d26304eb00bf5a2b906c920ae2dc4106663ee1cf8f8d0c0cb0b67653b681879b

Sharing

Copy URL Twitter E-mail

General

Target

d26304eb00bf5a2b906c920ae2dc4106663ee1cf8f8d0c0cb0b67653b681879b
Size

9.1MB
MD5

a13ba63930a6da61c05fddeacfa22120
SHA1

58743a30b6c4f0e18e0e2f6ae4d9ae3b4093b3de
SHA256

d26304eb00bf5a2b906c920ae2dc4106663ee1cf8f8d0c0cb0b67653b681879b
SHA512

e1abaa83d37fed6319ad168c42e36946a922217c52a457a88237bbb4ae36976bb8ab99c4d8800d71ddd18872a631f734eaff6dfdcb313413b3450c655c1418e1
SSDEEP

49152:QWCI4s+TYNW+3y//V61z5P6sTQhd8zPr1loUhT11jkkkkkkulSY0INV+2hpUs:JCCm/V+7RzPhloUhTulSY0IX+2h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d26304eb00bf5a2b906c920ae2dc4106663ee1cf8f8d0c0cb0b67653b681879b

Files

d26304eb00bf5a2b906c920ae2dc4106663ee1cf8f8d0c0cb0b67653b681879b
.exe windows:6 windows x86

e0c02c66baa29c6430b6fcb5f8b709a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140d

ord5770
ord4953
ord4955
ord4873
ord15181
ord385
ord1174
ord16819
ord10483
ord15206
ord9328
ord16531
ord3429
ord15111
ord5986
ord15749
ord7461
ord7603
ord17034
ord10629
ord10798
ord11783
ord12342
ord12514
ord13464
ord12600
ord13181
ord12060
ord12505
ord14098
ord3024
ord5145
ord7855
ord379
ord3725
ord6125
ord1172
ord10861
ord1075
ord9141
ord2031
ord2366
ord14525
ord17000
ord1587
ord8952
ord4445
ord4326
ord16960
ord2680
ord1220
ord8569
ord493
ord14051
ord10973
ord1063
ord14400
ord1575
ord13826
ord3466
ord16643
ord1291
ord389
ord6385
ord15600
ord7106
ord2329
ord14893
ord1176
ord520
ord1240
ord5981
ord2581
ord4325
ord4426
ord6518
ord16538
ord6523
ord4531
ord4322
ord16437
ord5359
ord13513
ord1056
ord1572
ord3331
ord1643
ord8898
ord1097
ord3884
ord1603
ord7385
ord593
ord2331
ord14894
ord11106
ord6025
ord16747
ord10399
ord15002
ord12000
ord5002
ord2913
ord6959
ord8943
ord6112
ord1675
ord14827
ord8531
ord386
ord1175
ord6326
ord7016
ord15893
ord320
ord4478
ord5766
ord14828
ord9990
ord14496
ord10004
ord16471
ord1560
ord8567
ord1064
ord2068
ord1576
ord16776
ord4836
ord963
ord1512
ord8197
ord3839
ord4911
ord10870
ord16339
ord4432
ord4435
ord4438
ord4318
ord4314
ord4310
ord1041
ord16216
ord11209
ord1638
ord1673
ord15141
ord17136
ord5740
ord4431
ord8234
ord6181
ord15506
ord5367
ord2777
ord13355
ord2604
ord17058
ord538
ord1253
ord5624
ord11118
ord15661
ord7648
ord16154
ord6714
ord9764
ord9749
ord3452
ord5646
ord8325
ord1871
ord8907
ord11160
ord1023
ord3929
ord4216
ord14140
ord1547
ord12385
ord12484
ord15193
ord10705
ord13055
ord12827
ord10771
ord13154
ord12979
ord13781
ord13784
ord13782
ord13783
ord7618
ord2999
ord5119
ord12805
ord14094
ord9986
ord2848
ord1089
ord1598
ord5826
ord16863
ord16857
ord7914
ord11894
ord11897
ord9109
ord267
ord4480
ord2618
ord2688
ord2704
ord17019
ord15765
ord5696
ord4814
ord2640
ord14097
ord14147
ord9825
ord14129
ord7159
ord4483
ord2749
ord391
ord1178
ord8222
ord1090
ord10135
ord5331
ord15650
ord16241
ord14518
ord7685
ord17126
ord7686
ord17127
ord7684
ord17125
ord9535
ord14513
ord16915
ord2129
ord13837
ord13838
ord2371
ord13885
ord14136
ord9476
ord15029
ord4747
ord4808
ord11139
ord17051
ord9454
ord17053
ord14523
ord14524
ord2884
ord6440
ord9960
ord5490
ord14942
ord15010
ord12187
ord14137
ord10043
ord1599
ord3021
ord5142
ord10143
ord1039
ord2679
ord2686
ord2558
ord14640
ord15142
ord14338
ord17081
ord15140
ord6718
ord6722
ord6034
ord600
ord6333
ord10185
ord15372
ord14655
ord8362
ord7452
ord1297
ord3818
ord5789
ord263
ord260
ord16889
ord8958
ord8371
ord8581
ord512
ord16443
ord16139
ord3422
ord9868
ord16001
ord6743
ord7479
ord10813
ord4494
ord12780
ord12830
ord13087
ord10934
ord14856
ord6708
ord14629
ord13072
ord10057
ord9113
ord3406
ord15524
ord3089
ord14389
ord14720
ord5612
ord11227
ord3254
ord15046
ord13968
ord5033
ord2932
ord1235
ord4794
ord4745
ord16964
ord6464
ord6454
ord12185
ord12001
ord12485
ord12948
ord12949
ord11104
ord13582
ord11723
ord10949
ord6961
ord8961
ord3324
ord7608
ord5968
ord5967
ord5970
ord5966
ord5965
ord9937
ord11252
ord11267
ord11257
ord11730
ord11734
ord11269
ord13585
ord12932
ord10740
ord12956
ord11792
ord11793
ord8243
ord10963
ord13998
ord13962
ord11208
ord14936
ord3215
ord12927
ord9288
ord13095
ord13098
ord14962
ord2515
ord8597
ord547
ord1259
ord2938
ord5045
ord12257
ord11271
ord3755
ord14054
ord10647
ord10639
ord16042
ord7507
ord8588
ord2787
ord334
ord9690
ord960
ord1689
ord16341
ord1511
ord8585
ord14671
ord2067
ord585
ord6792
ord15595
ord6369
ord14726
ord3905
ord14818
ord14641
ord14163
ord6709
ord554
ord1264
ord5625
ord5647
ord8230
ord8786
ord5559
ord6381
ord8484
ord6915
ord10105
ord4184
ord9746
ord14854
ord6105
ord10162
ord16901
ord14613
ord5654
ord8642
ord8591
ord536
ord1252
ord14401
ord614
ord1306
ord14325
ord17068
ord7115
ord1079
ord16309
ord14674
ord2069
ord1874
ord1873
ord9590
ord14705
ord1590
ord8114
ord877
ord16306
ord14665
ord6028
ord15376
ord2060
ord1868
ord1867
ord9584
ord14699
ord1469
ord15252
ord5084
ord2974
ord2626
ord2778
ord3971
ord7150
ord3043
ord4599
ord16503
ord10609
ord16521
ord9675
ord16684
ord16687
ord5383
ord1960
ord5370
ord10486
ord7544
ord6515
ord10535
ord3430
ord15110
ord9669
ord6161
ord15500
ord6756
ord8252
ord5327
ord16269
ord8248
ord13478

