aaba68d18412d10462c6cdbd24292a4830469879580960df35dde17fe9a77c04

Sharing

Copy URL

Twitter E-mail

General

Target

aaba68d18412d10462c6cdbd24292a4830469879580960df35dde17fe9a77c04
Size

929KB
MD5

1d83cd1eeddde13f4f14ed41a4d26df4
SHA1

d1ba0dbeb4b127af891ca2b940e845053e3f41d9
SHA256

aaba68d18412d10462c6cdbd24292a4830469879580960df35dde17fe9a77c04
SHA512

ba79a1f2c37a858ed9247527c2a79bd5411ea8808a1682b28f52d53a8559d247fbdd185ce606750acab938464e29592050657e13954b59cb881f3b095d9c7b67
SSDEEP

12288:UqBW6Kg4x8zvwkWn8OtZp6wOjjIN7RYsA7f8xJr2ju/RY9yfKEY:U8Kg4x8zvwkG9O3DUTVa4z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaba68d18412d10462c6cdbd24292a4830469879580960df35dde17fe9a77c04

Files

aaba68d18412d10462c6cdbd24292a4830469879580960df35dde17fe9a77c04
.exe windows:5 windows x86

70aa7326e18b65a3056bcc93ecea9363

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100

ord2841
ord2939
ord3758
ord7214
ord3260
ord3404
ord4144
ord5144
ord12090
ord12962
ord1483
ord7889
ord5177
ord7835
ord11627
ord11461
ord7875
ord11781
ord7487
ord5837
ord3439
ord6054
ord5776
ord4341
ord5774
ord2184
ord2183
ord11924
ord4345
ord3390
ord943
ord12861
ord374
ord5801
ord12099
ord12552
ord11437
ord11455
ord11812
ord11728
ord11949
ord11941
ord12124
ord12790
ord12473
ord12850
ord7994
ord12847
ord11875
ord12857
ord11878
ord4589
ord7322
ord7491
ord7927
ord11940
ord796
ord337
ord4340
ord6836
ord7265
ord11447
ord2872
ord1292
ord6628
ord7266
ord6678
ord1939
ord946
ord381
ord5803
ord8305
ord11107
ord2416
ord12531
ord5532
ord2752
ord2973
ord2974
ord3620
ord9475
ord10360
ord11067
ord8137
ord10007
ord888
ord6112
ord9281
ord5098
ord11787
ord11153
ord11184
ord9449
ord7355
ord4078
ord11180
ord11172
ord5238
ord3409
ord13481
ord13484
ord13482
ord13485
ord13480
ord13483
ord7144
ord11413
ord13181
ord10922
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord8486
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord1288
ord6835
ord9185
ord9188
ord9192
ord921
ord11179
ord10967
ord345
ord1586
ord850
ord7576
ord12672
ord1890
ord6328
ord6686
ord404
ord8307
ord9282
ord13735
ord12805
ord12608
ord2502
ord4961
ord5514
ord8178
ord3414
ord10016
ord10244
ord8292
ord11648
ord4930
ord11453
ord14124
ord14042
ord14129
ord13656
ord13875
ord13651
ord13852
ord13863
ord13717
ord8570
ord2374
ord11822
ord11029
ord3662
ord3616
ord13223
ord4744
ord4735
ord9447
ord14043
ord13803
ord13804
ord13783
ord13814
ord13784
ord963
ord9968
ord3406
ord9190
ord9191
ord8234
ord5612
ord3655
ord977
ord2524
ord11277
ord14116
ord10906
ord421
ord5830
ord3695
ord7474
ord1210
ord788
ord863
ord6089
ord8349
ord9993
ord2837
ord3187
ord3201
ord11370
ord8968
ord9530
ord13979
ord3181
ord3459
ord12989
ord12987
ord3445
ord3413
ord4434
ord12069
ord2348
ord1530
ord3617
ord3664
ord3665
ord7058
ord5091
ord5025
ord13097
ord13090
ord3697
ord12729
ord13000
ord13012
ord1261
ord9681
ord9818
ord10326
ord6820
ord12865
ord13306
ord6060
ord2819
ord2932
ord1224
ord4464
ord13136
ord13130
ord12716
ord12091
ord2084
ord1332
ord2035
ord916
ord339
ord4841
ord5543
ord1325
ord2193
ord5171
ord7871
ord5575
ord6344
ord925
ord985
ord1264
ord1276
ord8308
ord5252
ord12479
ord8332
ord2215
ord3985
ord11112
ord11017
ord7348
ord2762
ord7520
ord4429
ord4430
ord5445
ord11348
ord1524
ord12488
ord5257
ord12486
ord5256
ord10395
ord5273
ord7945
ord10751
ord10746
ord4736
ord3400
ord4076
ord10459
ord9422
ord11038
ord8271
ord877
ord865
ord828
ord433
ord1544
ord12724
ord12154
ord12145
ord12148
ord3489
ord12583
ord2573
ord11380
ord12415
ord8392
ord1480
ord12683
ord7077
ord6690
ord826
ord6063
ord1231
ord6386
ord265
ord1977
ord12719
ord12094
ord5875
ord3746
ord7863
ord3475
ord2187
ord4344
ord7590
ord6010
ord2056
ord11274
ord13310
ord3421
ord4511
ord2574
ord2842
ord11939
ord3488
ord4130
ord5272
ord11297
ord13329
ord7363
ord11511
ord12128
ord4143
ord11744
ord3426
ord1263
ord6090
ord8231
ord2838
ord3755
ord1342
ord1330
ord745
ord4498
ord2200
ord2892
ord782
ord781
ord6829
ord6637
ord8391
ord5432
ord6098
ord12432
ord7216
ord5437
ord6106
ord3738
ord2742
ord8222
ord5777
ord1280
ord1271
ord915
ord1479
ord13219
ord4790
ord5821
ord968
ord7876
ord1982
ord1315
ord4283
ord3839
ord266
ord7581
ord4505
ord11439
ord6521
ord300
ord2063
ord2067
ord6689
ord6970
ord9507
ord7933
ord2769
ord7206
ord310
ord1316
ord13131
ord13137
ord12440
ord316
ord5175
ord1313
ord4785
ord12868
ord3970
ord3254
ord430
ord457
ord7211
ord4343
ord3744
ord8228
ord5302
ord5858
ord4422
ord4423
ord4426
ord4425
ord4424
ord1900
ord3429
ord2613
ord7861
ord3741
ord2744
ord5534
ord12535
ord8224
ord11025
ord11154
ord1503
ord1507
ord4398
ord4364
ord4368
ord6128
ord2338
ord11060
ord2846
ord5444
ord8304
ord5784
ord895
ord1929
ord2061
ord6207
ord1294
ord2611
ord13045
ord5242
ord305
ord5207
ord1448
ord2626
ord901
ord6940
ord9094
ord9093
ord10134
ord8109
ord10113
ord8614
ord10697
ord8020
ord8028
ord10108
ord8612
ord9034
ord9030
ord8600
ord8610
ord8595
ord10255
ord10252
ord7437
ord5533
ord12533
ord2881
ord2878
ord7349
ord2417
ord14059
ord14061
ord14060
ord14058

msvcr100

_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
__getmainargs
_amsg_exit
_onexit
free
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
vsprintf_s
__RTDynamicCast
memmove_s
memset
exit
_purecall
_setmbcp
_CxxThrowException
atol
_mktime64
_time64
_localtime64_s
malloc
atoi
sprintf_s
memcpy_s
strftime
strcat_s
strcpy_s
_cexit
__CxxFrameHandler3

kernel32

GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
DecodePointer
lstrlenW
lstrcmpiA
FindResourceA
LoadResource
LockResource
FreeResource
WideCharToMultiByte
GetVersion
GetVersionExA
WritePrivateProfileStringA
GlobalAlloc
InterlockedExchange
GlobalLock
GlobalUnlock
GetPrivateProfileStringA
MultiByteToWideChar
InterlockedDecrement
FormatMessageA
lstrlenA
LocalAlloc
LocalFree
InterlockedIncrement
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA

user32

RedrawWindow
GetActiveWindow
GetCapture
SetCapture
GetParent
GetWindowLongA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ReleaseCapture
GetSysColor
SetCursor
UpdateWindow
GetWindowRect
GetDC
ReleaseDC
GetSystemMetrics
SetTimer
KillTimer
GetCursorPos
GetClientRect
SetRect
LoadBitmapW
DrawEdge
CreateMenu
CreatePopupMenu
AppendMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
ModifyMenuA
GetDesktopWindow
DestroyIcon
DrawIconEx
SystemParametersInfoA
GetSysColorBrush
GetMenuItemInfoA
MessageBoxA
DrawFocusRect
FrameRect
FillRect
InflateRect
PtInRect
CopyRect
DrawStateA
LoadImageA
DestroyCursor
InvalidateRect
LoadIconW
SendMessageA
IsWindowVisible
EnableWindow
OffsetRect

gdi32

RectVisible
TextOutA
ExtTextOutA
Escape
CreateSolidBrush
CreateFontA
PtVisible
CreateFontIndirectA
GetObjectA
GetDeviceCaps
GetBkMode
Ellipse
SelectObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
CreateDIBSection
DeleteObject
DeleteDC
GetTextExtentPoint32W
GetTextExtentPoint32A
SetPixel
GetPixel
PatBlt

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CreateStreamOnHGlobal
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize

oleaut32

VariantClear
VariantCopy
VariantInit
SysFreeString
SysAllocString
VarUdateFromDate
VariantChangeType
GetErrorInfo
OleLoadPicture

ws2_32

WSAStartup

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70aa7326e18b65a3056bcc93ecea9363

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

Sections

.text Size: 406KB - Virtual size: 405KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 373KB - Virtual size: 372KB

.reloc Size: 63KB - Virtual size: 63KB

.text
Size: 406KB - Virtual size: 405KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 373KB - Virtual size: 372KB

.reloc
Size: 63KB - Virtual size: 63KB