40f9fd338c4d5cd7302f66c77e264e4794f389aae114f6b6d728ab58719b4142

Sharing

Copy URL

Twitter E-mail

General

Target

40f9fd338c4d5cd7302f66c77e264e4794f389aae114f6b6d728ab58719b4142
Size

885KB
MD5

73bbaa34d4831f651f6654cb18247a01
SHA1

bb833e62170942eebcda5016766294d8e3c49f45
SHA256

40f9fd338c4d5cd7302f66c77e264e4794f389aae114f6b6d728ab58719b4142
SHA512

26178120fe2b99f3f889fdd4dd66cac9a3b9365870d7685cd4d832408e35d0719f61718b3d34cfc96d4e73f105ca6a32c11fca74f5940aadad33b8b412ad5238
SSDEEP

12288:dfTBYfwDJhf2/INiOQU8yhrJo4RDBW6580J:hTBYfwdh2/INiOQUfhNo4RDd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40f9fd338c4d5cd7302f66c77e264e4794f389aae114f6b6d728ab58719b4142

Files

40f9fd338c4d5cd7302f66c77e264e4794f389aae114f6b6d728ab58719b4142
.exe windows x64

c1e46f99d8caade3e729ef189271de24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc90

ord1523
ord305
ord3006
ord3245
ord574
ord2185
ord767
ord6386
ord3775
ord1022
ord5521
ord1457
ord3486
ord2320
ord5849
ord755
ord2142
ord1627
ord4342
ord3402
ord2432
ord3287
ord2433
ord266
ord265
ord538
ord6414
ord3852
ord5609
ord526
ord6273
ord2954
ord2328
ord2860
ord2953
ord671
ord3036
ord3313
ord1314
ord2001
ord4198
ord2141
ord3327
ord3767
ord5731
ord6413
ord6192
ord762
ord2145
ord1693
ord1630
ord4345
ord3061
ord3409
ord3759
ord1358
ord4692
ord2083
ord1618
ord5332
ord4382
ord1555
ord4374
ord537
ord993
ord734
ord3642
ord1846
ord795
ord2970
ord1516
ord1837
ord4980
ord3758
ord4727
ord6021
ord4290
ord5189
ord5188
ord5190
ord5187
ord4910
ord4956
ord4314
ord4847
ord5331
ord4831
ord527
ord731
ord3641
ord602
ord1977
ord1517
ord4196
ord2136
ord1581
ord4336
ord3069
ord3253
ord583
ord2437
ord923
ord5864
ord5993
ord1444
ord2562
ord664
ord3970
ord4133
ord2533
ord1938
ord424
ord1598
ord1311
ord3243
ord1980
ord316
ord2380
ord3293
ord1038
ord1213
ord1060
ord3966
ord2560
ord2936
ord5991
ord5951
ord6806
ord9354
ord2139
ord3133
ord6041
ord1434
ord4340
ord5334
ord11869
ord8517
ord8756
ord6533
ord3529
ord5985
ord2435
ord3732
ord4689
ord2218
ord2722
ord6219
ord6194
ord6366
ord362
ord512
ord722
ord4861
ord4846
ord1840
ord1839
ord5302
ord4313
ord5003
ord1714
ord1713
ord1585
ord3131
ord6038
ord1662
ord1659
ord4039
ord1433
ord4346
ord5272
ord1954
ord5191
ord6406
ord4285
ord5323
ord3488
ord4833
ord4384
ord1636
ord6086
ord5355
ord5353
ord936
ord941
ord945
ord943
ord947
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1556
ord6410
ord3893
ord6408
ord3430
ord5083
ord6012
ord3011
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord2932
ord4591
ord4364
ord3265
ord617
ord3972
ord1080
ord1949
ord589
ord310
ord798
ord1152
ord1071
ord1148
ord1149
ord2067
ord12010
ord12800
ord9578
ord10063
ord9910
ord12742
ord11771
ord12223
ord7372
ord9571
ord4136
ord4112
ord6409
ord3892
ord6407
ord4429
ord2110
ord2065
ord5701
ord3897
ord1023
ord5220
ord6348
ord5499
ord3923
ord1966
ord3002
ord5344
ord5346
ord8058
ord4041
ord4677
ord5350
ord5333
ord5684
ord2602
ord2797
ord2904
ord4410
ord2780
ord2907
ord2605
ord2711
ord2598
ord3809
ord3810
ord3800
ord2709
ord4042
ord4586
ord4363
ord8878
ord6744
ord776
ord6938
ord3774
ord1103
ord778
ord1237

msvcr90

vsprintf_s
_strlwr
_strupr
realloc
memmove_s
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
malloc
__CxxFrameHandler3
sprintf_s
fwrite
memcmp
memcpy_s
free
_strnicmp
_vsnprintf
sprintf
vsprintf
_localtime64
fread
fgets
rand
atoi
_time64
_setmbcp
strstr
fopen
fprintf
fclose
strncmp
strchr
atol
strtol
_localtime64_s
strrchr
__C_specific_handler
memset
memcpy
srand
_mktime64
_endthreadex
_beginthreadex
_stricmp
_strdup
??0exception@std@@QEAA@XZ
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock

kernel32

CloseHandle
CreateSemaphoreA
GetComputerNameA
GetCurrentThread
WideCharToMultiByte
lstrcpyA
GetWindowsDirectoryA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FormatMessageA
LocalAlloc
LocalFree
FreeLibrary
GetPrivateProfileIntA
GetTickCount
lstrlenA
GetCurrentThreadId
WritePrivateProfileStringA
MoveFileA
WinExec
DeleteFileA
FindFirstFileA
FindNextFileA
Sleep
CopyFileA
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
TerminateThread
OpenProcess
GetPrivateProfileStringA
FindClose
GetModuleFileNameA
TerminateProcess
GetExitCodeProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryA
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

SetMenuDefaultItem
LoadImageA
GetCursorPos
UpdateWindow
wsprintfA
PtInRect
InflateRect
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
GetMessagePos
SetCursor
AppendMenuA
IsWindow
CopyIcon
LoadCursorA
SetWindowLongA
MessageBeep
RegisterWindowMessageA
PostThreadMessageA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
CreatePopupMenu
OffsetRect
GetWindowRect
GetParent
SetForegroundWindow
KillTimer
SetTimer
BringWindowToTop
LoadBitmapA
GetSystemMetrics
EnableWindow
LoadIconA
GetClientRect
IsIconic
PostMessageA
SendMessageA
GetSysColor
DrawIcon

gdi32

GetStockObject
GetTextExtentPoint32A
GetObjectA
DeleteObject
CreateFontIndirectA

advapi32

RegEnumValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleRun
CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString
GetErrorInfo

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1e46f99d8caade3e729ef189271de24

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp90

Sections

.text Size: 320KB - Virtual size: 320KB

.rdata Size: 229KB - Virtual size: 228KB

.data Size: 9KB - Virtual size: 14KB

.pdata Size: 29KB - Virtual size: 28KB

.rsrc Size: 296KB - Virtual size: 295KB

.text
Size: 320KB - Virtual size: 320KB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 9KB - Virtual size: 14KB

.pdata
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 296KB - Virtual size: 295KB