cf0aa7c81474324f0b9cc99f2d6ca86a539584a3844fec1e55ae590107897332

Sharing

Copy URL Twitter E-mail

General

Target

cf0aa7c81474324f0b9cc99f2d6ca86a539584a3844fec1e55ae590107897332
Size

862KB
MD5

a0b0c08de40d5d26f70b5acec067d88d
SHA1

88cd9cdfdd3a252bcb7310ed41231587403be317
SHA256

cf0aa7c81474324f0b9cc99f2d6ca86a539584a3844fec1e55ae590107897332
SHA512

8c588da683e874e41094f73394e167869130ab0d3bf6f48a6afa240e45fac7b3ec184d7a350dbe9ba844b7f1ce2ee93a131a37ada0505456991b40dec42a6f28
SSDEEP

12288:diDFTxp1BYKkgKMArW3O6tatfvocJK+9Qk0W9lKu3:EDF1p1BbkgDGvo5qQNW9f3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf0aa7c81474324f0b9cc99f2d6ca86a539584a3844fec1e55ae590107897332

Files

cf0aa7c81474324f0b9cc99f2d6ca86a539584a3844fec1e55ae590107897332
.exe windows:5 windows x86

2db1c988257b9c2dc8c24202ef10e79d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90u

ord1719
ord2283
ord778
ord1503
ord2904
ord2728
ord3962
ord4295
ord1745
ord797
ord899
ord4543
ord2592
ord6311
ord6065
ord290
ord1607
ord285
ord3220
ord4519
ord4405
ord935
ord6013
ord277
ord2676
ord6164
ord4494
ord2504
ord5939
ord2326
ord3537
ord1137
ord2593
ord4410
ord4541
ord6187
ord4518
ord6170
ord2069
ord3953
ord5342
ord3486
ord1353
ord6091
ord3498
ord3236
ord5166
ord4630
ord5851
ord4442
ord636
ord6574
ord367
ord4530
ord744
ord524
ord748
ord2141
ord533
ord2222
ord531
ord2694
ord938
ord4582
ord4351
ord1533
ord6699
ord2479
ord4905
ord5979
ord795
ord590
ord3853
ord6595
ord2656
ord750
ord4670
ord6426
ord1584
ord5658
ord6630
ord4451
ord3665
ord3282
ord791
ord4270
ord6349
ord779
ord585
ord576
ord3496
ord4687
ord5624
ord2071
ord4431
ord2652
ord980
ord6382
ord6380
ord3232
ord4731
ord5452
ord5449
ord2080
ord1733
ord4126
ord788
ord5619
ord663
ord1552
ord5770
ord5535
ord404
ord4207
ord6577
ord996
ord570
ord3819
ord664
ord6813
ord3399
ord3014
ord2209
ord3360
ord405
ord6424
ord6181
ord1726
ord2189
ord2341
ord3515
ord6338
ord4720
ord3167
ord4171
ord4013
ord4965
ord2907
ord6273
ord640
ord5451
ord5076
ord4660
ord4721
ord4765
ord377
ord3516
ord2137
ord5611
ord5652
ord6794
ord5595
ord6409
ord1427
ord1423
ord5424
ord1432
ord1492
ord2265
ord2269
ord2288
ord2297
ord2289
ord2078
ord4396
ord5802
ord4320
ord4614
ord6524
ord1676
ord6807
ord4001
ord3799
ord646
ord384
ord995
ord3032
ord3332
ord5833
ord6033
ord1570
ord3365
ord4746
ord4889
ord4892
ord1182
ord3396
ord1226
ord1115
ord3627
ord1708
ord1779
ord3456
ord1064
ord589
ord3670
ord3115
ord6018
ord5663
ord5680
ord4996
ord4347
ord5676
ord5674
ord3217
ord2087
ord4213
ord5830
ord6741
ord5548
ord1048
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4423
ord4448
ord794
ord2447
ord4441
ord6482
ord1098
ord4043
ord4897
ord2232
ord5867
ord1868
ord2263
ord2097
ord3778
ord619
ord4717
ord553
ord3630
ord757
ord6513
ord6169
ord343
ord1222
ord5502
ord2487
ord3422
ord6830
ord3858
ord2431
ord4278
ord6094
ord3057
ord4527
ord3859
ord5947
ord4250
ord3995
ord785
ord3661
ord3278
ord4663
ord1722
ord1786
ord2286
ord4268
ord937
ord3948
ord588
ord1441
ord5294
ord5297
ord5210
ord5020
ord4599
ord4590
ord793
ord4042
ord4896
ord374
ord296
ord580
ord639
ord782
ord775
ord1783
ord1716
ord3651
ord654
ord3528
ord611
ord2274
ord1665
ord4652
ord3489
ord2597
ord1144
ord811
ord1248
ord1599
ord6604
ord4324
ord6579
ord4741
ord669
ord413
ord3818
ord813
ord4006
ord2360
ord5016
ord4131
ord2478
ord286
ord2537
ord909
ord600
ord1938
ord2643
ord2644
ord2647
ord2646
ord2645
ord4109
ord4866
ord4865
ord5224
ord4622
ord5214
ord4809
ord5418
ord4589
ord4596
ord5209
ord4807
ord4823
ord4820
ord4802
ord4805
ord4800
ord5296
ord1680
ord4693
ord615
ord2103
ord1601
ord4510
ord2277
ord1667
ord3355
ord6411
ord1754
ord1751
ord4345
ord1493
ord4654
ord5602
ord2074
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord3654
ord1354
ord2106
ord1183
ord3543
ord450
ord4012
ord5618
ord5448
ord1697
ord4985
ord5354
ord2445
ord2079
ord2860
ord5447
ord4730
ord4553
ord3233
ord5338
ord3229
ord6379
ord3230
ord6381
ord981
ord5803
ord3287
ord2651
ord2650
ord4430
ord1681
ord4344
ord5598
ord2070
ord5657
ord2369
ord1380
ord4697
ord6375
ord3225
ord2138
ord4685
ord670
ord3852
ord4000
ord2901
ord5653
ord5008
ord4516
ord4774
ord814
ord933
ord3185
ord280
ord6514
ord5632
ord4631
ord5167
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord5320
ord6408
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord3286
ord4080
ord4081
ord4071
ord595
ord799
ord5654
ord4773
ord2227
ord4682
ord5293
ord4378
ord3354
ord6410
ord4664
ord5601
ord3681
ord2340
ord1440
ord2891
ord4348

msvcr90

_amsg_exit
swscanf
_wtoi
wcstod
memcpy
isalnum
toupper
swscanf_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
__CxxFrameHandler3
isprint
isxdigit
free
_wcsdup
_wcsicmp
wcsrchr
isdigit

kernel32

GetTickCount
CreateFileW
LoadLibraryA
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
SetupComm
SetCommTimeouts
GetCommState
SetCommState
WriteFile
ReadFile
PurgeComm
Sleep
ClearCommError
lstrcpynW
lstrcpyW
FormatMessageW
LocalFree
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
MulDiv
GetLastError
GetProcAddress
LoadLibraryW
CloseHandle

user32

BeginDeferWindowPos
EndDeferWindowPos
GetWindowLongW
GetClassLongW
wsprintfW
GetSysColorBrush
GetDCEx
ClientToScreen
IsChild
UpdateWindow
GetWindow
ReleaseCapture
GetCursorPos
SetCapture
ScreenToClient
GetClientRect
IsWindow
GetKeyState
GetParent
PtInRect
IsRectEmpty
LoadCursorW
FillRect
InflateRect
SystemParametersInfoW
ReleaseDC
IsWindowVisible
GetDC
GetWindowRect
OffsetRect
SetRect
CopyRect
GetDlgCtrlID
GetSysColor
RedrawWindow
GetFocus
PostMessageW
SendMessageW
EnableWindow

gdi32

AbortDoc
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
PatBlt
EnumFontFamiliesW
GetTextColor
GetTextMetricsW
EndDoc
EndPage
StartPage
StartDocW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateFontW

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA

oleaut32

VarDecMul
VarDecFromR8
VarDecDiv
VarR8FromDec

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2db1c988257b9c2dc8c24202ef10e79d

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

oleaut32

Sections

.text Size: 259KB - Virtual size: 259KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 2KB - Virtual size: 32KB

.rsrc Size: 518KB - Virtual size: 518KB

.text
Size: 259KB - Virtual size: 259KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 2KB - Virtual size: 32KB

.rsrc
Size: 518KB - Virtual size: 518KB