kernel32

GetVersionExA
FreeResource
LoadResource
LockResource
lstrcmpiA
lstrlenA
GetModuleHandleA
GetModuleHandleW
Sleep
lstrcpyA
GetModuleFileNameA
GetProcAddress
LoadLibraryExA
SizeofResource
LoadLibraryA
IsDBCSLeadByte
GetFileAttributesA
lstrcmpA
OpenEventA
FreeLibrary
GetCurrentThreadId
CreateMutexA
ReleaseMutex
InitializeCriticalSectionEx
RaiseException
DecodePointer
GetCommandLineA
CreateDirectoryA
SetCurrentDirectoryA
CopyFileA
DeleteFileA
SetLastError
GetVersion
GetDiskFreeSpaceA
PurgeComm
GetSystemDefaultLangID
FormatMessageA
SetCommTimeouts
SetCommState
GetCommState
SetupComm
ClearCommError
CreateEventA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetOverlappedResult
GetLastError
ReadFile
CloseHandle
WriteFile
CreateFileA
GetLocalTime
GetCPInfo
WideCharToMultiByte
GetTickCount
WaitForSingleObject
ResetEvent
SetEvent
OutputDebugStringA
OutputDebugStringW
FindResourceA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
QueryPerformanceCounter
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
GlobalAlloc
GlobalFree
GetWindowsDirectoryA
WinExec
lstrcatA
ReleaseSemaphore
ResumeThread
RemoveDirectoryA
SetCommMask
WaitCommEvent
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
QueryPerformanceFrequency
TerminateProcess
CreateProcessA
OpenProcess
GetSystemDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
MoveFileA
GetFileInformationByHandle
GetFileSize
MultiByteToWideChar
GetFileType
SetFilePointer
DuplicateHandle
GetCurrentProcess
FileTimeToDosDateTime
FileTimeToSystemTime
SystemTimeToFileTime
SetPriorityClass
WaitForMultipleObjects
CreateSemaphoreA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
VirtualQuery
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead

