c09a9f6c948ae583b8c5f3b46ea733bf98e0802242d281670d77e8e7d6c0cf9b

Sharing

Copy URL

Twitter E-mail

General

Target

c09a9f6c948ae583b8c5f3b46ea733bf98e0802242d281670d77e8e7d6c0cf9b
Size

3.0MB
MD5

e3a5dadcfa6fa20eeceed698e8c8fb07
SHA1

cfa11f67b2da9016c156d5d4fcf6f48cbdf34238
SHA256

c09a9f6c948ae583b8c5f3b46ea733bf98e0802242d281670d77e8e7d6c0cf9b
SHA512

b38bb5556435c52c0b5d8b9fe74ff2de087c4f0a69bd8c25c46173cea7d01c552efbb3f0e266a7b4890b1fb73f276fa307a80c3e3458e126ec8156b688512a53
SSDEEP

49152:fceJOrwQQdIn9as1gTAFUbpwGZN7DdkeHz8S:kRwJdI7UbpwGZN7DdkeHz8S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c09a9f6c948ae583b8c5f3b46ea733bf98e0802242d281670d77e8e7d6c0cf9b

Files

c09a9f6c948ae583b8c5f3b46ea733bf98e0802242d281670d77e8e7d6c0cf9b
.exe windows:6 windows x86

cc49c2b0d05996bdef6cdf4472fa744e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeBeginPeriod

mpiwin32

MPI_SubmitPasswordEx
MPI_ErasePassword
MPI_SetChannel
MPI_SearchFirst
MPI_Open
MPI_Close
MPI_ReadID
MPI_ReadMem
MPI_EraseEncryptionKey
MPI_SubmitPassword

libusb-1.0

libusb_bulk_transfer
libusb_control_transfer
libusb_clear_halt
libusb_set_interface_alt_setting
libusb_release_interface
libusb_claim_interface
libusb_get_device
libusb_close
libusb_open
libusb_get_port_numbers
libusb_get_bus_number
libusb_get_device_descriptor
libusb_free_device_list
libusb_get_device_list
libusb_error_name
libusb_init
libusb_exit

