2f159ae88fc6985eb73e14b4a5d110ea760674a1d36b039d8a3670dc09e2ee02

Sharing

Copy URL

Twitter E-mail

General

Target

2f159ae88fc6985eb73e14b4a5d110ea760674a1d36b039d8a3670dc09e2ee02
Size

1.4MB
MD5

986a79ca264247282a1c3234f85c3d4e
SHA1

6b5ebc7cc1fb026b4a18f8c4d11458f784c8ec71
SHA256

2f159ae88fc6985eb73e14b4a5d110ea760674a1d36b039d8a3670dc09e2ee02
SHA512

bdef3c88f158d5ddf1ae819aa73056ad0c319284801f50c10f551eb6820cda7bd83afe9ca2da6b1de3af9fdf4356a3444d92d109de29bcdf8f2445b94689431d
SSDEEP

24576:Ub4ZCijkG44B71LyI84bphU0SRtdjOl/OWw9lBGtw+bUV/3e:LZCirjU440ojOsWwi9s/3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f159ae88fc6985eb73e14b4a5d110ea760674a1d36b039d8a3670dc09e2ee02

Files

2f159ae88fc6985eb73e14b4a5d110ea760674a1d36b039d8a3670dc09e2ee02
.exe windows x86

61a5a1a1d5ca5fa5279d44fe15ebff93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3663
ord3626
ord818
ord2414
ord2971
ord283
ord470
ord4275
ord755
ord2864
ord5148
ord4694
ord2301
ord640
ord3092
ord1640
ord323
ord2246
ord3517
ord2379
ord482
ord2135
ord2642
ord6215
ord5981
ord2688
ord4123
ord4224
ord924
ord926
ord858
ord823
ord1871
ord6571
ord5821
ord3662
ord698
ord396
ord414
ord6334
ord5592
ord3437
ord713
ord4187
ord5934
ord928
ord837
ord919
ord838
ord5859
ord6329
ord4083
ord1200
ord922
ord5604
ord3701
ord6142
ord772
ord5860
ord500
ord1620
ord5933
ord3880
ord3425
ord3054
ord3937
ord860
ord920
ord911
ord5630
ord932
ord6508
ord2065
ord6143
ord5863
ord819
ord568
ord936
ord2844
ord2814
ord4317
ord4189
ord6141
ord700
ord398
ord4859
ord3499
ord2515
ord913
ord2233
ord921
ord801
ord6883
ord541
ord1945
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord5260
ord4432
ord560
ord813
ord4273
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord5785
ord3619
ord3573
ord5875
ord5787
ord1641
ord4133
ord4297
ord5788
ord472
ord879
ord5440
ord882
ord6383
ord2801
ord2740
ord876
ord884
ord3571
ord2754
ord6194
ord6128
ord5768
ord6129
ord2289
ord2370
ord3055
ord355
ord3803
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4303
ord3351
ord5012
ord976
ord3810
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord5254
ord2445
ord4427
ord4467
ord4023
ord3693
ord473
ord4333
ord2884
ord3920
ord6069
ord6130
ord2243
ord795
ord6605
ord1146
ord613
ord6119
ord289
ord6209
ord3227
ord929
ord2816
ord3984
ord938
ord877
ord885
ord2380
ord4277
ord2393
ord350
ord551
ord4278
ord5710
ord4129
ord2764
ord3481
ord2252
ord3495
ord934
ord3398
ord3733
ord810
ord384
ord686
ord3287
ord2862
ord2096
ord6008
ord4000
ord2299
ord5271
ord1795
ord3089
ord2859
ord4284
ord4299
ord6880
ord3692
ord809
ord556
ord2152
ord1233
ord4809
ord1088
ord2122
ord5791
ord2753
ord6453
ord3706
ord3983
ord5572
ord2915
ord939
ord941
ord2652
ord1669
ord1199
ord6779
ord6741
ord2358
ord3438
ord6919
ord6766
ord1858
ord401
ord674
ord4245
ord484
ord5852
ord4163
ord6625
ord554
ord4160
ord2537
ord763
ord1126
ord2450
ord942
ord1161
ord3506
ord3021
ord483
ord4202
ord665
ord3175
ord1979
ord5186
ord354
ord2860
ord1158
ord4450
ord4671
ord4676
ord1882
ord4250
ord4945
ord3254
ord2440
ord1694
ord5006
ord5656
ord4470
ord5103
ord3350
ord975
ord5475
ord4154
ord5285
ord736
ord642
ord807
ord733
ord450
ord439
ord6491
ord327
ord436
ord620
ord747
ord5495
ord5472
ord3742
ord5871
ord6565
ord6619
ord6064
ord1776
ord4078
ord6639
ord1949
ord4034
ord5608
ord6283
ord6282
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord4153
ord2383
ord1168
ord1232
ord4428
ord796
ord529
ord402
ord4146
ord2800
ord2494
ord5884
ord2626
ord6067
ord6000
ord2117
ord2120
ord2627
ord4457
ord6195
ord5255
ord3797
ord2997
ord4501
ord5732
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord699
ord397
ord5606
ord2845
ord4200
ord3756
ord6242
ord802
ord542
ord5601
ord6197
ord3995
ord2777
ord1085
ord1001
ord537
ord5939
ord2003
ord5730
ord3948
ord2185
ord2184
ord4214
ord3107
ord5616
ord988
ord3444
ord3193
ord4162
ord3353
ord4622
ord6451
ord3659
ord411
ord709
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5234
ord6369
ord5279
ord5248
ord6335
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord3738
ord815
ord459
ord561
ord743
ord617
ord5301
ord6352
ord5214
ord296
ord5503
ord2635
ord5500
ord2036
ord986
ord6137
ord4159
ord6117
ord1134
ord2621
ord1205
ord2725
ord5289
ord5098
ord4620
ord1894
ord4254
ord2010
ord4957
ord4861
ord4826
ord3187
ord4950
ord5020
ord4517
ord4640
ord4916
ord5002
ord4494
ord4491
ord5021
ord4605
ord5000
ord4416
ord5090