user32

LoadCursorA
CopyImage
MessageBeep
SetWindowLongA
CopyIcon
keybd_event
GetDlgItem
GetClassNameA
GetNextDlgGroupItem
SetWindowTextA
GetWindowTextA
GetWindowLongA
IsRectEmpty
EqualRect
UnionRect
AdjustWindowRect
GetScrollPos
EnableWindow
InvalidateRect
GetWindowRect
GetParent
GetWindow
GetCapture
ClientToScreen
WindowFromPoint
SetRectEmpty
GetDoubleClickTime
IntersectRect
ClipCursor
GetCursorPos
GetKeyState
IsClipboardFormatAvailable
IsWindow
GetClassInfoA
GetMessagePos
DefWindowProcA
CharNextW
CharNextA
UnregisterClassA
PtInRect
ReleaseCapture
SetCapture
DispatchMessageA
TranslateMessage
wsprintfA
GetIconInfo
DestroyCursor
CreateIconIndirect
OffsetRect
InflateRect
SetCursor
GetDC
IsMenu
PostMessageA
SendMessageA
LoadImageA
SetWindowRgn
ReleaseDC
GetWindowDC
SystemParametersInfoA
PeekMessageA
PostQuitMessage
GetSystemMetrics
GetMenuItemInfoA
DrawTextA
GetSysColor
GetSysColorBrush
FillRect
SetRect
CopyRect
DestroyIcon
SetActiveWindow
DrawIconEx
FindWindowA

gdi32

SetBkColor
SetPixel
SetTextColor
GetDeviceCaps
CreatePalette
GetDIBColorTable
GetStockObject
SetGraphicsMode
SetWorldTransform
SetBkMode
ExtCreateRegion
CreateDCA
SetDIBits
GetPixel
CreateCompatibleBitmap
CreateBitmap
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
CreateDIBSection
SelectObject
GetTextExtentPoint32W
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateHalftonePalette
BitBlt

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegCreateKeyA
RegSetValueExA
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHFileOperationA
SHGetPathFromIDListA
DragFinish
DragQueryFileA
ShellExecuteExA
ShellExecuteA
SHBrowseForFolderA

comctl32

_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathFileExistsA

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoUninitialize

oleaut32

OleLoadPicture
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

ws2_32

htonl
connect
WSAGetLastError
WSACleanup
gethostbyname
shutdown
setsockopt
sendto
select
recvfrom
ntohs
ntohl
listen
closesocket
getsockopt
ioctlsocket
bind
accept
__WSAFDIsSet
WSAStartup
socket
send
recv
inet_addr
htons

msvcp140d

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

gdiplus

GdiplusShutdown

winmm

timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
PlaySoundA
timeKillEvent

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

vcruntime140d

__std_type_info_destroy_list
__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
_except_handler4_common
strrchr
strchr
_purecall
memcmp
memcpy
memset
strstr
__CxxFrameHandler3
memmove
_CxxThrowException
__RTDynamicCast

ucrtbased

__stdio_common_vsprintf
atof
atoi
atol
_CrtDbgReportW
strcpy_s
rand
_invalid_parameter_noinfo
_errno
wcscmp
wcscpy
wcslen
free
malloc
_CrtDbgReport
strcpy
_mbsnbcpy
_localtime64
_time64
strcat
strncpy
__stdio_common_vsscanf
_itoa
pow
strftime
_invalid_parameter
cos
sin
__stdio_common_vsnprintf_s
labs
srand
sqrt
_localtime64_s
_mktime64
fabs
strcmp
atan2
wcsncpy_s
strcat_s
_mbsnbcpy_s
_mbsstr
_recalloc
_resetstkoflw
ldiv
system
_mbscmp
strtoul
strtol
fclose
fopen
fread
__stdio_common_vswprintf_s
ftell
_beginthreadex
strtod
___mb_cur_max_func
mbtowc
wctomb
__stdio_common_vfprintf
strncat
strncmp
_isnan
_gmtime64
_read
_setmode
_write
atan
abs
isalpha
isupper
islower
isdigit
isalnum
_stricmp
__acrt_iob_func
_ltoa
_ultoa
iscntrl
_ismbblead
calloc
_tzset
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
__stdio_common_vsprintf_s
_except1
terminate
_seh_filter_exe
_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_wmakepath_s
_wsplitpath_s
_controlfp_s
_setmbcp
strlen
wcscpy_s
fseek

Sections

.textbss
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0c02c66baa29c6430b6fcb5f8b709a8

Headers

DLL Characteristics

File Characteristics

Imports

mfc140d

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

msvcp140d

gdiplus

winmm

version

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 2.1MB

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 503KB - Virtual size: 503KB

.data Size: 28KB - Virtual size: 3.1MB

.idata Size: 26KB - Virtual size: 26KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 260KB - Virtual size: 260KB

.textbss
Size: - Virtual size: 2.1MB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 503KB - Virtual size: 503KB

.data
Size: 28KB - Virtual size: 3.1MB

.idata
Size: 26KB - Virtual size: 26KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 260KB - Virtual size: 260KB