e7c92cba1571c229273ac4d64f2014166bc25089cfdb23d7d49ac13dbd628c2d

Sharing

Copy URL Twitter E-mail

General

Target

e7c92cba1571c229273ac4d64f2014166bc25089cfdb23d7d49ac13dbd628c2d
Size

269KB
MD5

d7c19a4014d050b5562170f0a5dee73b
SHA1

37b6319408e1088809c97bef444780b156d7f021
SHA256

e7c92cba1571c229273ac4d64f2014166bc25089cfdb23d7d49ac13dbd628c2d
SHA512

9cab676ae30ffdaa65ac9301f7509921bc6fb91d2c94574faf1754cf1cc399bb5d125e189593abf6c3f57885a51413de0150964c3fee9608af52637fa309108d
SSDEEP

3072:pkCFChmXMOyDoe60B2hl7Exl47fr9KBs9eKOxY9S9K15lUl8UkH9OHnd24CEl12R:eCEh8MnMGPgE8BOHn6EnwAd3l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7c92cba1571c229273ac4d64f2014166bc25089cfdb23d7d49ac13dbd628c2d

Files

e7c92cba1571c229273ac4d64f2014166bc25089cfdb23d7d49ac13dbd628c2d
.dll windows x86

0ebfcba74c02f94881c6113df0f96bae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msgbtn

??0MsgBtn@@QAE@XZ
?SetForeColor@MsgBtn@@QAEXK@Z
?SetBkColor@MsgBtn@@QAEXK@Z
?SetArcColor@MsgBtn@@QAEXK@Z
?SetTextFont@MsgBtn@@QAEXHPB_W@Z
?SetText@MsgBtn@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
??1MsgBtn@@UAE@XZ

mybtnst

??1CButtonST@@UAE@XZ
??0CButtonST@@QAE@XZ
?SetFocuseColor@CButtonST@@QAEXK@Z
?SetSideColor@CButtonST@@QAEXK@Z
?SetText@CButtonST@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetAlign@CButtonST@@QAEKEH@Z
?SetBkColor@CButtonST@@QAEXK@Z

myuser

??0CMyUser@@QAE@XZ
?SaveExcelEx@CMyUser@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
??1CMyUser@@QAE@XZ

mfc90ud

ord6446
ord2032
ord8780
ord4659
ord2250
ord2251
ord2410
ord2411
ord2863
ord7203
ord7029
ord6407
ord7569
ord2565
ord5487
ord6271
ord8111
ord1190
ord7954
ord3686
ord1186
ord5673
ord4008
ord1408
ord5998
ord5300
ord1561
ord333
ord1651
ord9073
ord6268
ord9017
ord6816
ord6090
ord7294
ord7593
ord5530
ord690
ord5054
ord1857
ord3140
ord6707
ord4323
ord8152
ord7603
ord7638
ord6804
ord5991
ord3337
ord7628
ord7626
ord4474
ord2716
ord5781
ord7868
ord9297
ord7462
ord1389
ord5747
ord292
ord2861
ord2906
ord6537
ord9368
ord5738
ord9366
ord6121
ord6164
ord930
ord5779
ord714
ord335
ord812
ord811
ord487
ord486
ord1410
ord5835
ord8553
ord9105
ord6282
ord8530
ord6305
ord4005
ord1140
ord6531
ord8150
ord352
ord8489
ord3891
ord5863
ord8084
ord1476
ord3258
ord8687
ord8692
ord5841
ord2717
ord4358
ord296
ord4013
ord4426
ord915
ord2126
ord9385
ord8054
ord8224
ord7456
ord673
ord2174
ord291
ord4477
ord9152
ord2723
ord961
ord5872
ord6926
ord7189
ord598
ord399
ord347
ord3761
ord2321
ord2320
ord8238
ord3369
ord5948
ord6466
ord1922
ord2732
ord722
ord750
ord872
ord6929
ord7844
ord1706
ord8329
ord1745
ord354
ord2493
ord8239
ord8837
ord3181
ord723
ord8394
ord9173
ord602
ord2472
ord8241
ord6302
ord6106
ord2746
ord874
ord7855
ord5531
ord950
ord2957
ord2298
ord4661
ord8783
ord2339
ord2336
ord5987
ord2033
ord6442
ord7538
ord2701
ord7420
ord9365
ord6377
ord7604
ord3245
ord1900
ord2849
ord5197
ord7015
ord6487
ord2307
ord8868
ord7644
ord7642
ord1218
ord1223
ord1227
ord1225
ord1229
ord3551
ord3571
ord3033
ord1769
ord406
ord753
ord5281
ord1133
ord2166
ord6565
ord3555
ord3561
ord3559
ord3557
ord3574
ord1665
ord952
ord1628
ord1626
ord1654
ord1553
ord9196
ord1504
ord1617
ord2713
ord5342
ord425
ord942
ord1523
ord1664
ord1662
ord1516
ord1423
ord1503
ord336
ord948
ord715
ord935
ord3569
ord3553
ord3576
ord3564
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord7590
ord3804
ord4122
ord4320
ord6518
ord4097
ord4348
ord3807
ord3996
ord3796
ord5598
ord5599
ord5589
ord3994
ord5994
ord6712
ord6465
ord3143
ord940
ord2022
ord9110
ord7113
ord6889
ord8588
ord8426
ord6886
ord6932
ord3462
ord286
ord6924
ord1860
ord8287
ord668
ord302
ord963
ord912
ord701
ord5420
ord943
ord8169

