3ca8106d794566f0bb2e011d7d3dd318244e2952f2ffdb4910bf08ccb006b490

Sharing

Copy URL Twitter E-mail

General

Target

3ca8106d794566f0bb2e011d7d3dd318244e2952f2ffdb4910bf08ccb006b490
Size

564KB
MD5

de4592358e3604a53420190e102781d1
SHA1

07609e8c180b01a1a298f6ad02ceee6076acb4c7
SHA256

3ca8106d794566f0bb2e011d7d3dd318244e2952f2ffdb4910bf08ccb006b490
SHA512

24fcc662e765e268febec7c21f2c686c717408f1d4cc77c22cf42bf8ddb7f4770e938dda3c92ed43955b5961598b22f0862b2acbc9bf160342c8c0e0aa17e1c5
SSDEEP

6144:cGLwjzD4ubCf7pHLKz6/bWG2ABCe7fGbq8cYWrBvntix7MeQ4ZS5gSUgSJeNogbT:7wHDwNP/N2g7+bgmo4w5g/eNoFM3Mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ca8106d794566f0bb2e011d7d3dd318244e2952f2ffdb4910bf08ccb006b490

Files

3ca8106d794566f0bb2e011d7d3dd318244e2952f2ffdb4910bf08ccb006b490
.exe windows:4 windows x86

5d7f7cfbc776844dfd3e806a9c5e28fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA
timeGetTime

mfc42

ord2438
ord2863
ord1200
ord1644
ord686
ord384
ord3571
ord2096
ord5953
ord3097
ord6880
ord6215
ord6199
ord3092
ord3089
ord809
ord556
ord2864
ord1088
ord2431
ord2122
ord2639
ord2289
ord2370
ord6334
ord939
ord4277
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2301
ord2302
ord2642
ord2727
ord6467
ord2730
ord2729
ord3353
ord4622
ord3579
ord290
ord614
ord6877
ord665
ord1979
ord5773
ord3318
ord5442
ord5186
ord354
ord2086
ord668
ord3181
ord4058
ord2781
ord2770
ord356
ord940
ord941
ord5856
ord4202
ord3706
ord2859
ord1862
ord816
ord5789
ord562
ord2450
ord3920
ord2971
ord5785
ord2380
ord4083
ord5787
ord283
ord812
ord5862
ord2763
ord559
ord5683
ord1168
ord6358
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord815
ord561
ord539
ord5500
ord6354
ord5716
ord5717
ord2621
ord1134
ord1199
ord1205
ord2725
ord6385
ord1816
ord3610
ord656
ord2135
ord818
ord2116
ord1105
ord4160
ord3874
ord5981
ord6605
ord6378
ord6197
ord6380
ord6662
ord6178
ord2822
ord3811
ord1206
ord1223
ord446
ord743
ord603
ord1969
ord6400
ord273
ord1871
ord6571
ord5460
ord2740
ord2801
ord772
ord6142
ord500
ord5860
ord5606
ord1949
ord4034
ord1175
ord6270
ord3654
ord2584
ord4220
ord2764
ord926
ord4278
ord5710
ord924
ord922
ord6663
ord4129
ord2915
ord2860
ord2862
ord640
ord4275
ord567
ord795
ord3721
ord4424
ord3402
ord5290
ord1776
ord6055
ord4299
ord4476
ord1146
ord3626
ord3663
ord2379
ord470
ord323
ord1640
ord2405
ord755
ord4710
ord2414
ord1768
ord5875
ord4234
ord324
ord1641
ord641
ord3573
ord3619
ord3597
ord4425
ord5861
ord6883
ord6143
ord1601
ord798
ord5465
ord5194
ord533
ord5450
ord6394
ord5440
ord6383
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord1799
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord823
ord858
ord535
ord2614
ord860
ord540
ord2818
ord800
ord825
ord537
ord5572
ord1576
ord2622
ord4226
ord4003

msvcrt

sscanf
fputs
fclose
strncpy
fgets
sprintf
time
srand
rand
fopen
_snprintf
strrchr
_mbsicmp
_mbsrchr
__CxxFrameHandler
_purecall
_mbscmp
fread
ftell
fseek
free
atol
fwrite
strstr
localtime
_mbslen
_mbsnbcat
_mbsnbcpy
toupper
atoi
fprintf
_mkdir
malloc
wcsncpy
_getcwd
wcsrchr
__p___argv
__p___argc
strtok
_strtime
memmove
_stricmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_setmbcp
_snwprintf
wcslen
_mbsinc
strlen
memset
memcpy
_strdup
_ftol
_ltoa

kernel32

LoadLibraryA
OutputDebugStringA
GetProcAddress
FreeLibrary
SetLastError
ReadFile
CreateEventA
WriteFile
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetLastError
GetModuleHandleA
CreateEventW
GetCurrentProcess
SearchPathW
DuplicateHandle
CreateProcessW
WaitForSingleObject
TerminateProcess
GetPrivateProfileIntW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
CloseHandle
MoveFileA
DeleteFileA
GlobalUnlock
GlobalLock
GlobalAlloc
SetCurrentDirectoryA
GetVersionExA
GetTickCount
MulDiv
MultiByteToWideChar
GetPrivateProfileIntA
GetModuleFileNameW
SetUnhandledExceptionFilter
GetPrivateProfileStringA
ResumeThread
CreateThread
Sleep
ExitThread
GetStartupInfoA
VirtualAllocEx
SetErrorMode
GetModuleFileNameA
GlobalFree
GlobalReAlloc

