30dfdd11a16cb693e0e2a3237401b68e8ad13a13dc4e5a4d1f8ff55c799f2fef

Sharing

Copy URL

Twitter E-mail

General

Target

30dfdd11a16cb693e0e2a3237401b68e8ad13a13dc4e5a4d1f8ff55c799f2fef
Size

611KB
MD5

96cf1be2d52055d97dc90ba079dfdfa6
SHA1

9305e3cb852e2eca7deb02c98b627896c9c64d86
SHA256

30dfdd11a16cb693e0e2a3237401b68e8ad13a13dc4e5a4d1f8ff55c799f2fef
SHA512

3638ce175353f361932c7f83ee1483c09f84ffcf11640f98c81aca1ba12a8d53bb25be1e98d694eeed6e44f8141b94a0ced1461b75d9a6bfa2cd87c6263e4fe6
SSDEEP

6144:m8Gx8fYf3nEkkhzaY0VPYSEcZUE2r130wZ0utEYWNetHCJ5ekeOWJiw0xVWbK1Cw:EKfYfwYLgs6o18I8GqF5pZSlaXW51

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30dfdd11a16cb693e0e2a3237401b68e8ad13a13dc4e5a4d1f8ff55c799f2fef

Files

30dfdd11a16cb693e0e2a3237401b68e8ad13a13dc4e5a4d1f8ff55c799f2fef
.dll windows:6 windows x64

651bf60b63810155fa428db6cdd4bda4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcp140

?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setf@ios_base@std@@QEAAHHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z

mfc140u

ord7668
ord14088
ord12212
ord7719
ord6614
ord3731
ord5706
ord11921
ord7920
ord11933
ord11901
ord5555
ord9941
ord7235
ord8926
ord11855
ord450
ord6850
ord1091
ord11813
ord6000
ord13397
ord2697
ord8901
ord1089
ord8731
ord10704
ord11085
ord10163
ord3951
ord3307
ord3308
ord8830
ord3599
ord2212
ord265
ord8826
ord1424
ord4095
ord6588
ord5916
ord7394
ord6002
ord13401
ord3212
ord3209
ord9946
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord11771
ord12606
ord3713
ord11625
ord14209
ord8656
ord11902
ord6729
ord10691
ord8947
ord3173
ord13513
ord1700
ord1722
ord1748
ord1734
ord1755
ord4843
ord4788
ord4853
ord4837
ord4752
ord4767
ord4828
ord4360
ord5582
ord9384
ord4352
ord2967
ord14211
ord12625
ord14217
ord6631
ord11406
ord10124
ord12706
ord13354
ord5723
ord5237
ord2629
ord11806
ord3812
ord11929
ord8084
ord1450
ord7393
ord8167
ord323
ord1039
ord266
ord1641
ord5674
ord7893
ord2921
ord296
ord285
ord280
ord290
ord1033
ord1501
ord5709
ord4510
ord4511
ord4656
ord3509
ord3172
ord3279
ord3278
ord13767
ord11850
ord4726
ord990
ord8471
ord8468
ord6724
ord5080
ord5363
ord5552
ord9041
ord5339
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord8900
ord1369
ord7551
ord4814
ord4859
ord4782
ord4794
ord4800
ord4806
ord4776
ord4011
ord11940
ord11944
ord14216
ord3164
ord2270
ord2415
ord2414
ord13619
ord3071
ord983
ord6122
ord7650
ord14289
ord6123
ord14290
ord6121
ord1489
ord1491
ord2346
ord2350
ord6320
ord4722
ord2475
ord3828
ord14210
ord2439
ord5183
ord8023
ord7716
ord4445
ord7651
ord3756
ord6250
ord357
ord6313
ord6247
ord2473
ord438
ord12761
ord12967
ord13674
ord12746
ord8161
ord12223
ord12222
ord9089
ord3949
ord2011
ord11665
ord11664
ord12544
ord3718
ord14288
ord3728
ord1492
ord324
ord1040
ord2327
ord2369
ord2372
ord2338
ord2371
ord473
ord2234
ord2336
ord2161
ord2266
ord2360
ord878

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
LocalAlloc
CreateEventA
GetOverlappedResult
DisconnectNamedPipe
WriteFile
ReadFile
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
FormatMessageA
LocalFree
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
ResumeThread
GetCurrentThreadId
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetTickCount
GetProcessId
CloseHandle
GetModuleFileNameW
GetCurrentProcessId
SetLastError
OutputDebugStringA
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetPrivateProfileStringW
GetFileAttributesW
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionEx
OutputDebugStringW
GetLastError

user32

CloseTouchInputHandle
GetTouchInputInfo
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
PostQuitMessage
DefWindowProcW
ClientToScreen
GetSystemMetrics
SendInput
FindWindowExW
GetAncestor
GetCursorInfo
GetClassNameW
FindWindowW
EnumChildWindows
GetDesktopWindow
ScreenToClient
MessageBoxW
GetWindowTextW
EndDialog
GetWindowThreadProcessId
EnumWindows
AllowSetForegroundWindow
SetForegroundWindow
SetActiveWindow
LoadCursorW
LoadStringW
GetParent
OffsetRect
SetCapture
GetSysColor
SetCursor
GetWindowRect
GetClientRect
RedrawWindow
InvalidateRect
UpdateWindow
EnableWindow
KillTimer
SetTimer
IsWindow
SendMessageW
MoveWindow
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
SetWindowRgn
SetRect
InflateRect
GetWindowLongPtrW
SetWindowLongPtrW
RegisterWindowMessageW
ReleaseCapture
PostMessageW
PeekMessageA
TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetWindow
RegisterTouchWindow
FillRect
LoadImageW
RegisterClassExW

gdi32

GdiFlush
CreateCompatibleBitmap
DeleteDC
SetBkMode
CreateRoundRectRgn
BitBlt
MoveToEx
SelectObject
LineTo
CreatePen
SetViewportOrgEx
GetObjectW
Rectangle
GetViewportOrgEx
GetStockObject
DeleteObject
CreateSolidBrush
CreateFontIndirectW
CreateCompatibleDC

advapi32

RegCloseKey
RegGetValueW
GetUserNameA
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteExW

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
bind
closesocket
connect
getpeername
getsockopt
htonl
htons
inet_addr
ntohl
WSAEventSelect
ntohs
WSAEnumNetworkEvents
WSACreateEvent
recv
send
sendto
setsockopt
socket
gethostbyname
WSACloseEvent

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__current_exception
memmove
strstr
longjmp
memchr
memcmp
_purecall
__std_terminate
__CxxFrameHandler3
memcpy
strchr
memset
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_beginthreadex
_invalid_parameter_noinfo
terminate
_initterm_e
_initterm
_cexit
_errno
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_endthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

malloc
free
_recalloc
calloc

api-ms-win-crt-math-l1-1-0

sinf
cosf
sqrtf
sqrt
acos
atan2

api-ms-win-crt-string-l1-1-0

strtok
_stricmp
strcmp
tolower
isalnum
isspace
isalpha
strncpy
strncmp
wcsncpy

api-ms-win-crt-convert-l1-1-0

wcstof
wcstombs
mbstowcs
_wtof
_wtoi
strtof
atoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__stdio_common_vsprintf

Exports

Exports

PlugInMain

Sections

.text
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

651bf60b63810155fa428db6cdd4bda4

Headers

DLL Characteristics

File Characteristics

Imports

version

msvcp140

mfc140u

kernel32

user32

gdi32

advapi32

shell32

ws2_32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 418KB - Virtual size: 418KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 7KB - Virtual size: 22KB

.pdata Size: 32KB - Virtual size: 32KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 418KB - Virtual size: 418KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 7KB - Virtual size: 22KB

.pdata
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 3KB - Virtual size: 3KB