da3bf897f7b630d54145d02f6ab42221090c2dd52d4f633ebaf031a2fc5554b3

Sharing

Copy URL

Twitter E-mail

General

Target

da3bf897f7b630d54145d02f6ab42221090c2dd52d4f633ebaf031a2fc5554b3
Size

275KB
MD5

5af75371b105f14cfdb87f7bd195fe6c
SHA1

e0707ddce221a5cb13f1d3544fca3eb9c0a6e14e
SHA256

da3bf897f7b630d54145d02f6ab42221090c2dd52d4f633ebaf031a2fc5554b3
SHA512

2471ae097d99135b065248bc85785641dbfad665a0b1312ce0220bf7a3ea6d781e03bd77dcff7c4c083f8c6bca9b2439ce335ebebed987d04faf83fe235b0d0a
SSDEEP

6144:dOPZzgooooooooooooooooooooooovoooooooooooooooQhQrF/p/uwONct43D9B:88ooooooooooooooooooooooovoooooS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da3bf897f7b630d54145d02f6ab42221090c2dd52d4f633ebaf031a2fc5554b3

Files

da3bf897f7b630d54145d02f6ab42221090c2dd52d4f633ebaf031a2fc5554b3
.exe windows:5 windows x64

e091104672fab5d6ceef4a870053e272

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

autoconnect

??0CConnectControl@@QEAA@XZ
??1CConnectControl@@QEAA@XZ
?Create@CConnectControl@@QEAAHPEAVCWnd@@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AEAV34@E1@Z
?StartListen@CConnectControl@@QEAAHAEAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Send@CConnectControl@@QEAAHPEAUCONNECT_ITEM@@AEAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?StopListen@CConnectControl@@QEAAXXZ

mfc100

ord9688
ord5973
ord10794
ord7766
ord12920
ord10577
ord3275
ord10712
ord7931
ord13599
ord13598
ord13670
ord13687
ord13683
ord13685
ord13686
ord13684
ord2353
ord7057
ord2785
ord2788
ord12181
ord5319
ord2659
ord2877
ord2878
ord3479
ord10054
ord7833
ord10754
ord9095
ord6580
ord876
ord1266
ord6865
ord1947
ord1863
ord1272
ord837
ord12311
ord5871
ord8000
ord8977
ord4895
ord11470
ord10840
ord10871
ord9145
ord7063
ord3934
ord10867
ord10859
ord5031
ord3288
ord13107
ord13110
ord13108
ord13111
ord13106
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1709
ord6823
ord11489
ord3477
ord4234
ord8182
ord12925
ord6806
ord12927
ord11107
ord11106
ord2116
ord4555
ord13393
ord11410
ord7213
ord7286
ord316
ord889
ord1291
ord373
ord456
ord995
ord3603
ord5321
ord12185
ord2354
ord7924
ord10841
ord5094
ord5617
ord8047
ord990
ord982
ord445
ord1948
ord4124
ord3313
ord5596
ord5540
ord3597
ord2653
ord7918
ord5236
ord5543
ord902
ord1872
ord1895
ord5542
ord926
ord3156
ord6425
ord2676
ord2022
ord4188
ord2137
ord4971
ord300
ord6929
ord12098
ord7589
ord2524
ord1294
ord6924
ord776
ord1188
ord9724
ord3270
ord5564
ord8026
ord10795
ord2485
ord310
ord4230
ord4260
ord4251
ord4222
ord4264
ord4243
ord4209
ord4213
ord4246
ord3849
ord13605
ord3842
ord2573
ord12928
ord6807
ord12926
ord5887
ord10366
ord12138
ord5046
ord2285
ord10747
ord3355
ord2852
ord2851
ord2753
ord10790
ord4458
ord4722
ord4892
ord8135
ord4700
ord4920
ord4461
ord4597
ord4445
ord6640
ord6641
ord6631
ord4595
ord7065
ord8982
ord8001
ord9171
ord9701
ord12845
ord6423
ord3150
ord3243
ord2754
ord12284
ord10877
ord10875
ord1474
ord1481
ord1487
ord1485
ord1492
ord4218
ord3155
ord924
ord369
ord6060
ord4255
ord4226
ord883
ord4238
ord1463
ord1274
ord2049
ord3535

msvcr100

_setmbcp
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
__CxxFrameHandler3

kernel32

DeactivateActCtx
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
Sleep
DecodePointer
EncodePointer
ActivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError

user32

GetSystemMetrics
DrawIcon
GetClientRect
EnableWindow
IsIconic
GetWindowRect
LoadBitmapW
SendMessageA
LoadIconW

gdi32

GetObjectA

comctl32

InitCommonControlsEx

ws2_32

WSAStartup

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e091104672fab5d6ceef4a870053e272

Headers

DLL Characteristics

File Characteristics

Imports

autoconnect

mfc100

msvcr100

kernel32

user32

gdi32

comctl32

ws2_32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 888B

.rsrc Size: 242KB - Virtual size: 241KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 888B

.rsrc
Size: 242KB - Virtual size: 241KB

.reloc
Size: 2KB - Virtual size: 1KB