454d7109a9dd5f7f76b366594b28ea6379d16f3378cbcb733ad47f3ee7b6520e

Sharing

Copy URL Twitter E-mail

General

Target

454d7109a9dd5f7f76b366594b28ea6379d16f3378cbcb733ad47f3ee7b6520e
Size

100KB
MD5

8284c8c42401c2b25016608da081a58a
SHA1

3338e5b3de7aa6568e192b5a45e961bb9216e528
SHA256

454d7109a9dd5f7f76b366594b28ea6379d16f3378cbcb733ad47f3ee7b6520e
SHA512

a2a841ac251256fbb1fb2029b12a2b8b05b88f63b0de0723f57150442460b728b45982d09466a546471d19624090d7cb84fc89afbd080111d0aaf95011aee998
SSDEEP

1536:4cF2RPNyXiCKi5NDSNLpnVTCvdb53ljjnVZT8xvd53ljB/trJH1zRFhuJpnVTpvH:ePQjvtw/1HwitOk1KBYFW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
454d7109a9dd5f7f76b366594b28ea6379d16f3378cbcb733ad47f3ee7b6520e

Files

454d7109a9dd5f7f76b366594b28ea6379d16f3378cbcb733ad47f3ee7b6520e
.exe windows x64

532c33dd9a00ca3c203241f0f7c3381e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc90

ord2470
ord2452
ord2450
ord2468
ord2480
ord2457
ord2473
ord2478
ord2461
ord2463
ord2465
ord2459
ord2475
ord2455
ord947
ord943
ord945
ord941
ord936
ord5353
ord5355
ord6086
ord1636
ord4384
ord4833
ord3488
ord5334
ord4285
ord6406
ord5191
ord1949
ord1954
ord5272
ord4346
ord1434
ord4039
ord4591
ord1659
ord1662
ord6041
ord3133
ord1080
ord1938
ord1103
ord8756
ord6533
ord11869
ord8517
ord9354
ord3265
ord362
ord1585
ord1713
ord1714
ord4689
ord5003
ord4846
ord4313
ord5323
ord4364
ord1433
ord6038
ord3131
ord5302
ord4861
ord3732
ord512
ord2233
ord1149
ord1840
ord5993
ord3970
ord2139
ord4340
ord1839
ord310
ord589
ord8878
ord6744
ord2932
ord2226
ord1556
ord6410
ord3893
ord6408
ord6366
ord3430
ord2562
ord1444
ord6938
ord8058
ord9571
ord7372
ord12223
ord11771
ord12742
ord9910
ord10063
ord9578
ord12800
ord12010
ord6806
ord2067
ord2218
ord5083
ord6012
ord617
ord5333
ord1237
ord3011
ord6194
ord2722
ord2602
ord2797
ord2904
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord798
ord316
ord5350
ord4041
ord5344
ord3002
ord1966
ord1071
ord3923
ord5499
ord6348
ord5220
ord1023
ord3897
ord5701
ord2065
ord2110
ord4429
ord6407
ord3892
ord6409
ord4648
ord3921
ord5684
ord4677
ord5346
ord4112
ord3774
ord4136
ord4363
ord4586
ord4042
ord2709
ord3800
ord3810
ord3809
ord2598
ord2711
ord266
ord776
ord265
ord722
ord2605
ord2907
ord2780
ord4410
ord778

msvcr90

_CxxThrowException
memset
_setmbcp
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
memcpy
atol
free
malloc
strstr
strchr
fopen
fwrite
strrchr
_localtime64
fclose
_time64
_stricmp
sprintf
vsprintf
fprintf
memmove_s
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
_invalid_parameter_noinfo
_strupr
vsprintf_s
realloc

kernel32

LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileSectionA
DeleteCriticalSection
WritePrivateProfileStringA
FreeLibrary
InitializeCriticalSection
TerminateProcess
FindFirstFileA
GetProcAddress
FindClose
LoadLibraryA
WritePrivateProfileSectionA
LocalFree
GetCurrentThreadId
Sleep
GetPrivateProfileIntA
GetTickCount
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
lstrlenA
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
lstrcpyA
GetTempPathA
GetModuleFileNameA

user32

GetSystemMetrics
SendMessageA
EnableWindow
GetClientRect
wsprintfA
IsIconic
LoadIconA
DrawIcon

advapi32

GetUserNameA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

oleaut32

VariantClear

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

532c33dd9a00ca3c203241f0f7c3381e

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

advapi32

shell32

comctl32

oleaut32

msvcp90

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 2KB - Virtual size: 1KB