1edcf3b9c4bb7b1b91b3f032ef183d50f9fb45ec84577434697625bae0b1c010

Sharing

Copy URL

Twitter E-mail

General

Target

1edcf3b9c4bb7b1b91b3f032ef183d50f9fb45ec84577434697625bae0b1c010
Size

199KB
MD5

2cca352b0e8562b880b3fd47d577f4c5
SHA1

4d11452b028bc04fd0b890bd6bcf999e55a6dca9
SHA256

1edcf3b9c4bb7b1b91b3f032ef183d50f9fb45ec84577434697625bae0b1c010
SHA512

9ce3e295da4bed13510d70cadd98c46e17f0a61f1c0c9996dd12c22edef777e218e0fabab504e06309be51fa811705d189f3f634f62a769d7e12fd7321cb2a2d
SSDEEP

3072:TrF2G7hA4Ak3rUdt0yQwMqqDLy/DzAxAuJOVG7Jb:TZRtrUt87qqDLuDzAxAuJOVG7J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1edcf3b9c4bb7b1b91b3f032ef183d50f9fb45ec84577434697625bae0b1c010

Files

1edcf3b9c4bb7b1b91b3f032ef183d50f9fb45ec84577434697625bae0b1c010
.exe windows x64

cd1b219c4e3af8d102e8255269e65bdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc110u

ord280
ord286
ord290
ord1492
ord5580
ord4450
ord8269
ord13858
ord8005
ord487
ord11482
ord2747
ord1113
ord490
ord1115
ord2748
ord4500
ord4411
ord2160
ord872
ord1360
ord4664
ord3627
ord3639
ord3620
ord3538
ord3541
ord2460
ord4296
ord984
ord4665
ord11688
ord3117
ord3224
ord3223
ord3753
ord11644
ord2575
ord5116
ord13588
ord5594
ord13175
ord11244
ord4274
ord6493
ord13949
ord14037
ord7499
ord14031
ord2912
ord4291
ord9232
ord5456
ord4299
ord4726
ord4693
ord4687
ord4723
ord4745
ord4702
ord4731
ord4741
ord4710
ord4714
ord4718
ord4706
ord4735
ord4698
ord1707
ord1698
ord1702
ord1694
ord1685
ord11777
ord11779
ord13334
ord7928
ord8797
ord10536
ord6591
ord11740
ord8507
ord14029
ord11463
ord3655
ord3660
ord11609
ord8681
ord11253
ord11252
ord5327
ord9824
ord9820
ord9822
ord9823
ord9821
ord2644
ord7758
ord9791
ord3154
ord3157
ord13222
ord5873
ord5787
ord6155
ord3016
ord3253
ord285
ord445
ord10008
ord10922
ord2127
ord8582
ord11692
ord8751
ord2643
ord13218
ord5871
ord11651
ord10572
ord7085
ord6128
ord3003
ord5543
ord4022
ord8292
ord2851
ord3688
ord8670
ord2136
ord5877
ord488
ord1114
ord3893
ord5960
ord6450
ord3106
ord3215
ord265
ord2292
ord2296
ord2255
ord2320
ord4122
ord287
ord291
ord1661
ord13859
ord554
ord2424
ord11864
ord14045
ord4577
ord11767
ord9969
ord12438
ord12376
ord4384
ord7868
ord5059
ord9915
ord2385
ord12056
ord12055
ord14030
ord7498
ord14036
ord8939
ord3952
ord3890
ord12457
ord7516
ord1962
ord11503
ord11502
ord13909
ord12045
ord7566
ord14108
ord5991
ord14110
ord5993
ord14109
ord5992
ord977
ord6477
ord3673
ord5577
ord11759
ord7765
ord11771
ord11739
ord1050
ord1082
ord3892
ord4959
ord5239
ord5427
ord8891
ord5215
ord5430
ord4962
ord5105
ord4943
ord7310
ord7311
ord7301
ord5103
ord7767
ord9786
ord8750
ord1028
ord310
ord12126
ord2866
ord13770
ord7738
ord5545
ord1632
ord2286
ord266
ord1480
ord3252
ord1411
ord13418
ord12633
ord1102
ord13415
ord471
ord13420
ord13414
ord2741
ord1040
ord2217
ord8011
ord7245
ord10549
ord1441
ord344
ord5551
ord2752
ord1165
ord3772
ord555
ord4595
ord1494
ord1027
ord296
ord6371
ord2290
ord3118
ord1482
ord2316

msvcr110

_lock
free
__CxxFrameHandler3
memset
_wtoi
malloc
memcpy
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
calloc
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs

kernel32

SetFileAttributesW
RemoveDirectoryW
SetEnvironmentVariableW
Sleep
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
WinExec
InitializeCriticalSectionAndSpinCount
LocalFree
GetLastError
lstrlenW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary

user32

GetClientRect
DrawIcon
AppendMenuW
GetSystemMenu
GetSystemMetrics
EnableWindow
IsIconic
SendMessageW
LoadIconW

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleRun

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType
SetErrorInfo
CreateErrorInfo
GetErrorInfo

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd1b219c4e3af8d102e8255269e65bdd

Headers

DLL Characteristics

File Characteristics

Imports

mfc110u

msvcr110

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 16KB - Virtual size: 18KB

.pdata Size: 4KB - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 38KB - Virtual size: 38KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 16KB - Virtual size: 18KB

.pdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 38KB - Virtual size: 38KB