892aad35b1a82fc61f77f2081b8420c05f7b1e51745a2b7a23b743310d791dcd

Sharing

Copy URL

Twitter E-mail

General

Target

892aad35b1a82fc61f77f2081b8420c05f7b1e51745a2b7a23b743310d791dcd
Size

152KB
MD5

70903d6827707a0d4da76d3d6b679eb9
SHA1

88cc737c70a3f2c391e3a4396bfa3d533aeffd19
SHA256

892aad35b1a82fc61f77f2081b8420c05f7b1e51745a2b7a23b743310d791dcd
SHA512

85675f0bd7a1ec9596cac2d1e80f23153c1d75121e95801c4f126bf3bb1ac5dcef8192cbbaf54e14741e5572446efc6364fa83334e54cdf84bb9ffb5860fb869
SSDEEP

3072:GQDb90rfmGSRom/kkFNc/EQNScvlt4tjet74u:XnkSFMEQ7vjget74

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
892aad35b1a82fc61f77f2081b8420c05f7b1e51745a2b7a23b743310d791dcd

Files

892aad35b1a82fc61f77f2081b8420c05f7b1e51745a2b7a23b743310d791dcd
.dll windows x86

0e22c2af125a0bca21a06c898f05ee46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc120u

ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord3809
ord5821
ord12114
ord12122
ord4546
ord8099
ord10314
ord12126
ord12094
ord12799
ord5667
ord10131
ord9090
ord6758
ord2163
ord7881
ord1467
ord992
ord7542
ord5327
ord13404
ord10353
ord3773
ord286
ord8708
ord4010
ord2509
ord8707
ord10735
ord11532
ord10163
ord11478
ord10619
ord11553
ord11769
ord11061
ord9364
ord10865
ord11048
ord11552
ord9381
ord9143
ord11045
ord11480
ord7825
ord10734
ord10193
ord11609
ord10130
ord10230
ord11608
ord11125
ord10157
ord9369
ord9921
ord11756
ord10285
ord11399
ord10205
ord10197
ord11357
ord6839
ord7671
ord9929
ord9928
ord11027
ord8892
ord11003
ord9410
ord11621
ord8793
ord8801
ord10998
ord9407
ord9872
ord9867
ord9395
ord9405
ord9390
ord11159
ord11156
ord8186
ord6122
ord4047
ord4109
ord9279
ord14454
ord7806
ord14448
ord12413
ord12412
ord2444
ord5262
ord8206
ord12736
ord8268
ord8352
ord4843
ord13614
ord3262
ord14094
ord13997
ord8885
ord12818
ord2719
ord9137
ord4936
ord4937
ord4940
ord4938
ord4939
ord9573
ord6773
ord2638
ord11979
ord3137
ord5433
ord9107
ord12054
ord10385
ord9382
ord9349
ord7397
ord1165
ord533
ord7046
ord12006
ord10896
ord11271
ord3362
ord3361
ord3122
ord6121
ord13612
ord3263
ord3260
ord8092
ord2718
ord10166
ord10168
ord10167
ord10165
ord10169
ord5557
ord11600
ord11601
ord9020
ord11964
ord3795
ord11811
ord14447
ord8846
ord6875
ord10883
ord9116
ord3224
ord13738
ord12134
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord4867
ord4874
ord4909
ord4459
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord6774
ord11592
ord13563
ord5838
ord2640
ord11999
ord3898
ord3330
ord3329
ord3223
ord12043
ord5157
ord5454
ord5664
ord9231
ord5430
ord5693
ord5160
ord5316
ord5137
ord7609
ord2708
ord265
ord266
ord3806
ord1509
ord325
ord1050
ord2323
ord2204
ord2366
ord2369
ord2334
ord2368
ord485
ord2226
ord2332
ord2142
ord2258
ord2357
ord7610
ord7600
ord5314
ord8101
ord10136
ord9091
ord8921
ord5603
ord8699
ord3790
ord12048
ord8705
ord7384
ord1110
ord6392
ord6469
ord3839
ord296
ord1042
ord4772
ord2262
ord1108
ord462
ord7004
ord4049
ord1049
ord324
ord1506
ord1508

msvcr120

malloc
modf
swprintf_s
_CxxThrowException
__RTDynamicCast
memcpy
__clean_type_info_names_internal
_except_handler4_common
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
__CxxFrameHandler3
memset
_wtoi
_vsnwprintf_s
_vscwprintf
_except1
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
memmove
??0exception@std@@QAE@ABV01@@Z
_purecall
sprintf_s
_wcsicmp
_time64
free

kernel32

OutputDebugStringW
LeaveCriticalSection
InitializeCriticalSectionEx
GetLastError
EnterCriticalSection
DecodePointer
DeleteCriticalSection
Sleep
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LocalAlloc
LocalFree
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

SetActiveWindow
SendMessageW
PostMessageW
DeferWindowPos
InvalidateRect
SetParent
SetWindowLongW
GetWindowLongW
EnableWindow
GetClientRect

msvcp120

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Mtx_destroy
_Mtx_unlock
_Mtx_lock
_Mtx_init
?_Throw_C_error@std@@YAXH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Exports

Exports

CreateComponent

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e22c2af125a0bca21a06c898f05ee46

Headers

DLL Characteristics

File Characteristics

Imports

mfc120u

msvcr120

kernel32

user32

msvcp120

rpcrt4

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB