696bab1ecbce5dfea466794cef386e81f528b685ede317da4bdd62f64de2bc4e

Sharing

Copy URL

Twitter E-mail

General

Target

696bab1ecbce5dfea466794cef386e81f528b685ede317da4bdd62f64de2bc4e
Size

1.8MB
MD5

4abf24c98a03f82d6ad414e185316adc
SHA1

85c8678bd04cb698f76b26c4308f6673d3342fff
SHA256

696bab1ecbce5dfea466794cef386e81f528b685ede317da4bdd62f64de2bc4e
SHA512

395bba4e391b6a98862f4806443fbbf11a3646cd29fd0fb63ee16d682f1daf93ad88a40ec2887cc3e2f47a9ef31efb8776d076dd8b05c0a4931d6a011a4ddbda
SSDEEP

49152:2Fghtk1M27IEpfNUOoeAZccb3Msm/LBFvlxjen24lHqx+AjZ89D01wPeYJ6q:2Chtk/jj7E3YBFvfbhxw7eK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
696bab1ecbce5dfea466794cef386e81f528b685ede317da4bdd62f64de2bc4e

Files

696bab1ecbce5dfea466794cef386e81f528b685ede317da4bdd62f64de2bc4e
.exe windows x86

f2c42794e5f6fcd5b9c09073b0c7bdfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CopyFileW
GetLastError
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetProfileIntW
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
LocalFree
FormatMessageA
SetLastError
IsBadReadPtr
GlobalFree
CreateFileA
InterlockedExchange
GetStartupInfoW
LoadLibraryExW
GetModuleHandleA
WriteFile
IsBadWritePtr
VirtualQuery
FormatMessageW
CreateFileW
SetFilePointer
CloseHandle
SetUnhandledExceptionFilter
GetModuleFileNameW
lstrcatW
lstrlenW
WinExec
lstrcpyW
FindResourceW
SizeofResource
LoadResource
LockResource
GetTickCount
GetModuleHandleW
GetProcAddress
lstrcpynW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
MulDiv
GetVersionExW
GetModuleFileNameA

user32

ShowCursor
KillTimer
GetCursorPos
SetCursorPos
RedrawWindow
IsRectEmpty
SetCursor
IsWindow
ScreenToClient
GetAsyncKeyState
InvalidateRect
GetWindowRect
ClientToScreen
PtInRect
IsIconic
GetClientRect
DrawIcon
GetDesktopWindow
GetWindowDC
ReleaseDC
SendMessageW
SetForegroundWindow
EnableWindow
SetRectEmpty
LoadCursorW
GetSystemMetrics
GetDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
PostMessageW
GetParent
SetWindowPos
LoadStringW
GetDlgCtrlID
CreateWindowExW
RegisterClassExW
DefWindowProcW
IsWindowVisible
SetTimer
EndPaint
BeginPaint
DrawTextW
GetSysColor
MessageBeep
SetCapture
ReleaseCapture
SetWindowLongW
InflateRect
HideCaret
wvsprintfW
DrawFocusRect
DrawFrameControl
GetFocus
FillRect
OffsetRect
IsChild
GetSubMenu
LoadMenuW
GetClassNameW
GetWindow
WindowFromPoint
EqualRect
GetForegroundWindow
LoadImageW
ShowWindow
GetWindowLongW
RegisterHotKey
UnregisterHotKey
GetNextDlgGroupItem
DispatchMessageW
GetMessageW
GetDCEx
UpdateWindow
GetCapture
GetWindowTextW
GetIconInfo
GetKeyState
MessageBoxW
SetScrollRange
SetScrollPos
PostQuitMessage
LoadIconW
GetScrollPos
SetRect

gdi32

GetObjectW
DeleteDC
SelectObject
CreateCompatibleBitmap
GetDIBits
SetDIBits
LineDDA
SetPixelV
CreatePen
Rectangle
EnumFontFamiliesExW
CreateFontIndirectW
GetStockObject
CreateCompatibleDC
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
GetBkColor
SetROP2
CreatePatternBrush
CreateBitmap
PatBlt
UnrealizeObject
RealizePalette
SelectPalette
BitBlt
GetPixel
GetTextExtentPoint32W
GetDeviceCaps

