abac2651f195709452f616e83e2e2f5d69d43f7f2e5859c800c9771356b3fa73

Sharing

Copy URL Twitter E-mail

General

Target

abac2651f195709452f616e83e2e2f5d69d43f7f2e5859c800c9771356b3fa73
Size

629KB
MD5

29d06f70f71891d7fcbda2100d1e6dfc
SHA1

e852b1e18239e93c63d6f06123f0435f5554c0a0
SHA256

abac2651f195709452f616e83e2e2f5d69d43f7f2e5859c800c9771356b3fa73
SHA512

44f8f13767aaae88a75251457abddc010d2b8f51befb9babcae85817c645d9acd6dae2ddf1c2b7c6db0c75560730a02057401000f8c71036dcef947e3a14d0d7
SSDEEP

12288:QeJcDxXEV+2KbcIULhg4FH8YiZn9pGHNu4B2U:QeJcvBwLhgyiZaI4r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abac2651f195709452f616e83e2e2f5d69d43f7f2e5859c800c9771356b3fa73

Files

abac2651f195709452f616e83e2e2f5d69d43f7f2e5859c800c9771356b3fa73
.exe windows:5 windows x64

c9db0435d43731992eeafdb5f649dd59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc100

ord1222
ord3614
ord2745
ord7927
ord5849
ord1241
ord3597
ord2653
ord7918
ord5543
ord902
ord5580
ord946
ord924
ord1948
ord3313
ord5596
ord5542
ord926
ord3156
ord3242
ord6425
ord9171
ord12503
ord12332
ord858
ord1246
ord1690
ord4042
ord6919
ord6920
ord11953
ord776
ord1188
ord362
ord921
ord5540
ord2136
ord2137
ord11605
ord12427
ord4608
ord5890
ord9141
ord10546
ord12845
ord4605
ord10795
ord8001
ord8026
ord2353
ord12181
ord5319
ord2659
ord2877
ord2878
ord3479
ord10054
ord7833
ord10754
ord7190
ord7575
ord11428
ord2345
ord12906
ord3305
ord2527
ord2683
ord7923
ord5616
ord989
ord6581
ord6012
ord11803
ord3357
ord8250
ord711
ord11170
ord336
ord11620
ord5589
ord7622
ord7194
ord1686
ord784
ord4892
ord11621
ord12423
ord9095
ord6580
ord876
ord1266
ord6865
ord1863
ord837
ord12311
ord5871
ord8977
ord4895
ord11470
ord10840
ord10871
ord9145
ord7063
ord3934
ord10867
ord10859
ord5031
ord3288
ord13107
ord13110
ord13108
ord13111
ord13106
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1709
ord6823
ord11489
ord3477
ord3535
ord8182
ord12925
ord6806
ord12927
ord11107
ord11106
ord2116
ord4555
ord13393
ord11410
ord7213
ord7286
ord5835
ord3990
ord2028
ord2024
ord3303
ord2526
ord7561
ord3600
ord2655
ord7920
ord5550
ord906
ord1872
ord3155
ord4347
ord857
ord1245
ord11775
ord12377
ord3554
ord3359
ord3980
ord9724
ord3996
ord410
ord956
ord3480
ord5326
ord5298
ord1461
ord8472
ord5564
ord9701
ord3991
ord12710
ord4722
ord4458
ord10790
ord2753
ord2851
ord2852
ord3355
ord10747
ord2285
ord5046
ord12138
ord10366
ord5887
ord12926
ord6807
ord12928
ord2573
ord3842
ord13605
ord3849
ord4246
ord4213
ord4209
ord4243
ord4264
ord4222
ord4251
ord4260
ord4230
ord4234
ord4238
ord4226
ord4255
ord4218
ord1492
ord1485
ord1487
ord1481
ord1474
ord10875
ord10877
ord12284
ord2754
ord8047
ord9688
ord5973
ord10841
ord7766
ord12920
ord10577
ord3275
ord10712
ord7930
ord13599
ord13598
ord13670
ord13687
ord13683
ord13685
ord13686
ord13684
ord2354
ord7057
ord2785
ord2788
ord12185
ord5321
ord2748
ord2846
ord3617
ord6355
ord5236
ord7931
ord2733
ord373
ord6062
ord1688
ord1290
ord11173
ord1210
ord815
ord1272
ord7589
ord1895
ord4188
ord11807
ord3981
ord4185
ord12931
ord12500
ord12597
ord4190
ord6569
ord4341
ord2530
ord11312
ord5769
ord2725
ord265
ord10961
ord2018
ord12936
ord10984
ord262
ord12955
ord4162
ord266
ord259
ord2538
ord5035
ord2049
ord305
ord2022
ord2524
ord300
ord2440
ord2435
ord1457
ord3270
ord1249
ord883
ord5857
ord8000
ord8982
ord7065
ord4595
ord6631
ord6641
ord6640
ord5224
ord4445
ord4597
ord4461
ord4920
ord4700
ord7576
ord8135
ord896
ord324
ord10593
ord4124
ord955
ord409
ord1291
ord11125
ord4340
ord1294
ord310
ord3697
ord889
ord316
ord5813
ord1274

msvcr100

atoi
memcpy_s
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
memmove
atof
sqrt
malloc
fmod
ceil
__CxxFrameHandler3
_CxxThrowException
memset
_setmbcp
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
ldiv
floor
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_recalloc
calloc
free
_resetstkoflw
sprintf_s

kernel32

MultiByteToWideChar
lstrlenA
EncodePointer
DecodePointer
lstrcmpA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA
ActivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
DeactivateActCtx
SetLastError
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
LocalFree
GetStartupInfoW
EnterCriticalSection
GetSystemDefaultLangID
GetUserDefaultLCID
DeleteCriticalSection
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
InitializeCriticalSection

user32

SetActiveWindow
EnableWindow
SendMessageA
SetParent
GetClientRect
CopyRect
GetSysColor
GetSystemMetrics
SetRectEmpty
GetWindowRect
InvalidateRect
ReleaseDC
PostMessageA
GetFocus
GetDC
DrawTextA
FindWindowA
LoadIconW
IsRectEmpty
PtInRect
MessageBoxA
DrawIcon
IsIconic

gdi32

CreateCompatibleBitmap
BitBlt
GetTextColor
Rectangle
CreateFontA
Ellipse
CreateCompatibleDC
DeleteDC
SelectObject
StretchBlt
SetDIBColorTable
GetObjectA
CreateDIBSection
DeleteObject
GetBkColor
GetTextExtentPoint32A

comctl32

InitCommonControlsEx

ole32

CoCreateInstance
CoInitialize
OleRun

oleaut32

VariantInit
VariantClear
GetErrorInfo
SysAllocString
SysFreeString

gdiplus

GdiplusShutdown
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdiplusStartup

msvcp100

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9db0435d43731992eeafdb5f649dd59

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

comctl32

ole32

oleaut32

gdiplus

msvcp100

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 410KB - Virtual size: 410KB

.data Size: 2KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 70KB - Virtual size: 69KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 410KB - Virtual size: 410KB

.data
Size: 2KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 70KB - Virtual size: 69KB

.reloc
Size: 36KB - Virtual size: 36KB