cec6c17c10a741f7a95155def03fda81523879e038ff39e3d327908346b80e58

Sharing

Copy URL

Twitter E-mail

General

Target

cec6c17c10a741f7a95155def03fda81523879e038ff39e3d327908346b80e58
Size

247KB
MD5

ae4440125c83d4298891d514fdc36a6f
SHA1

7fc7a1bb5111973c7fccd8513b0e22aa38429fef
SHA256

cec6c17c10a741f7a95155def03fda81523879e038ff39e3d327908346b80e58
SHA512

c13731f7c5c182fb997836f208f3c3f59c070ec190c36d1b9abca4eb694e8df2034806388d686b6ce72b07a9866d18d158816133a78092e4650083098a8ae799
SSDEEP

3072:iNfPxXO+vhKF++oMxSl5EkgbrbSO5TIgMiOQlsif/ymOOLwbW:i5PxXO+vlYSl6bOgMiOQVf/ymOOLC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cec6c17c10a741f7a95155def03fda81523879e038ff39e3d327908346b80e58

Files

cec6c17c10a741f7a95155def03fda81523879e038ff39e3d327908346b80e58
.exe windows x64

606dcf5167a6ea5fa59800c7b2819842

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc90

ord4346
ord5272
ord1954
ord5191
ord6406
ord4285
ord5323
ord3488
ord4833
ord4384
ord1636
ord6086
ord5355
ord5353
ord936
ord941
ord945
ord943
ord947
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1556
ord6410
ord3893
ord6408
ord3430
ord5083
ord6012
ord3011
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord2932
ord4591
ord4364
ord3265
ord362
ord316
ord798
ord617
ord1080
ord1103
ord1433
ord310
ord3921
ord1071
ord2067
ord6938
ord12010
ord12800
ord9578
ord10063
ord9910
ord12742
ord11771
ord12223
ord4039
ord1659
ord1662
ord6038
ord3131
ord1585
ord1713
ord1714
ord5003
ord4846
ord7372
ord9571
ord4136
ord4112
ord6409
ord3892
ord6407
ord4429
ord2110
ord2065
ord5701
ord3897
ord1023
ord4313
ord5302
ord1938
ord5220
ord6348
ord1839
ord1149
ord6366
ord5499
ord3923
ord1966
ord3002
ord4861
ord722
ord512
ord2534
ord6194
ord4133
ord4689
ord2380
ord5609
ord2328
ord3732
ord776
ord266
ord5344
ord5346
ord8058
ord4041
ord4677
ord5350
ord5333
ord5684
ord2602
ord2797
ord2904
ord4410
ord2780
ord2907
ord2605
ord2711
ord2598
ord3809
ord3810
ord3800
ord2709
ord4042
ord4586
ord4363
ord8878
ord6744
ord4648
ord3774
ord265
ord589
ord778
ord1237

msvcr90

_setmbcp
_strnicmp
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
__CxxFrameHandler3
_localtime64
_time64
strrchr
strstr
free
fclose
fwrite
fopen
sprintf_s
malloc
fprintf
sprintf
vsprintf
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
memcpy
wcsncpy
memset
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
memmove_s
vsprintf_s
realloc
_strupr
_strlwr
_vsnprintf
strncmp

kernel32

WritePrivateProfileSectionA
GetPrivateProfileSectionA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
LeaveCriticalSection
WritePrivateProfileStringA
FindClose
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
GetPrivateProfileIntA
Sleep
GetCurrentThreadId
FormatMessageA
lstrlenA
LocalAlloc
GetTickCount
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
LocalFree
GetCurrentProcess
GetStartupInfoA
TerminateProcess
GetTempPathA
GetModuleFileNameA
FindFirstFileA

user32

SendMessageA
IsIconic
DrawIcon
GetClientRect
wsprintfA
GetSystemMetrics
EnableWindow
LoadIconA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

GetErrorInfo
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXPEBDHH@Z
?exceptions@ios_base@std@@QEAAXH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

606dcf5167a6ea5fa59800c7b2819842

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

shell32

comctl32

ole32

oleaut32

msvcp90

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 37KB - Virtual size: 37KB

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 37KB - Virtual size: 37KB