61a66ddbeaff28a25a04528a0a5f119e2fe8795e69b2eafbbe4c2201ceb3f346

Sharing

Copy URL Twitter E-mail

General

Target

61a66ddbeaff28a25a04528a0a5f119e2fe8795e69b2eafbbe4c2201ceb3f346
Size

231KB
MD5

12ab315edbf1a0291bd8c6ee02c77da4
SHA1

d9e4bb998248451fc7783e66d4bd460caf8abe9e
SHA256

61a66ddbeaff28a25a04528a0a5f119e2fe8795e69b2eafbbe4c2201ceb3f346
SHA512

e9981f550a39031d50b77a39b7d3afbc51ed75ae1d89c6dbb1a549e8bc4096c385fd2d16217c4d5019f0c8d3aa58b8f52cc1812bb665abd5036364f4593a190b
SSDEEP

3072:8z6dubP0CGEO4ypHW+C/Kk2sQNoF/pstBaDqwONnct43bBl3N2UfVo:U6sbdjO4kHzsQmF/p/uwONct43D92U9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61a66ddbeaff28a25a04528a0a5f119e2fe8795e69b2eafbbe4c2201ceb3f346

Files

61a66ddbeaff28a25a04528a0a5f119e2fe8795e69b2eafbbe4c2201ceb3f346
.exe windows:5 windows x64

2de107c158591f581f8ab54687108389

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc100

ord3275
ord10712
ord7931
ord13599
ord13598
ord13670
ord13687
ord13683
ord13685
ord13686
ord13684
ord2354
ord7057
ord2785
ord2788
ord12185
ord5321
ord300
ord889
ord1272
ord6334
ord832
ord1223
ord362
ord921
ord5540
ord1948
ord4124
ord316
ord3313
ord5596
ord6560
ord9207
ord12337
ord12600
ord1895
ord5890
ord4185
ord2136
ord2137
ord11605
ord3980
ord4042
ord2022
ord3299
ord10544
ord9139
ord8017
ord10746
ord2283
ord5886
ord10711
ord7141
ord9946
ord9949
ord8291
ord8306
ord8296
ord8726
ord8730
ord8308
ord9802
ord7727
ord7717
ord10391
ord9807
ord7805
ord9828
ord8789
ord8790
ord6676
ord11312
ord1291
ord6580
ord877
ord1267
ord13495
ord6865
ord1951
ord1947
ord13336
ord12311
ord6828
ord6867
ord6888
ord12454
ord6602
ord6249
ord310
ord7283
ord12597
ord4347
ord1966
ord3935
ord373
ord924
ord5542
ord926
ord6425
ord3479
ord1605
ord4477
ord5872
ord8977
ord4895
ord11470
ord10840
ord10871
ord9145
ord7063
ord10867
ord10859
ord5031
ord3288
ord13107
ord13110
ord13108
ord13111
ord13106
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1709
ord6823
ord11489
ord3477
ord3535
ord8182
ord12925
ord6806
ord12927
ord11107
ord11106
ord2116
ord4555
ord13393
ord11410
ord7213
ord7286
ord7277
ord2380
ord11548
ord10534
ord12579
ord7769
ord7999
ord7295
ord12665
ord11145
ord5564
ord8001
ord8026
ord10795
ord2353
ord12181
ord5319
ord2659
ord2877
ord2878
ord9171
ord10054
ord9701
ord7833
ord10754
ord7190
ord11428
ord12710
ord2028
ord6091
ord6436
ord1457
ord422
ord964
ord562
ord1065
ord1119
ord669
ord8379
ord8907
ord7935
ord3639
ord4641
ord4949
ord11318
ord1487
ord10408
ord9307
ord9495
ord9401
ord9348
ord7674
ord13033
ord4667
ord4672
ord1697
ord9233
ord4978
ord4982
ord8473
ord13010
ord4817
ord4643
ord5421
ord11074
ord7734
ord12883
ord4020
ord4009
ord4015
ord3992
ord10577
ord2304
ord1474
ord8327
ord8521
ord12195
ord12244
ord2605
ord12241
ord11717
ord12673
ord10171
ord12246
ord5404
ord5396
ord6779
ord7746
ord13000
ord4921
ord4451
ord5496
ord11943
ord12455
ord4577
ord6604
ord12425
ord12103
ord12412
ord12053
ord5683
ord1067
ord566
ord630
ord1094
ord1210
ord851
ord1239
ord815
ord8089
ord11933
ord13122
ord2702
ord2703
ord1569
ord631
ord1570
ord13140
ord3718
ord10726
ord8004
ord11173
ord409
ord955
ord1294
ord11331
ord4689
ord4687
ord5586
ord405
ord10593
ord324
ord896
ord11001
ord1688
ord2435
ord2440
ord11294
ord858
ord1246
ord456
ord995
ord1690
ord1419
ord3996
ord7323
ord457
ord1420
ord5280
ord5281
ord11246
ord7324
ord11247
ord2524
ord5361
ord8137
ord3270
ord10200
ord11884
ord5035
ord305
ord2538
ord4162
ord12955
ord2018
ord10961
ord12936
ord10984
ord2725
ord5769
ord5045
ord12135
ord6802
ord8029
ord2168
ord3843
ord10800
ord10704
ord7056
ord2669
ord7223
ord4273
ord4274
ord5237
ord11036
ord1502
ord12144
ord5050
ord12142
ord5049
ord10090
ord5066
ord7641
ord10446
ord10441
ord4561
ord3281
ord3932
ord10153
ord9118
ord1732
ord9531
ord12921
ord1722
ord4879
ord10168
ord1555
ord7995
ord8488
ord10161
ord1415
ord11465
ord3991
ord2530
ord6060
ord369
ord3303
ord2526
ord7561
ord3600
ord2655
ord7920
ord5236
ord5550
ord906
ord3156
ord3254
ord3152
ord6423
ord410
ord956
ord3480
ord5406
ord12845
ord10794
ord1485
ord1492
ord4218
ord4255
ord4226
ord4238
ord4234
ord4230
ord4260
ord4251
ord4222
ord4264
ord4243
ord4209
ord4213
ord4246
ord3849
ord13605
ord3842
ord2573
ord12928
ord6807
ord12926
ord5887
ord10366
ord12138
ord5046
ord2285
ord3355
ord2852
ord2851
ord2753
ord10790
ord4458
ord4722
ord4892
ord8135
ord4700
ord4920
ord4461
ord4597
ord4445
ord6640
ord6641
ord6631
ord4595
ord7065
ord8982
ord8000
ord12920
ord7766
ord10841
ord5973
ord9688
ord8047
ord2754
ord12284
ord10877
ord2474
ord10875
ord1991
ord10747
ord883
ord7817
ord1481
ord7669
ord2049
ord1274

msvcr100

__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_time64
_localtime64_s
strftime
atoi
_setmbcp

kernel32

IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
InitializeCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
Sleep
DecodePointer
EncodePointer
CopyFileA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

user32

GetWindowRect
SetCursor
InvalidateRect
IsRectEmpty
UpdateWindow
GetClientRect
GetDC
EnableWindow
LoadCursorA
SendMessageA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2de107c158591f581f8ab54687108389

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 3KB - Virtual size: 2KB