d1c14be09e7bb8b49b1e8a05988f3b0c95189c4b0ade8c84d1797fdecd2e8a41

Sharing

Copy URL Twitter E-mail

General

Target

d1c14be09e7bb8b49b1e8a05988f3b0c95189c4b0ade8c84d1797fdecd2e8a41
Size

2.5MB
MD5

e60ccf095f6616ab96bdd71834279e30
SHA1

6025eb550b329e1a9a038ab5105c9ed0fd367ace
SHA256

d1c14be09e7bb8b49b1e8a05988f3b0c95189c4b0ade8c84d1797fdecd2e8a41
SHA512

2584462db494bca967a851d70a7788524672591c94243177bfbd66c93002e3473319daaaa688991686ee692e693da3a126cc704ec365375f22405e9cddd9b918
SSDEEP

49152:YazFQbSQbs/fzQBY6vMVnYZvEF0cn1Ct4p6km8e4:YazFQbSQbs/fzQjkVnYZv/cn1CtzT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1c14be09e7bb8b49b1e8a05988f3b0c95189c4b0ade8c84d1797fdecd2e8a41

Files

d1c14be09e7bb8b49b1e8a05988f3b0c95189c4b0ade8c84d1797fdecd2e8a41
.exe windows:6 windows x86

5e28a692d9d88d2b5c9668e4162e1f8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileAttributesW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
WideCharToMultiByte
LocalFree
FormatMessageA
GetLocaleInfoEx
DecodePointer
InitializeCriticalSectionEx
Sleep
UnmapViewOfFile
GetLocalTime
MapViewOfFile
CreateFileMappingA
GetFileInformationByHandle
FileTimeToSystemTime
SetFileTime
GetFileAttributesA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
WinExec
CreateThread
RemoveDirectoryA
SetFileAttributesA
GetTickCount
CreateProcessA
Beep
lstrcpyA
FreeResource
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceA
MultiByteToWideChar
CopyFileA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
ReadFile
GetFileSize
CreateFileA
WaitForSingleObject
GetCommandLineW
CreateMutexA
DeleteFileA
GetDriveTypeA
GetLogicalDrives
GetModuleFileNameA
lstrlenA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
OutputDebugStringA

mfc140

ord13677
ord3298
ord3295
ord8173
ord2758
ord14699
ord10237
ord10239
ord10238
ord10236
ord10240
ord5631
ord11671
ord11672
ord9096
ord12032
ord3830
ord11881
ord14502
ord8922
ord12115
ord6947
ord10950
ord9213
ord3259
ord6193
ord3159
ord3395
ord3396
ord4084
ord10421
ord11343
ord10963
ord8997
ord12074
ord7459
ord6768
ord6463
ord6464
ord9166
ord6104
ord12163
ord9083
ord2759
ord13681
ord6195
ord2407
ord2241
ord3140
ord4210
ord6461
ord4209
ord7619
ord2387
ord2383
ord6798
ord3240
ord3354
ord9192
ord12116
ord7461
ord6806
ord9092
ord3250
ord4227
ord7474
ord9183
ord5507
ord3174
ord12047
ord2678
ord6847
ord9646
ord12122
ord3297
ord13679
ord6194
ord8266
ord11222
ord11225
ord9463
ord9478
ord9468
ord9940
ord9944
ord9480
ord11065
ord5192
ord12963
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord1751
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord9647
ord4485
ord3050
ord14510
ord14040
ord12960
ord14029
ord8838
ord14032
ord13619
ord6540
ord6460
ord6505
ord9167
ord13966
ord13230
ord13028
ord3874
ord316
ord4807
ord1661
ord2298
ord1044
ord2520
ord2518
ord13011
ord3825
ord1109
ord450
ord4640
ord1106
ord265
ord8776
ord460
ord458
ord459
ord2210
ord14048
ord4870
ord1000
ord1472
ord1064
ord1458
ord8732
ord13475
ord362
ord12969
ord1066
ord13234
ord2022
ord14461
ord3856
ord358
ord4162
ord898
ord13027
ord8770
ord8326
ord983
ord11580
ord4865
ord7783
ord8146
ord8426
ord1507
ord7078
ord5401
ord4468
ord5898
ord305
ord14238
ord5861
ord3005
ord1111
ord1431
ord3689
ord462
ord5398
ord13407
ord14421
ord310
ord12706
ord13820
ord503
ord4705
ord4725
ord8140
ord5565
ord1142
ord300
ord7120
ord14242
ord1443
ord11489
ord6942
ord9422
ord1166
ord993
ord1468
ord2200
ord306
ord5011
ord5010
ord5013
ord5009
ord5008
ord533
ord1526
ord301
ord5095
ord12503
ord4655
ord8322
ord5059
ord1696
ord1693
ord4656
ord8718
ord8717
ord1529
ord8679
ord5096
ord3139
ord13883
ord2381
ord9332
ord14149
ord2986
ord2251
ord8713
ord974
ord1447
ord1692
ord963
ord3007
ord2892
ord14054
ord1438
ord3839
ord890
ord1389
ord10986
ord12863
ord4476
ord311
ord8782
ord7107
ord514
ord968
ord1444
ord1149
ord9258
ord13556
ord12045
ord14328
ord14334
ord13198
ord1403
ord14044
ord4315
ord13003
ord7887
ord14508
ord6848
ord11663
ord13628
ord10207
ord8182
ord13036
ord12808
ord12894
ord12521
ord12501
ord13699
ord13202
ord6502
ord6785
ord3351
ord3231
ord6774
ord7471
ord10353
ord11442
ord4578
ord3835
ord5348
ord11741
ord11746
ord9307
ord8789
ord5931
ord11377
ord5914
ord13632
ord5915
ord13634
ord1783
ord12403
ord6105
ord5018
ord5017
ord8358
ord3169
ord8172
ord12024
ord12120
ord4486
ord2555
ord9194
ord13625
ord5910
ord9170
ord8429
ord8347
ord12806
ord8285
ord5336
ord2484
ord12484
ord12485
ord14509
ord7886
ord14507
ord9353
ord4143
ord4082
ord12888
ord7905
ord2027
ord11927
ord11928
ord14380
ord12474
ord7964
ord14581
ord6322
ord14583
ord6324
ord14582
ord6323
ord3844
ord5894
ord12182
ord12190
ord4580
ord8180
ord10383
ord12194
ord12162
ord12869
ord5742
ord10202
ord6831
ord7618
ord10330
ord8785
ord4045
ord2549
ord8784
ord10803
ord11604
ord10234
ord11550
ord10687
ord11624
ord11839
ord11128
ord9437
ord10932
ord11115
ord11623
ord9455
ord9454
ord9218
ord11112
ord11552
ord8961
ord10802
ord10264
ord11680
ord10201
ord10301
ord11679
ord11191
ord10228
ord9442
ord9993
ord11827
ord10355
ord11471
ord10276
ord10268
ord11429
ord6911
ord7751
ord10001
ord10000
ord11094
ord8968
ord11070
ord9483
ord11692
ord8869
ord8877
ord10453
ord5911
ord2680
ord12067
ord3933
ord3364
ord3363
ord3258
ord12111
ord5228
ord5528
ord5739
ord9305
ord5504
ord5769
ord5231
ord5390
ord5210
ord7687
ord7688
ord7677
ord5388

