2d4571f1578107e30a89c1d918998ede7330e797653c3f2f1b64fd6a2b1c72bf

Sharing

Copy URL Twitter E-mail

General

Target

2d4571f1578107e30a89c1d918998ede7330e797653c3f2f1b64fd6a2b1c72bf
Size

7.8MB
MD5

87febe2c6ffd7a038e1f90a023a58b40
SHA1

13efccf9c1ec0b6c7ff7d094ed4516dba33a143e
SHA256

2d4571f1578107e30a89c1d918998ede7330e797653c3f2f1b64fd6a2b1c72bf
SHA512

09959c44dfeb2c2e5136ee835ba2edb3d87b6183e9bacaa6e0075af5d23be35b76a5ee9677c20df61b24790d084081a8b15a43e6275892c8b22de71f0739a356
SSDEEP

196608:QJXbrQsZGGGGGGGGGG2WM/exGGGGGGGGGG2MPDwGGGGGGGGGG2SMOq2:QJLrQsZGGGGGGGGGG2WM/exGGGGGGGGX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d4571f1578107e30a89c1d918998ede7330e797653c3f2f1b64fd6a2b1c72bf

Files

2d4571f1578107e30a89c1d918998ede7330e797653c3f2f1b64fd6a2b1c72bf
.exe windows x64

55c9c4259686cd4b154b8f665bbd216b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

user32

SendMessageA
UpdateWindow
PostMessageA
LoadBitmapA
SetCapture
SetForegroundWindow
EnableWindow
DrawTextA
DrawIconEx
InflateRect
CopyRect
GetSysColor
InvalidateRect
LoadImageA
DestroyIcon
GetParent
OffsetRect
GetClientRect
GetWindowRect
SetTimer
LockWindowUpdate
GetWindow
GetFocus
wsprintfA
SetActiveWindow
BringWindowToTop
KillTimer
DrawFocusRect
FillRect
GetDC
PostQuitMessage
ScreenToClient
GetMenuState
CheckMenuItem
AppendMenuA
CreatePopupMenu
GetMessagePos
GetSubMenu
GetCursorPos
EnableMenuItem
LoadMenuA
UnionRect
ClientToScreen
WindowFromPoint
GetDesktopWindow
GetSystemMetrics
DispatchMessageA
TranslateMessage
PeekMessageA
SetWindowLongA
PtInRect
SetCursor
IsWindow
ReleaseDC
CopyIcon
LoadCursorA
MessageBeep
RegisterWindowMessageA
PostThreadMessageA
MsgWaitForMultipleObjects
LoadIconA

ole32

CLSIDFromString
CLSIDFromProgID
OleRun
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity

oleaut32

GetErrorInfo
SysAllocString
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString

msvcr90

fwrite
_mbsupr
_invalid_parameter_noinfo
_CxxThrowException
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
memmove_s
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
strcpy
realloc
wcslen
strcat
_strupr
_strlwr
vsprintf_s
_vsnprintf
srand
wcscpy
fread
_beginthreadex
_endthreadex
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
sprintf_s
memcpy_s
memcmp
fputs
vsprintf
abs
isxdigit
rand
malloc
free
_localtime64
memcpy
_mktime64
strtok
sprintf
strncpy
atof
_time64
__timezone
labs
__C_specific_handler
_strnicmp
strcmp
fopen
fgets
fclose
memset
strncmp
strrchr
_mbsstr
strchr
strstr
strlen
??_V@YAXPEAX@Z
atol
??2@YAPEAX_K@Z
atoi
_stricmp
??3@YAXPEAX@Z
__CxxFrameHandler3
_setmbcp
fprintf

