9b11b82130a538e19c662b268cb88ec72cea6e415a050a970b745ada694e4b6c

Sharing

Copy URL Twitter E-mail

General

Target

9b11b82130a538e19c662b268cb88ec72cea6e415a050a970b745ada694e4b6c
Size

187KB
MD5

45bc580fc2d8d4a2b400d22a09735518
SHA1

5873799f78c66a0ec5c314a2f6a8c132e3524ddd
SHA256

9b11b82130a538e19c662b268cb88ec72cea6e415a050a970b745ada694e4b6c
SHA512

e6867a0fd78c56abb9a23996f7ebe6ceb3cbda174f2f057d1993139a489d955c372e8702c1c47364fa7aa891c9e3c75dc9942a0ca63e19ac5383669e3488c2ee
SSDEEP

3072:f7yLHCY2dVBJ7iyfceCu/wtfzZuLLR39psi9XSgjFUPMkgpVO/DN7xdF03n:z8Hb2djceeud7sKypgHO/h7ZM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b11b82130a538e19c662b268cb88ec72cea6e415a050a970b745ada694e4b6c

Files

9b11b82130a538e19c662b268cb88ec72cea6e415a050a970b745ada694e4b6c
.dll windows x86

2f6c7515899b1dba6830aeb0bfac30b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mybtnst

?SetSideColor@CButtonST@@QAEXK@Z
?SetBkColor@CButtonST@@QAEXK@Z
?SetText@CButtonST@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetFocuseColor@CButtonST@@QAEXK@Z
??0CButtonST@@QAE@XZ
??1CButtonST@@UAE@XZ

mfc90ud

ord7203
ord7029
ord6407
ord7569
ord2565
ord5487
ord1410
ord8595
ord4008
ord2390
ord446
ord940
ord6305
ord2493
ord2746
ord6816
ord872
ord598
ord874
ord723
ord8150
ord8241
ord8239
ord352
ord2472
ord602
ord4005
ord1140
ord8394
ord6531
ord1476
ord6565
ord6268
ord9161
ord8199
ord6879
ord961
ord3462
ord286
ord2174
ord1133
ord4426
ord291
ord4477
ord9152
ord2166
ord354
ord5420
ord784
ord912
ord2475
ord668
ord6442
ord2298
ord2957
ord5531
ord750
ord8692
ord726
ord2732
ord1922
ord3369
ord8238
ord2320
ord2321
ord3761
ord361
ord347
ord399
ord292
ord1189
ord896
ord3367
ord2402
ord646
ord3248
ord1706
ord6302
ord1902
ord6106
ord9173
ord1408
ord9151
ord3652
ord6125
ord935
ord8530
ord4013
ord5841
ord5835
ord8553
ord9105
ord6282
ord2723
ord2717
ord5948
ord296
ord5872
ord4398
ord701
ord5497
ord7015
ord812
ord2954
ord4661
ord8783
ord2339
ord2336
ord5987
ord2033
ord6440
ord7538
ord2701
ord7420
ord9365
ord6377
ord7604
ord3245
ord1900
ord2863
ord5197
ord6487
ord2307
ord8868
ord7644
ord7642
ord1218
ord1223
ord1227
ord1225
ord1229
ord3551
ord3571
ord3555
ord3561
ord3559
ord3557
ord3574
ord3569
ord3553
ord3576
ord3564
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord4348
ord6712
ord3143
ord1860
ord487
ord5329
ord9110
ord335
ord2411
ord2410
ord2251
ord2250
ord4659
ord8780
ord2032
ord714
ord5779
ord930
ord950
ord6164
ord6121
ord9366
ord5738
ord9368
ord6537
ord2906
ord1665
ord952
ord1628
ord1626
ord1654
ord1553
ord9196
ord1504
ord1617
ord2713
ord5998
ord5342
ord425
ord942
ord1523
ord1664
ord1662
ord1516
ord1423
ord1503
ord336
ord948
ord715
ord2861
ord8169
ord5747
ord1389
ord7462
ord9297
ord7868
ord5781
ord2716
ord4474
ord7626
ord7628
ord3337
ord5991
ord6804
ord7638
ord7603
ord8152
ord3804
ord4122
ord4320
ord6518
ord4097
ord4323
ord3807
ord3996
ord3796
ord5598
ord5599
ord5589
ord3994
ord5994
ord6707
ord6465
ord3140
ord1857
ord8287
ord5054
ord6446
ord7593
ord6466
ord3033
ord1769
ord406
ord302
ord963
ord753
ord5281
ord2849
ord7590
ord690
ord5530
ord943
ord722

msvcr90d

_mktime64
_gmtime64_s
_snprintf_s
_errno
_CrtDbgReport
free
strcpy
wcscpy
_vsnprintf_s
memset
_vsnwprintf_s
_snwprintf_s
wcscpy_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
wcslen
_time64
sin
cos
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CRT_RTC_INITW
??_V@YAXPAX@Z
_localtime64_s
wcsftime
wcsncpy_s
wcstod
memmove_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_CrtDbgReportW
_invalid_parameter
??0exception@std@@QAE@XZ
__CxxFrameHandler3

kernel32

WaitForSingleObject
GetModuleFileNameW
TerminateThread
Sleep
GetPrivateProfileStringW
GetTickCount
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
MulDiv
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary

user32

IntersectRect
OffsetRect
InflateRect
EqualRect
UnionRect
SetRect
PtInRect
IsRectEmpty
CopyRect
SetRectEmpty
MessageBoxA
GetMessagePos
PeekMessageW
GetSystemMetrics
MoveWindow
SubtractRect

oleaut32

SysFreeString

msvcp90d

?_Orphan_all@_Container_base_secure@std@@QBEXXZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1_Container_base_secure@std@@QAE@XZ
??0_Container_base_secure@std@@QAE@XZ

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Exports

Exports

HideDialog
InitDialog
ScanfParam
ShowDialog

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f6c7515899b1dba6830aeb0bfac30b3

Headers

DLL Characteristics

File Characteristics

Imports

mybtnst

mfc90ud

msvcr90d

kernel32

user32

oleaut32

msvcp90d

advapi32

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 8KB - Virtual size: 8KB