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??Bios_base@std@@QBE_NXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

vcruntime140

__std_terminate
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
memmove
__CxxExceptionFilter
__current_exception
__FrameUnwindFilter
strstr
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxQueryExceptionSize

api-ms-win-crt-stdio-l1-1-0

ungetc
fgets
fgetc
fread
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
__stdio_common_vsprintf
_set_fmode
fputc
fseek
fopen
fclose
fopen_s
ftell
fwrite
_get_stream_buffer_pointers
__stdio_common_vsscanf
__stdio_common_vfprintf
__acrt_iob_func
__p__commode

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
calloc
free
_recalloc
realloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
abort
_register_onexit_function
_invalid_parameter_noinfo_noreturn
exit
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_exit
_controlfp_s
_invalid_parameter_noinfo
_errno
terminate
_initialize_onexit_table
_cexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
_setmbcp

user32

SetForegroundWindow
InsertMenuA
CreatePopupMenu
GetCursorPos
DefWindowProcA
LoadIconA
ShowWindow
FindWindowA
AdjustWindowRectEx
MessageBoxW
IsWindow
RedrawWindow
SetWindowLongA
LoadMenuA
GetSysColor
TrackPopupMenuEx
GetSubMenu
UnregisterClassA
CallNextHookEx
IsIconic
SetCursor
DestroyMenu
DestroyCursor
LoadCursorW
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
DrawStateA
CreateIconIndirect
GetIconInfo
GetDC
SendMessageA
DestroyIcon
EnableWindow
LoadImageA
ReleaseDC
GetWindowDC
InvalidateRect
GetClientRect
DrawIcon
DrawTextExA
LoadIconW
CreateIconFromResource
wsprintfA
GetSystemMetrics
TrackPopupMenu
DestroyWindow
PeekMessageA
PostQuitMessage
TabbedTextOutA
GetWindowLongA
GetDesktopWindow
GrayStringA
GetWindowRect
PostMessageA
DrawTextA
SetWindowRgn

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantCopy
SysFreeString

gdi32

SelectObject
GetDIBits
CreateRectRgn
CombineRgn
GetStockObject
CreateBitmap
SetBkColor
SetTextColor
StretchBlt
GetPixel
SetPixel
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
BitBlt
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
DeleteObject
DeleteDC

advapi32

RegQueryValueExA

shell32

Shell_NotifyIconA
ShellExecuteExA
CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

comctl32

_TrackMouseEvent
ord412
ord413
ord410

urlmon

URLDownloadToFileA

winmm

PlaySoundA

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetSetOptionA
InternetOpenA
FindCloseUrlCache
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp

api-ms-win-crt-convert-l1-1-0

atof
strtol
atoi
atol

api-ms-win-crt-filesystem-l1-1-0

rename
remove
_unlock_file
_access
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

srand
rand

mscoree

_CorExeMain

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e28a692d9d88d2b5c9668e4162e1f8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mfc140

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

oleaut32

gdi32

advapi32

shell32

ole32

comctl32

urlmon

winmm

wininet

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

mscoree

Sections

.text Size: 187KB - Virtual size: 186KB

.rdata Size: 486KB - Virtual size: 485KB

.data Size: 16KB - Virtual size: 61KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 187KB - Virtual size: 186KB

.rdata
Size: 486KB - Virtual size: 485KB

.data
Size: 16KB - Virtual size: 61KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 12KB - Virtual size: 11KB