mfc90

ord4964
ord4359
ord5613
ord2808
ord5530
ord1410
ord5710
ord5276
ord2098
ord2063
ord6368
ord2686
ord2679
ord4675
ord628
ord4816
ord3681
ord3773
ord4576
ord4577
ord576
ord4375
ord4591
ord2932
ord5320
ord1635
ord1698
ord1699
ord2010
ord1392
ord3011
ord6012
ord5083
ord3429
ord6408
ord3893
ord6410
ord1556
ord2226
ord2233
ord2470
ord2452
ord2450
ord2468
ord2480
ord2457
ord2473
ord2478
ord2461
ord2463
ord2465
ord2459
ord2475
ord2455
ord947
ord943
ord945
ord941
ord936
ord5353
ord5355
ord6086
ord1636
ord4384
ord4833
ord3488
ord5334
ord4285
ord6406
ord5191
ord1954
ord5271
ord4346
ord1434
ord4039
ord1659
ord1662
ord6041
ord3133
ord4068
ord4973
ord4976
ord4482
ord4487
ord4484
ord4502
ord4504
ord4489
ord4889
ord4700
ord4281
ord4272
ord5097
ord4903
ord4547
ord770
ord5294
ord2091
ord583
ord3253
ord3069
ord5295
ord1393
ord3430
ord5272
ord4336
ord1581
ord2136
ord4196
ord1517
ord1977
ord3775
ord614
ord2012
ord5760
ord2433
ord2320
ord5845
ord6164
ord1310
ord355
ord2970
ord3287
ord3338
ord2411
ord1213
ord5448
ord6428
ord1209
ord5437
ord6417
ord1616
ord362
ord3265
ord4364
ord5323
ord1433
ord6038
ord3131
ord1585
ord558
ord1714
ord5003
ord4846
ord4313
ord5302
ord1840
ord1938
ord3732
ord6366
ord2218
ord2722
ord923
ord300
ord4689
ord3529
ord1839
ord1928
ord1444
ord2562
ord2719
ord4423
ord6784
ord12388
ord6498
ord670
ord3312
ord4339
ord1605
ord2138
ord4197
ord1518
ord1979
ord6397
ord1428
ord762
ord3409
ord3061
ord4345
ord1630
ord1693
ord2145
ord3767
ord6192
ord6413
ord5731
ord3026
ord6533
ord8756
ord8517
ord11869
ord4340
ord2139
ord9354
ord6806
ord3966
ord2435
ord3972
ord4224
ord1426
ord5951
ord5985
ord5991
ord1837
ord1516
ord3970
ord5993
ord795
ord919
ord6302
ord1949
ord3278
ord642
ord3169
ord2068
ord3137
ord393
ord2560
ord2953
ord1598
ord424
ord1060
ord1038
ord3482
ord262
ord3528
ord616
ord358
ord2781
ord1660
ord1395
ord4299
ord4781
ord4466
ord4029
ord6208
ord2865
ord6216
ord3882
ord6388
ord2202
ord4470
ord4607
ord5633
ord6280
ord3145
ord2745
ord2795
ord6290
ord2322
ord1424
ord1001
ord5510
ord3803
ord3795
ord2884
ord3991
ord2030
ord2703
ord3731
ord4688
ord2533
ord1927
ord1834
ord1846
ord768
ord3413
ord3065
ord6308
ord5987
ord3974
ord2937
ord6296
ord1828
ord5521
ord4027
ord6309
ord6303
ord755
ord3402
ord4342
ord1627
ord2142
ord877
ord4850
ord1437
ord5864
ord1926
ord6776
ord6484
ord664
ord2973
ord5849
ord3245
ord4456
ord3578
ord348
ord3314
ord3037
ord5287
ord4341
ord4490
ord4893
ord4304
ord4546
ord2140
ord608
ord3743
ord332
ord2944
ord2432
ord8961
ord11660
ord7206
ord11053
ord9120
ord6880
ord6867
ord6808
ord754
ord6759
ord6671
ord6651
ord6535
ord563
ord6464
ord10064
ord3010
ord6011
ord9334
ord10076
ord1337
ord2227
ord11879
ord5268
ord4038
ord1591
ord2489
ord2490
ord3070
ord11965
ord956
ord6017
ord3015
ord6015
ord3014
ord11487
ord3017
ord9829
ord11723
ord11721
ord2680
ord7753
ord2301
ord5033
ord4666
ord7152
ord11173
ord12890
ord7145
ord8416
ord11548
ord10059
ord10415
ord11541
ord7032
ord9748
ord9589
ord7950
ord7794
ord7978
ord9377
ord7972
ord9614
ord12405
ord12395
ord9082
ord10113
ord9084
ord9083
ord12615
ord9081
ord11846
ord8218
ord9528
ord3422
ord774
ord3641
ord731
ord527
ord4831
ord5331
ord4314
ord4290
ord4956
ord4980
ord4910
ord5187
ord5190
ord5188
ord5189
ord3758
ord4727
ord4847
ord3246
ord4334
ord1579
ord2133
ord3244
ord2132
ord598
ord1331
ord1827
ord4421
ord5609
ord4374
ord1555
ord4382
ord5332
ord1618
ord1358
ord3642
ord537
ord734
ord3759
ord4692
ord6171
ord5885
ord2860
ord3435
ord6273
ord1314
ord3327
ord2141
ord4198
ord2001
ord6545
ord2436
ord5001
ord2130
ord1673
ord2319
ord5755
ord600
ord336
ord3678
ord4045
ord4455
ord2597
ord4213
ord4409
ord6103
ord9106
ord6930
ord6735
ord10929
ord10291
ord9225
ord7141
ord10150
ord3414
ord3066
ord5293
ord3772
ord3890
ord1674
ord526
ord3852
ord536
ord6414
ord538
ord767
ord2185
ord574
ord1022
ord3486
ord6386
ord1457
ord1523
ord6247
ord305
ord3006
ord972
ord340
ord5239
ord5345
ord604
ord6219
ord1103
ord1080
ord12010
ord12800
ord9578
ord10063
ord9910
ord12742
ord11771
ord12223
ord7372
ord9571

kernel32

lstrcpyA
lstrcpynA
WideCharToMultiByte
GetCurrentThread
CloseHandle
TerminateThread
CreateSemaphoreA
GetVersionExA
GetPrivateProfileStringA
CreateDirectoryA
GetPrivateProfileSectionA
FileTimeToSystemTime
GetFileTime
CreateFileA
_lclose
_lread
_lopen
GetModuleFileNameA
GetTempPathA
TerminateProcess
GetExitCodeProcess
WritePrivateProfileSectionA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
LocalAlloc
WinExec
FreeLibrary
Sleep
CopyFileA
DeleteFileA
GetShortPathNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
OpenProcess
WritePrivateProfileStringA
LoadLibraryA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetWindowsDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
SetLastError
GetLastError
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
MultiByteToWideChar
GetTickCount
GetComputerNameExA
GetComputerNameA
GetPrivateProfileIntA
MoveFileA
GetCurrentThreadId
LocalFree
Process32Next

gdi32

GetCurrentObject
GetObjectA
GetBkColor
GetTextColor
GetStockObject
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA

advapi32

CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegQueryValueA
QueryServiceConfigA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHCreateItemFromParsingName

comctl32

InitCommonControlsEx

ws2_32

getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55c9c4259686cd4b154b8f665bbd216b

Headers

DLL Characteristics

File Characteristics

Imports

msvcp90

user32

ole32

oleaut32

msvcr90

mfc90

kernel32

gdi32

advapi32

shell32

comctl32

ws2_32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 863KB - Virtual size: 863KB

.data Size: 22KB - Virtual size: 69KB

.pdata Size: 147KB - Virtual size: 146KB

.rsrc Size: 4.6MB - Virtual size: 4.6MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 863KB - Virtual size: 863KB

.data
Size: 22KB - Virtual size: 69KB

.pdata
Size: 147KB - Virtual size: 146KB

.rsrc
Size: 4.6MB - Virtual size: 4.6MB