msvcr90d

_vsnprintf_s
wcscpy
strcpy
_CrtDbgReport
_CxxThrowException
_errno
_snprintf_s
_gmtime64_s
_mktime64
floor
ceil
_time64
_decode_pointer
?terminate@@YAXXZ
_malloc_dbg
_vsnwprintf_s
__CxxFrameHandler3
_snwprintf_s
wcscpy_s
calloc
_recalloc
memcmp
_wcsicmp
memmove_s
wcslen
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CRT_RTC_INITW
??_V@YAXPAX@Z
free
wcstod
_CrtDbgReportW
strlen
wcsncpy_s
_wtoi
_localtime64_s
wcsftime
wcscat_s
fread
_wfopen_s
fwrite
fclose
_wtof
memset
sqrt
fabs
strcpy_s
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg

kernel32

WideCharToMultiByte
GetPrivateProfileStringW
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent
RaiseException
DebugBreak
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
lstrlenW
WritePrivateProfileStringW
GetModuleFileNameW
GetTickCount
Sleep
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
GetModuleFileNameA
FreeLibrary
InterlockedDecrement

user32

MessageBoxA
UnionRect
IntersectRect
OffsetRect
InflateRect
EqualRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
CopyRect
MessageBoxExW
PeekMessageW
GetSystemMetrics
MoveWindow
ReleaseCapture
LoadCursorW
SetCursor
SubtractRect

comctl32

_TrackMouseEvent

oleaut32

VarDateFromUdate
VariantChangeType
VarUdateFromDate
VariantTimeToSystemTime
DosDateTimeToVariantTime
SysFreeString
VarDateFromStr
SystemTimeToVariantTime

advapi32

OpenThreadToken
SetThreadToken
RevertToSelf

Exports

Exports

HideDialog
InitDialog
ScanfParam
ShowDialog

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ebfcba74c02f94881c6113df0f96bae

Headers

DLL Characteristics

File Characteristics

Imports

msgbtn

mybtnst

myuser

mfc90ud

msvcr90d

kernel32

user32

comctl32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 1024B - Virtual size: 5.8MB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 24KB - Virtual size: 24KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 1024B - Virtual size: 5.8MB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 24KB - Virtual size: 24KB

.rmnet
Size: 56KB - Virtual size: 60KB