mfc140u

ord12531
ord14466
ord11982
ord11983
ord2034
ord12027
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12541
ord12542
ord2486
ord5357
ord8324
ord4589
ord12865
ord12247
ord8386
ord1472
ord7653
ord8470
ord2205
ord13964
ord5961
ord14131
ord13028
ord277
ord14259
ord2011
ord2010
ord12612
ord8345
ord7125
ord1691
ord14403
ord6795
ord8031
ord484
ord1131
ord898
ord6489
ord358
ord13086
ord13293
ord8811
ord8365
ord4649
ord14328
ord13544
ord7165
ord3190
ord3347
ord13646
ord5813
ord6977
ord7509
ord882
ord1652
ord1548
ord2520
ord3954
ord450
ord13087
ord14047
ord1108
ord362
ord1068
ord6973
ord6955
ord6570
ord3175
ord3342
ord4223
ord1162
ord9130
ord974
ord14604
ord12348
ord4735
ord4715
ord8177
ord5583
ord1144
ord503
ord12367
ord2885
ord14606
ord12351
ord5886
ord13048
ord12754
ord11962
ord6328
ord5514
ord6555
ord14416
ord14364
ord3846
ord2996
ord1524
ord12559
ord5109
ord1653
ord14407
ord2991
ord1534
ord309
ord12784
ord5512
ord494
ord2378
ord3681
ord3809
ord9128
ord1070
ord3872
ord2993
ord8744
ord4222
ord3147
ord6497
ord2458
ord8482
ord1353
ord822
ord5669
ord2405
ord1547
ord2752
ord884
ord3635
ord4485
ord4886
ord3691
ord3807
ord1142
ord12586
ord500
ord321
ord2396
ord2477
ord14405
ord8712
ord291
ord281
ord294
ord14419
ord4666
ord1698
ord1532
ord314
ord12562
ord5118
ord3849
ord9377
ord13103
ord3806
ord12921
ord1405
ord3359
ord3237
ord6801
ord1176
ord3344
ord3186
ord6585
ord7107
ord8754
ord3773
ord5984
ord9132
ord1180
ord4225
ord8062
ord13656
ord13654
ord6589
ord5580
ord6316
ord4093
ord1143
ord501
ord6225
ord2256
ord9131
ord1179
ord2753
ord14573
ord3874
ord2994
ord7377
ord4224
ord7027
ord3189
ord6588
ord11905
ord13936
ord6884
ord4477
ord4499
ord2562
ord3677
ord3696
ord3805
ord4881
ord4882
ord261
ord14657
ord12405
ord12429
ord6956
ord8360
ord14411
ord14417
ord4664
ord4663
ord1687
ord1693
ord1692
ord1689
ord1526
ord1523
ord285
ord3009
ord14320
ord5884
ord5074
ord4323
ord4817
ord5922
ord1700
ord1533
ord306
ord310
ord300
ord305
ord316
ord3010
ord6751
ord2383
ord266
ord14451
ord954
ord6501
ord8000
ord976
ord8464
ord4834
ord8719
ord280
ord8182
ord2389
ord2385
ord1046
ord5075
ord2304
ord2215
ord9126
ord1066
ord4219
ord3145
ord6490
ord7493
ord12131
ord6218
ord13752
ord2760
ord9210
ord12172
ord1111
ord9040
ord11015
ord11396
ord10472
ord4092
ord458
ord3403
ord3404
ord3164
ord6531
ord6129
ord6220
ord13756
ord3305
ord3302
ord10255
ord8210
ord2761
ord1476
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord3833
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord5790
ord9693
ord4494
ord3055
ord2750
ord14590
ord7923
ord14596
ord14507
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord995
ord6860
ord1072
ord12037
ord366
ord8756
ord5918
ord6864
ord7327
ord5778
ord1368
ord11363
ord11212
ord11217
ord6877
ord11717
ord14234
ord8817
ord13703
ord5935
ord14137
ord5422
ord2682
ord12124
ord3941
ord3371
ord3372
ord3265
ord12168
ord1002
ord5249
ord5549
ord5760
ord9350
ord5525
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord9209
ord3697
ord3816
ord6486
ord3882
ord8072
ord13648
ord5852
ord8067
ord5850
ord2307
ord3852
ord1475
ord12239
ord12248
ord4591
ord8217
ord10434
ord12251
ord12219
ord12929
ord1000
ord7440
ord3957
ord1078
ord9527
ord376
ord12088
ord9226
ord6876
ord2681
ord10048
ord10047
ord11146
ord9011
ord11122
ord11746
ord8913
ord8923
ord10509
ord2522
ord6566
ord2246
ord1525
ord2990
ord5921
ord11118
ord9526
ord9991
ord9986
ord9514
ord293
ord286
ord7860
ord9524
ord9509
ord11279
ord11276
ord8304
ord7505
ord11540
ord9175
ord2899
ord10402
ord11495
ord12081
ord11972
ord1449
ord9237
ord14678
ord12102
ord4587
ord973
ord3843
ord12177
ord5369
ord11795
ord11800
ord9213
ord4815
ord1045
ord290
ord296
ord8209
ord1151
ord9352
ord8831
ord5955
ord1663
ord265
ord1511
ord1513
ord11430
ord4495
ord11222
ord2557
ord5938
ord13707
ord5939
ord13709
ord13700
ord4076
ord3840
ord2614

kernel32

GetExitCodeThread
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateDirectoryW
DeleteFileW
GetTempFileNameW
ReleaseMutex
GetLocalTime
lstrcpyW
CopyFileW
RaiseException
GetCurrentThreadId
ResumeThread
WideCharToMultiByte
VerSetConditionMask
SetThreadPriority
GetThreadPriority
GetFileAttributesW
VerifyVersionInfoW
FreeLibrary
LoadLibraryW
lstrlenW
CreateMutexW
OpenEventW
CreateProcessW
GetModuleHandleW
LocalAlloc
LocalFree
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
GetCurrentThread
GetCurrentProcessId
CreateEventW
OpenMutexW
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
Sleep
SleepEx
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
FindResourceW
LockResource
LoadResource
GetProcAddress
OutputDebugStringW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetLastError

user32

DrawIconEx
CopyRect
SetRect
FrameRect
GetSysColor
GetSystemMetrics
GetKeyState
InvalidateRect
PtInRect
EnumThreadWindows
MessageBoxW
GetWindowRect
BringWindowToTop
ShowWindow
AttachThreadInput
BroadcastSystemMessageW
RegisterWindowMessageW
TranslateMessage
GetMessageW
MessageBoxA
SetForegroundWindow
GetWindowThreadProcessId
TrackPopupMenu
GetSubMenu
DestroyMenu
LoadMenuW
OemToCharA
RegisterClipboardFormatW
KillTimer
SetTimer
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDialogMessageW
FindWindowW
IsWindowVisible
IsChild
PostQuitMessage
PostThreadMessageW
PostMessageW
RegisterDeviceNotificationW
PeekMessageW
DispatchMessageW
LoadIconW
GetClientRect
IsWindow
LoadCursorW
SetCursor
RedrawWindow
ReleaseDC
GetDC
UpdateWindow
SetFocus
LoadBitmapW
SetWindowLongW
GetWindowLongW
EnableWindow
SetWindowPos
SendMessageW
GetForegroundWindow

gdi32

SelectObject
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
GetBkColor

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw

shlwapi

PathFileExistsW

ole32

CoTaskMemFree

oleaut32

VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SysFreeString

msvcp140

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??1ios_base@std@@UAE@XZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?rdstate@ios_base@std@@QBEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Xinvalid_argument@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

ws2_32

WSAGetLastError
WSAStartup
inet_addr
bind
closesocket
connect
ioctlsocket
htonl
htons
recv
select
WSASetLastError
gethostbyname
socket
send

vcruntime140

_except_handler4_common
__RTDynamicCast
__CxxFrameHandler3
memmove
_CxxThrowException
memcpy
memset
_purecall
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__std_type_info_name
__vcrt_InitializeCriticalSectionEx

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
feof
fgetc
__acrt_iob_func
fread
ferror
ftell
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vfprintf
__p__commode
_get_stream_buffer_pointers
fgetpos
fsetpos
setvbuf
ungetc
fseek
fopen
_ftelli64
_wfopen
fgets
_set_fmode
fclose
fwrite
fflush
fputc
_fseeki64

api-ms-win-crt-math-l1-1-0

_libm_sse2_tan_precise
ceil
_libm_sse2_sqrt_precise
floor
_libm_sse2_sin_precise
_libm_sse2_pow_precise
log2
_except1
_libm_sse2_log_precise
_libm_sse2_exp_precise
_libm_sse2_cos_precise
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_CIfmod
_CIatan2
_hypot
frexp
_dtest
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo
_set_app_type
_seh_filter_exe
_errno
_controlfp_s
exit
terminate
_cexit
_c_exit
_crt_atexit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

tolower
_strnicmp
toupper
isalpha
_strdup
isspace
strncpy
strncat
_strupr
isalnum
strncmp
_wcsdup

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
remove
_unlock_file
_wfindfirst64i32
_lock_file
rename
_findclose
_wsplitpath
_wremove
_wfindnext64i32
_splitpath

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_aligned_malloc
_aligned_free
realloc
malloc
free

api-ms-win-crt-environment-l1-1-0

_wgetenv
getenv

api-ms-win-crt-convert-l1-1-0

wcstoul
wcstod
strtol
_wtof
atoi
wcstombs
strtod
strtoll
strtoul
strtoull
_wtoi

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_ftime64
_localtime64
_difftime64
asctime
_time64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

ldiv
rand
srand

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 632KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc49c2b0d05996bdef6cdf4472fa744e

Headers

DLL Characteristics

File Characteristics

Imports

winmm

mpiwin32

libusb-1.0

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 718KB - Virtual size: 717KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 632KB - Virtual size: 4.4MB

.gfids Size: 512B - Virtual size: 76B

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 417KB - Virtual size: 417KB

.text
Size: 718KB - Virtual size: 717KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 632KB - Virtual size: 4.4MB

.gfids
Size: 512B - Virtual size: 76B

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 417KB - Virtual size: 417KB