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__CxxFrameHandler
strtol
_mbscmp
_setmbcp
log
exp
qsort
pow
strlen
memcmp
realloc
_fstat
fgetpos
getenv
strtod
_iob
fprintf
_CIpow
_ftol
sqrt
fabs
strcpy
abs
sprintf
tan
floor
memset
memcpy
_CxxThrowException
sscanf
_mbsicmp
_getdiskfree
_getdrive
free
malloc
fclose
fopen
fseek
fwrite
longjmp
strncpy
_setjmp3
__CxxLongjmpUnwind
strncmp
fread
fputc
fflush
calloc
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_controlfp
__set_app_type
__setusermatherr
_initterm

kernel32

GetStartupInfoA
GetModuleHandleA
GetVersion
GetSystemDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
CopyFileA
Sleep
DeleteFileA
DeviceIoControl
GetTickCount
GlobalMemoryStatus
QueryPerformanceCounter
UnmapViewOfFile
CloseHandle
GlobalUnlock
GlobalFree
CreateFileA
GetLastError
lstrcpyA
LocalFree
LocalAlloc
MulDiv
lstrlenA

user32

ReleaseCapture
InvalidateRect
SendMessageA
EnableWindow
LoadCursorA
DefWindowProcA
GetClassInfoA
InvertRect
InflateRect
OffsetRect
FillRect
GetParent
PtInRect
IsWindowVisible
IntersectRect
SetRect
TabbedTextOutA
DrawTextA
GrayStringA
GetClientRect
UpdateWindow
EqualRect
wsprintfA
GetDCEx
GetClassLongA
BeginDeferWindowPos
EndDeferWindowPos
IsRectEmpty
GetSysColorBrush
DestroyCursor
SetFocus
SetScrollRange
SetParent
GetWindowLongA
GetWindow
GetWindowDC
LoadMenuA
GetSubMenu
IsIconic
GetCapture
KillTimer
GetDC
ReleaseDC
SetTimer
GetFocus
GetMessagePos
SystemParametersInfoA
IsWindow
RedrawWindow
GetSystemMetrics
DrawFrameControl
DrawEdge
DrawFocusRect
GetSysColor
LoadBitmapA
ClientToScreen
GetScrollPos
GetKeyState
SetCursor
GetCursorPos
ScreenToClient
SetCapture
GetWindowRect
ClipCursor
MessageBoxA
wvsprintfA
CopyRect

gdi32

Escape
CreateFontIndirectA
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
EndPath
BeginPath
CreatePen
StrokePath
Rectangle
StrokeAndFillPath
Ellipse
Arc
StartPage
GetTextExtentPoint32A
RealizePalette
CreateDIBSection
CreatePalette
DeleteObject
FillPath
CreatePenIndirect
Polyline
Polygon
FillRgn
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
BitBlt
DPtoLP
StartDocA
SetAbortProc
CreateDCA
SelectObject
LPtoDP
GetStockObject
GetViewportOrgEx
PatBlt
GetTextColor
GetObjectA
GetDeviceCaps

advapi32

OpenServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
StartServiceA
CreateServiceA
DeleteService
ControlService
OpenSCManagerA

comctl32

ImageList_AddMasked

Sections

.text
Size: 792KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61a5a1a1d5ca5fa5279d44fe15ebff93

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

Sections

.text Size: 792KB - Virtual size: 788KB

.rdata Size: 204KB - Virtual size: 200KB

.data Size: 44KB - Virtual size: 84KB

.rsrc Size: 412KB - Virtual size: 444KB

.text
Size: 792KB - Virtual size: 788KB

.rdata
Size: 204KB - Virtual size: 200KB

.data
Size: 44KB - Virtual size: 84KB

.rsrc
Size: 412KB - Virtual size: 444KB