efe5b519843a14cf1e666e3b4e4ebf7e183368ad610cd5d0ffd57f7eb646e675

Sharing

Copy URL

Twitter E-mail

General

Target

efe5b519843a14cf1e666e3b4e4ebf7e183368ad610cd5d0ffd57f7eb646e675
Size

145KB
MD5

5de57bb8c0a36328c980654fa712b096
SHA1

28c672deb971a4da5fd0b38178c639937a9fd656
SHA256

efe5b519843a14cf1e666e3b4e4ebf7e183368ad610cd5d0ffd57f7eb646e675
SHA512

1ae3cb0c8b0fe89917b36611ab5cc24dca4b71aa6f669365b28ecab391f36d45d88190d974a0b76e1f45e7e3d124dbd824c8707a5d86b1dd30e450a70c94d520
SSDEEP

3072:gkHBkYroKeYfOdmUt2AOF+MqqDLy/YVvWQkVrJu1:gkHJrveYfOdZtxOF1qqDLuY8LrJA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efe5b519843a14cf1e666e3b4e4ebf7e183368ad610cd5d0ffd57f7eb646e675

Files

efe5b519843a14cf1e666e3b4e4ebf7e183368ad610cd5d0ffd57f7eb646e675
.exe windows x64

39f2f2c650d1cf3464870419c6962db3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc90u

ord1635
ord4393
ord4843
ord3494
ord5335
ord4294
ord6421
ord5201
ord1954
ord5284
ord4355
ord1429
ord4048
ord1658
ord1661
ord6053
ord3135
ord1582
ord1713
ord1714
ord4699
ord5013
ord4856
ord4322
ord5314
ord3740
ord1080
ord1103
ord296
ord583
ord3405
ord3073
ord5346
ord1430
ord6056
ord3137
ord1623
ord1690
ord3257
ord4345
ord1578
ord2136
ord4205
ord1514
ord1977
ord1837
ord1919
ord1840
ord1926
ord1938
ord789
ord2973
ord6381
ord2437
ord2722
ord887
ord4035
ord4139
ord2436
ord1949
ord4871
ord722
ord512
ord1335
ord2378
ord2473
ord641
ord5217
ord392
ord3173
ord642
ord2068
ord3141
ord393
ord290
ord595
ord1468
ord1463
ord323
ord2314
ord1205
ord791
ord286
ord777
ord266
ord6209
ord2218
ord2326
ord6319
ord4191
ord280
ord1469
ord643
ord2336
ord394
ord1519
ord6101
ord285
ord3008
ord6259
ord3343
ord2459
ord2016
ord2981
ord1473
ord2184
ord1309
ord440
ord916
ord6320
ord265
ord2364
ord287
ord291
ord5449
ord1185
ord6432
ord1237
ord1215
ord1211
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1553
ord6423
ord3902
ord6425
ord3436
ord5093
ord6027
ord3014
ord1389
ord5307
ord2010
ord1699
ord1698
ord1634
ord5332
ord2932
ord4601
ord4373
ord3269
ord362
ord2303
ord602
ord588
ord753
ord617
ord310
ord889
ord1071
ord1149
ord589
ord2067
ord772
ord4145
ord4121
ord6422
ord3901
ord6424
ord4438
ord2110
ord2065
ord5713
ord3906
ord1025
ord5230
ord6363
ord5511
ord3932
ord1966
ord3005
ord5356
ord5358
ord4050
ord4687
ord5362
ord5345
ord5367
ord5365
ord938
ord943
ord947
ord945
ord949
ord2455
ord2975
ord2475
ord5696
ord2602
ord2797
ord2904
ord4419
ord2780
ord2907
ord2605
ord2711
ord2465
ord2463
ord2461
ord680
ord2478
ord2598
ord3818
ord3819
ord3809
ord2709
ord4051
ord4596
ord4372
ord3424
ord577
ord4658
ord3783
ord2230
ord779
ord1233

msvcr90

_fmode
wcslen
free
_wtoi
memset
malloc
memcpy
_amsg_exit
_CxxThrowException
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__CxxFrameHandler3
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs

kernel32

GetProcAddress
LoadLibraryW
WinExec
HeapFree
FreeLibrary
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
lstrlenW
SetEnvironmentVariableW
Sleep

user32

GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuW
SendMessageW
LoadIconW
EnableWindow
IsIconic

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

OleRun
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39f2f2c650d1cf3464870419c6962db3

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 13KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 13KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 31KB