord2163
ord13302
ord1731
ord1723
ord1711
ord12132
ord12134
ord13738
ord3224
ord6758
ord992
ord13771
ord6252
ord14527
ord2367
ord9137
ord10883
ord10793
ord6875
ord12095
ord8846
ord14447
ord11811
ord3790
ord3795
ord11964
ord14390
ord11343
ord10023
ord10476
ord10380
ord10022
ord10145
ord11610
ord10412
ord12736
ord8898
ord9020
ord11601
ord11600
ord5557
ord10169
ord10165
ord10167
ord10168
ord10166
ord2719
ord8092
ord10136
ord3260
ord3263
ord13616
ord6123
ord6032
ord3773
ord6392
ord6469
ord2480
ord3839
ord3122
ord3361
ord3362
ord4049
ord10353
ord11271
ord10896
ord8921
ord1108
ord9091
ord2718
ord13612
ord6121
ord12006
ord12957

msvcr120

_except1
fprintf
fopen_s
fflush
_time64
wcsftime
_localtime64_s
strcpy_s
free
_wtof
_CxxThrowException
_wtoi
_CIatan2
__CxxFrameHandler3
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
floor
memcpy
_purecall
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_stricmp
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
exit
?terminate@@YAXXZ
tolower
iswdigit
setlocale
sprintf_s
_finite
memcpy_s
rand
memmove_s
system
malloc
fclose
memmove

kernel32

lstrlenW
WritePrivateProfileStringW
GlobalUnlock
InterlockedDecrement
GetLocalTime
lstrcmpiW
GetPrivateProfileIntW
FindResourceW
LoadResource
SizeofResource
LockResource
GetTickCount
lstrcmpW
GetModuleFileNameW
GetCurrentThreadId
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcpynW
GetPrivateProfileStringW
GlobalLock
CloseHandle
MultiByteToWideChar
CreateMutexW
MulDiv
DeleteFileW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
OutputDebugStringW
LocalFree
Sleep
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
lstrcpyW

user32

SetWindowLongW
InvalidateRect
GetFocus
GetParent
GetClientRect
SendMessageW
FillRect
EnableWindow
GetDlgCtrlID
GetSysColor
GetCursorPos
GetMenuItemID
GetMenuItemCount
DrawFrameControl
DrawTextW
InflateRect
GetWindow
SetWindowRgn
IsZoomed
DrawIconEx
MessageBeep
OffsetRect
IsWindow
InsertMenuW
GetClassNameW
GetWindowDC
LoadBitmapW
SetClassLongW
GetWindowRect
EqualRect
RedrawWindow
CopyRect
MapWindowPoints
SetScrollRange
SetScrollPos
ClientToScreen
SetCursor
LoadCursorW
PtInRect
GetSystemMenu
IsIconic
LoadImageW
PostMessageW
GetKeyState
GetSubMenu
DrawIcon
ModifyMenuW
LoadIconW
LoadMenuW
AppendMenuW
SystemParametersInfoW
EnableMenuItem
GetMenuState
SetWindowPos
DrawMenuBar
SetMenuInfo
RemoveMenu
GetSystemMetrics
CheckMenuItem
GetDC
ReleaseDC
SetRect
ScreenToClient
UpdateWindow
GetMessagePos
GetWindowLongW

gdi32

FillPath
SetTextColor
RoundRect
PatBlt
CreateRectRgnIndirect
GetDeviceCaps
SetBkMode
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
Polygon
Rectangle
CreatePen
CreateSolidBrush

msimg32

TransparentBlt

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFileExistsW
StrCmpLogicalW
PathIsDirectoryW

ole32

CoUninitialize
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime
VarDateFromStr
SysAllocString
VariantClear
VariantInit
SysFreeString

gdiplus

GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_init
_Mtx_lock
_Mtx_unlock
_Mtx_destroy
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

ws2_32

send
closesocket
__WSAFDIsSet
socket
recv
WSACleanup
htons
select
inet_addr
WSAStartup
connect
ioctlsocket

Sections

.text
Size: 782KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3b4d7df64bf6b75d0df33a31c84f1e3

Headers

DLL Characteristics

File Characteristics

Imports

sqlite3

mfc120u

msvcr120

kernel32

user32

gdi32

msimg32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

msvcp120

ws2_32

Sections

.text Size: 782KB - Virtual size: 782KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 8KB - Virtual size: 792KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 81KB - Virtual size: 81KB

.text
Size: 782KB - Virtual size: 782KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 8KB - Virtual size: 792KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 81KB - Virtual size: 81KB