user32

PtInRect
CharPrevA
CallWindowProcA
GetClassNameA
EnumChildWindows
GetWindowRect
GetClientRect
SetWindowRgn
ScreenToClient
ShowWindow
MoveWindow
GetWindowLongA
SetWindowLongA
FindWindowA
SendMessageA
CheckMenuItem
IsWindowVisible
SetForegroundWindow
SetActiveWindow
SetCursorPos
mouse_event
GetKeyState
GetFocus
DrawIcon
GetSystemMenu
GetClassLongA
SetClassLongA
LoadCursorFromFileA
LoadIconA
MessageBoxA
CharNextA
OffsetRect
FlashWindow
MapVirtualKeyA
PostMessageA
IsWindow
DefWindowProcA
UnregisterClassA
RegisterClassA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoA
DrawFrameControl
CopyRect
DrawEdge
InflateRect
GetSysColor
GetKeyboardLayout
MapVirtualKeyExA
IsCharLowerA
SetCursor
GetKeyNameTextA
GetSystemMetrics
SystemParametersInfoA
IsIconic
AppendMenuA
GetParent
ClientToScreen
CreatePopupMenu
LoadBitmapA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorPos
LoadMenuA
GetSubMenu
EnableMenuItem
ReleaseCapture
SetCapture
SetRect
GetDesktopWindow
FillRect
DrawIconEx
DestroyIcon
LoadImageA
EnableWindow
GetDC
ReleaseDC
InvalidateRect
KillTimer
SetTimer
LoadCursorA
DestroyWindow

gdi32

ExtCreateRegion
CreateRectRgnIndirect
CreateDIBitmap
CreateCompatibleBitmap
PatBlt
CreateFontA
GetTextColor
Rectangle
GetDeviceCaps
CreateBitmap
DeleteDC
GetObjectA
CreateDIBSection
CreateRectRgn
CombineRgn
DeleteObject
OffsetRgn
CreateCompatibleDC
SelectObject
BitBlt
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A

shell32

ShellExecuteA

comctl32

ImageList_GetIcon
ImageList_Create
ImageList_Draw
ImageList_AddMasked

ole32

CLSIDFromProgID
CoDisconnectObject
CLSIDFromString
CoInitialize
CoCreateInstance
CoUninitialize

msvcp60

??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?clear@ios_base@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

2denginedll

?create_mimage@_mimage@IXHandler@@QAE_NABH000@Z
?set_pixel@_mimage@IXHandler@@QAEXABH0ABE110@Z
?Flip@IDisplay@IXHandler@@SAJPAUtagRECT@@0@Z
?IsLost@IDisplay@IXHandler@@SA_NXZ
??0_mimage@IXHandler@@QAE@XZ
??1_mimage@IXHandler@@QAE@XZ
?release@_mimage@IXHandler@@QAEXXZ
?create_mimage@_mimage@IXHandler@@QAE_NPBD0@Z
?bitblt@_mimage@IXHandler@@QAEXHHHPAV12@HW4Align_Style@12@_NPAUtagRECT@@PBU_mimage_blt_fx@12@@Z
?text@_mimage@IXHandler@@QAEXABH0PBD00@Z
?set_logfont@_mimage@IXHandler@@QAE?AU_log_font@12@ABU312@@Z
?get_logfont@_mimage@IXHandler@@QAE?AU_log_font@12@XZ
?scale_fast@_mimage@IXHandler@@QAEXABM0PAV12@ABH@Z
?Blt24@IDisplay@IXHandler@@SAXPAEABKABH22222H0@Z
?save_mimage@_mimage@IXHandler@@QAE_NPBDE@Z
?have_alpha@_mimage@IXHandler@@QAE_NXZ
?DrawBox@_mimage@IXHandler@@QAEXHHHHHHABUstColor32@cmStruct@2@@Z
?DrawBar@_mimage@IXHandler@@QAEXHHHHHABUstColor32@cmStruct@2@@Z
?gray_scale@_mimage@IXHandler@@QAEXPAV12@PAUtagRECT@@ABH@Z
?Release@IDisplay@IXHandler@@SAXXZ
?InitializeEx@IDisplay@IXHandler@@SAJABQAUHWND__@@PBDAB_N_N@Z
?BltImage@IDisplay@IXHandler@@SAXPAEABKABH22222@Z

wsock32

gethostname
gethostbyname
inet_addr
ntohl
ntohs
htons
htonl

oleaut32

SysFreeString

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5d7f7cfbc776844dfd3e806a9c5e28fb

Headers

File Characteristics

Imports

winmm

mfc42

msvcrt

kernel32

user32

gdi32

shell32

comctl32

ole32

msvcp60

version

2denginedll

wsock32

oleaut32

Sections

.text Size: 380KB - Virtual size: 378KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 20KB - Virtual size: 324KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 380KB - Virtual size: 378KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 20KB - Virtual size: 324KB

.rsrc
Size: 100KB - Virtual size: 100KB