b1a030ca3d6003f5fe003f59c0ccc41248284a735ec096a36007af9e21880d5f

Sharing

Copy URL Twitter E-mail

General

Target

b1a030ca3d6003f5fe003f59c0ccc41248284a735ec096a36007af9e21880d5f
Size

1.5MB
MD5

60fed0ee89ab9a50f2773f3c588729b6
SHA1

2c2cf6f7deb7a6039d65a729ca2d0a08391871e1
SHA256

b1a030ca3d6003f5fe003f59c0ccc41248284a735ec096a36007af9e21880d5f
SHA512

5bf982ca76d0c5976ff5ed6488f58e47388b3c819aea4a13671185c983c263eba66c03f09ce24babc86372f081468cc5edc905f1bdc19bc017cebeb7b37f30e4
SSDEEP

24576:gDtDL9nL2bEsiyhclMd7A/7LnwmwdAwm5bg3JTd5C84aWIVnrhEBn7Dd88hp:EtqOyhcg0b9gBdz4alV27D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1a030ca3d6003f5fe003f59c0ccc41248284a735ec096a36007af9e21880d5f

Files

b1a030ca3d6003f5fe003f59c0ccc41248284a735ec096a36007af9e21880d5f
.exe windows x86

ac2412d541cb23c12e4e420cee830c4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100

ord10213
ord9571
ord10148
ord10879
ord10882
ord10880
ord10881
ord1483
ord1479
ord2063
ord12430
ord262
ord11150
ord2611
ord13125
ord9399
ord6835
ord888
ord1288
ord7141
ord1952
ord12672
ord1639
ord6112
ord9281
ord5098
ord11787
ord11153
ord11184
ord9449
ord7355
ord4078
ord11180
ord11172
ord5238
ord3409
ord13481
ord13484
ord13482
ord13485
ord13480
ord13483
ord7144
ord11413
ord13181
ord10922
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord8486
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord11627
ord3429
ord2613
ord7861
ord3741
ord2744
ord8224
ord5784
ord919
ord826
ord5242
ord305
ord2626
ord7837
ord1929
ord7876
ord13124
ord4144
ord3755
ord2838
ord8231
ord6090
ord1263
ord4341
ord5830
ord12868
ord462
ord5036
ord10930
ord12540
ord11963
ord11243
ord12665
ord1481
ord1437
ord6573
ord1230
ord822
ord10071
ord8776
ord6810
ord3636
ord2250
ord12347
ord3487
ord390
ord949
ord6258
ord9501
ord4433
ord5560
ord12067
ord3979
ord8554
ord8076
ord8320
ord2660
ord8348
ord11151
ord2820
ord6010
ord11274
ord2056
ord13310
ord2818
ord4317
ord11297
ord13329
ord2061
ord266
ord265
ord7491
ord7927
ord11940
ord6054
ord796
ord3695
ord5776
ord337
ord1727
ord1900
ord2184
ord2183
ord11882
ord917
ord341
ord6970
ord12128
ord4340
ord12344
ord4345
ord3421
ord10595
ord3390
ord7889
ord6836
ord11924
ord5837
ord3439
ord316
ord901
ord4283
ord1982
ord5774
ord943
ord374
ord1278
ord878
ord915
ord895
ord5777
ord8304
ord9286
ord7357
ord4772
ord6888
ord6898
ord6897
ord5444
ord4606
ord4774
ord4625
ord5123
ord4881
ord8439
ord5095
ord4903
ord4622
ord11103
ord2846
ord2944
ord2945
ord3484
ord11060
ord2338
ord5253
ord12482
ord10672
ord6128
ord13300
ord7074
ord13302
ord2661
ord3984
ord13980
ord3991
ord4401
ord4368
ord4364
ord4398
ord4419
ord4377
ord4406
ord4415
ord4385
ord4389
ord4393
ord8139
ord10013
ord9992
ord12438
ord10300
ord4791
ord5627
ord3621
ord978
ord422
ord4790
ord300
ord12283
ord5175
ord13095
ord4344
ord2187
ord3475
ord5875
ord3746
ord7863
ord12440
ord7211
ord4788
ord1316
ord310
ord3970
ord7206
ord6809
ord3254
ord1012
ord5858
ord5302
ord8228
ord3744
ord1227
ord812
ord6572
ord4785
ord11067
ord8137
ord10007
ord10360
ord4381
ord4410
ord4373
ord1514
ord1507
ord1509
ord1503
ord1496
ord11188
ord11190
ord12644
ord2847
ord8351
ord9994
ord6217
ord11154
ord8070
ord13294
ord10883
ord3395
ord11025
ord8222
ord13973
ord13972
ord14045
ord14062
ord3620
ord2974
ord2973
ord14058
ord14060
ord14061
ord2752
ord5532
ord12531
ord2416
ord8235
ord11107
ord8305
ord12285
ord3977
ord7871
ord1313
ord9475
ord6678
ord946
ord381
ord6314
ord7933
ord6213
ord12962
ord12094
ord1231
ord14059
ord2417
ord7349
ord2878
ord1485
ord2881
ord12535
ord2088
ord5534
ord2742
ord3738
ord1294
ord4505
ord1296

msvcr100

memset
__CxxFrameHandler3
_CIsqrt
memcpy
_setmbcp
_unlink
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
malloc
free
fwrite
toupper
isdigit
atol
sscanf
_localtime64
_splitpath
fprintf
_stat64i32
fgets
memcpy_s
_beginthread
qsort
strtoul
strtok
atof
atoi
ftell
ldiv
_time64
fclose
fseek
fread
feof
fopen
sprintf
strncpy
?what@exception@std@@UBEPBDXZ
isalnum
??0exception@std@@QAE@ABV01@@Z
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException

kernel32

EnterCriticalSection
GetModuleFileNameA
GetLocalTime
CopyFileA
CreateDirectoryA
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
Sleep
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GlobalHandle
OutputDebugStringA
FindResourceA
ReadFile
CloseHandle
CreateProcessA
CreatePipe
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLastError
LeaveCriticalSection
DeleteFileA

user32

SendMessageA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
ClientToScreen
GetWindowLongA
GetActiveWindow
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
CopyRect
InflateRect
DestroyIcon
DestroyMenu
DestroyCursor
WindowFromPoint
EqualRect
AdjustWindowRect
IsWindow
LoadIconW
GetClassNameA
GetWindow
RemoveMenu
LoadMenuW
GetCursorPos
EnableWindow
UnionRect
FrameRect
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
DrawFocusRect

gdi32

DeleteDC
SetBkColor
SelectObject
BitBlt
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreateFontIndirectA
GetObjectA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

comctl32

InitCommonControlsEx
_TrackMouseEvent

ws2_32

closesocket
socket
htons
inet_addr
gethostbyname
connect
select
send
gethostname
inet_ntoa
bind
recvfrom
ntohs
WSAStartup

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac2412d541cb23c12e4e420cee830c4e

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

ws2_32

msvcp100

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 41KB - Virtual size: 48KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 41KB - Virtual size: 48KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 29KB - Virtual size: 28KB