advapi32

RegQueryValueW
RegCloseKey
RegOpenKeyExW

shell32

DragFinish
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW

mfc42u

ord3389
ord4400
ord2579
ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord2717
ord5296
ord1131
ord1202
ord804
ord692
ord790
ord815
ord561
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord472
ord2372
ord4282
ord3084
ord609
ord3569
ord4390
ord2567
ord2745
ord2235
ord4474
ord927
ord1197
ord3724
ord3711
ord6777
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord925
ord6770
ord2755
ord6868
ord3785
ord5706
ord5436
ord6379
ord5446
ord6390
ord1263
ord1562
ord1193
ord6115
ord4312
ord6190
ord1563
ord1194
ord1808
ord5857
ord4124
ord6874
ord6139
ord6107
ord3871
ord795
ord3716
ord5261
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord641
ord1143
ord1165
ord324
ord825
ord2855
ord2406
ord2294
ord4229
ord535
ord800
ord940
ord537
ord860
ord540
ord4294
ord4279
ord6193
ord6376
ord4704
ord2371
ord755
ord470
ord4370
ord613
ord2637
ord289
ord6597
ord4470
ord640
ord2397
ord5781
ord1633
ord323
ord5276
ord6051
ord1768
ord4418
ord3605
ord567
ord656
ord4270
ord6195
ord5286
ord4847
ord861
ord2362
ord538
ord6237
ord3397
ord3706
ord783
ord807
ord6871
ord3087
ord6211
ord2078
ord4219
ord5977
ord3566
ord3621
ord3658
ord2746
ord1634
ord2634
ord4688
ord3747
ord5142
ord2810
ord6330
ord823
ord2854
ord3688
ord4128
ord4292
ord5784
ord942
ord2281
ord2293
ord858
ord5568
ord2910
ord801
ord541
ord4273
ord6654
ord6279
ord6278
ord2756
ord6865
ord4197
ord2350
ord2290
ord3870
ord6451
ord3447
ord2507
ord355
ord3798
ord668
ord1972
ord3173
ord3176
ord4053
ord2773
ord2762
ord356
ord2859
ord554
ord5880
ord2004
ord5651
ord4158
ord6617
ord956
ord3559
ord2916
ord3284
ord2286
ord2354
ord1172
ord941
ord5871
ord6168
ord5783
ord283
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord3614
ord5785
ord3494
ord1569

msvcrt

_strupr
swprintf
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
memmove
_mbsstr
time
vsprintf
fopen
_itoa
strrchr
_wtoi
floor
atof
fprintf
strncpy
atol
fseek
ftell
fread
wcscat
strncmp
sscanf
_wsplitpath
_except_handler3
_wcsdup
wcsrchr
wcsstr
fwrite
_wfopen
wcscpy
wcslen
fclose
srand
rand
sprintf
wcscmp
_ftol
swscanf
malloc
free
strstr
__CxxFrameHandler

msvcp60

?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ

Sections

G@fttN7c
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

n8AX*9@?
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

YctJE<X*
Size: 4KB - Virtual size: 122.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_KgDmvNj
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

=k1aUEVS
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2c42794e5f6fcd5b9c09073b0c7bdfc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mfc42u

msvcrt

msvcp60

Sections

G@fttN7c Size: 260KB - Virtual size: 257KB

n8AX*9@? Size: 52KB - Virtual size: 49KB

YctJE<X* Size: 4KB - Virtual size: 122.6MB

_KgDmvNj Size: 1.3MB - Virtual size: 1.3MB

=k1aUEVS Size: 100KB - Virtual size: 99KB

G@fttN7c
Size: 260KB - Virtual size: 257KB

n8AX*9@?
Size: 52KB - Virtual size: 49KB

YctJE<X*
Size: 4KB - Virtual size: 122.6MB

_KgDmvNj
Size: 1.3MB - Virtual size: 1.3MB

=k1aUEVS
Size: 100KB - Virtual size: 99KB