dbaf71408f6825c46210882216ebf136c3e8f94b53198f4244b931cd67968b45

Sharing

Copy URL Twitter E-mail

General

Target

dbaf71408f6825c46210882216ebf136c3e8f94b53198f4244b931cd67968b45
Size

153KB
MD5

5c3c41f3f8063a5f7f0d0a049a5e5e52
SHA1

a8b4fb933ca68c27c369d8f4e71f7aaef0e3827b
SHA256

dbaf71408f6825c46210882216ebf136c3e8f94b53198f4244b931cd67968b45
SHA512

3a995cf954c9d65f8ad6d187825f5b562dd1f8b3a45e29a0053063ced8ea47af2128cbc52316c67f1deb3255323c0f4cd5d6315985da7cbb2dfa402a0eba8db4
SSDEEP

3072:dtRPlmA0F/pstBaDqwONnct437Bl3N2Uq2jb:dtRYA0F/p/uwONct43j92U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbaf71408f6825c46210882216ebf136c3e8f94b53198f4244b931cd67968b45

Files

dbaf71408f6825c46210882216ebf136c3e8f94b53198f4244b931cd67968b45
.exe windows x86

84cf188d7d3899d00f13592fad394c33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord8789
ord9307
ord11749
ord11741
ord5348
ord3835
ord4578
ord11442
ord10353
ord3186
ord11743
ord8279
ord2064
ord10790
ord12481
ord5622
ord5621
ord14640
ord14458
ord11598
ord6988
ord11083
ord11596
ord11597
ord6989
ord5429
ord13940
ord1791
ord13939
ord7148
ord7481
ord2125
ord562
ord1189
ord634
ord1238
ord758
ord1304
ord754
ord1300
ord779
ord1317
ord5736
ord9262
ord8513
ord316
ord1044
ord8426
ord14054
ord4365
ord7990
ord3210
ord13555
ord4377
ord4019
ord13408
ord4342
ord4469
ord4427
ord8488
ord8649
ord8333
ord14020
ord4841
ord2381
ord3230
ord2376
ord12291
ord14518
ord12348
ord14571
ord6724
ord13224
ord12052
ord14150
ord789
ord4462
ord11632
ord2241
ord2560
ord2298
ord4807
ord4490
ord13378
ord7276
ord7279
ord8486
ord7282
ord7277
ord7280
ord7281
ord7283
ord13913
ord7278
ord14572
ord8362
ord7700
ord9174
ord3933
ord14504
ord7883
ord9197
ord12126
ord3827
ord5019
ord12406
ord1783
ord13635
ord13633
ord11380
ord5931
ord8791
ord9309
ord11750
ord11745
ord3837
ord3271
ord7773
ord2065
ord10791
ord11440
ord3052
ord14252
ord11363
ord11457
ord1848
ord9162
ord9674
ord11451
ord2055
ord8387
ord12902
ord3318
ord3429
ord5727
ord10096
ord10099
ord7618
ord994
ord1469
ord877
ord13189
ord1380
ord7961
ord2301
ord2297
ord4450
ord13830
ord8421
ord7910
ord7963
ord7988
ord13996
ord7641
ord7275
ord816
ord1860
ord3014
ord12475
ord366
ord1070
ord11972
ord4440
ord12479
ord14383
ord14448
ord2325
ord14449
ord2313
ord12189
ord14149
ord2316
ord4581
ord462
ord1109
ord3874
ord6540
ord12024
ord1111
ord7461
ord4084
ord1909
ord5250
ord6832
ord9166
ord10202
ord5742
ord12869
ord12162
ord12194
ord10383
ord8180
ord12190
ord12182
ord5894
ord3844
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord5932
ord11927
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord5914
ord7886
ord14509
ord12485
ord12484
ord2484
ord5336
ord8285
ord12806
ord8347
ord8429
ord8420
ord2799
ord12948
ord11838
ord14131
ord8931
ord9165
ord8438
ord14223
ord12526
ord6507
ord9167
ord12067
ord5911
ord13628
ord9192
ord12116
ord3830
ord12032
ord2758
ord8173
ord13677
ord6193
ord3159
ord3395
ord3396
ord10421
ord11343
ord10963
ord8997
ord12074
ord7090
ord7467
ord7413
ord7422
ord481
ord1126
ord4351
ord2303
ord2319
ord10924
ord9169
ord10203
ord3841
ord4693
ord12601
ord12361
ord13293
ord2840
ord7620
ord2556
ord8355
ord13984
ord13756
ord2855
ord5588
ord6174
ord9038
ord3849
ord10972
ord11214
ord9154
ord12727
ord5556
ord12518
ord11199
ord9438
ord2716
ord12905
ord12036
ord4129
ord4080
ord14425
ord5356
ord5347
ord10381
ord10670
ord11086
ord11087
ord9318
ord11689
ord9933
ord7040
ord363
ord1067
ord7452
ord7420
ord861
ord324
ord2219
ord1050
ord360
ord1065
ord13879
ord1545
ord870
ord1722
ord14343
ord5095
ord12503
ord1543
ord1555
ord7398
ord7614
ord989
ord1464
ord12066
ord9183
ord2679
ord6847
ord9213
ord12163
ord12031
ord8266
ord11223
ord11226
ord9463
ord9478
ord9468
ord9940
ord9944
ord9480
ord11066
ord10458
ord8880
ord8870
ord11692
ord11070
ord8968
ord11094
ord10000
ord10001
ord3826
ord11881
ord14502
ord8922
ord12124
ord4486
ord2555
ord6947
ord10950
ord9194
ord3259
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord1751
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord6848
ord11663
ord13625
ord5910
ord2680
ord3932
ord3364
ord3363
ord3258
ord12111
ord5228
ord5528
ord5739
ord9305
ord5504
ord5769
ord5231
ord11928
ord11379
ord5390
ord5210
ord7687
ord7688
ord7677
ord5388
ord8182
ord10207
ord9170
ord12050
ord1187
ord13632
ord5915
ord13634
ord7657
ord1785
ord12405
ord6105
ord5018
ord5017
ord8360
ord3169
ord6195
ord13681
ord3298
ord3295
ord8172
ord2759
ord14699
ord10237
ord10239
ord559
ord7478
ord10238
ord10236
ord10240
ord5631
ord11671
ord7145
ord1507
ord11672
ord14507
ord9096
ord6463
ord1509
ord2407

kernel32

LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetLastError
SetThreadLocale
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
OutputDebugStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter

user32

ClientToScreen
EnableWindow
UpdateWindow
RedrawWindow

shell32

DragAcceptFiles

oleaut32

VariantInit
SafeArrayAccessData
VariantClear

vcruntime140

__CxxFrameHandler3
_purecall
memset
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
terminate
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_onexit_table
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84cf188d7d3899d00f13592fad394c33

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

shell32

oleaut32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 6KB - Virtual size: 5KB