43e2e687a88ea40fd6e2ed3a7db6ca08d1da8af291e8739c39a62d7f3aa5a2af

Sharing

Copy URL Twitter E-mail

General

Target

43e2e687a88ea40fd6e2ed3a7db6ca08d1da8af291e8739c39a62d7f3aa5a2af
Size

189KB
MD5

e7ba575b805efd49b76496889e6e1534
SHA1

878ef89c98ac1d0c7c731487492a8f5e48b4a0f4
SHA256

43e2e687a88ea40fd6e2ed3a7db6ca08d1da8af291e8739c39a62d7f3aa5a2af
SHA512

4fd353c2f63674bed904b964facb18f291fa6eafbec07760eb474dd1d5a7ef1dd41018b334a87cf4018290c130549fb15c94866b0632878988d319b9fd22a120
SSDEEP

3072:05bfR+haeLsV2/sC8ioblaGzX3YiZyx9OBbEPgDyt:05TR+haeLBsC8zlanLOBbEPcy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43e2e687a88ea40fd6e2ed3a7db6ca08d1da8af291e8739c39a62d7f3aa5a2af

Files

43e2e687a88ea40fd6e2ed3a7db6ca08d1da8af291e8739c39a62d7f3aa5a2af
.exe windows:5 windows x64

28f6367088efe1022b0cf1c59cae1b5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

aoidefectclassification

D_T_CannyThresholdManual
D_T_SobelThresholdManual
D_AOIDefectClassificationStatistic
D_AOI7500S3DefectClassification
D_AOIDefectClassification

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mfc100

ord3617
ord2846
ord2748
ord7930
ord5224
ord5857
ord1249
ord1895
ord12303
ord12503
ord410
ord956
ord3480
ord11174
ord5406
ord12597
ord12500
ord12931
ord2028
ord11953
ord5562
ord12709
ord2529
ord888
ord286
ord6896
ord784
ord5813
ord11621
ord7622
ord7194
ord3303
ord2526
ord7561
ord3600
ord2655
ord7920
ord5550
ord906
ord6012
ord4999
ord2137
ord1202
ord5819
ord2726
ord2839
ord5542
ord5596
ord3313
ord5589
ord3990
ord12752
ord1948
ord4613
ord3156
ord946
ord5580
ord1461
ord7190
ord2441
ord1690
ord4743
ord7033
ord4050
ord4034
ord957
ord411
ord1246
ord858
ord10754
ord7833
ord9701
ord10054
ord9171
ord3479
ord2878
ord2877
ord2659
ord5319
ord12181
ord2353
ord7931
ord10794
ord8001
ord6423
ord4185
ord4608
ord9724
ord1188
ord776
ord1241
ord5849
ord7927
ord2745
ord3614
ord924
ord369
ord6060
ord301
ord3991
ord11428
ord7576
ord11465
ord2524
ord2454
ord11005
ord10602
ord1244
ord856
ord1294
ord4190
ord3270
ord12722
ord4189
ord10609
ord1872
ord3346
ord5634
ord3605
ord7563
ord6581
ord989
ord883
ord5616
ord1229
ord8982
ord7065
ord4595
ord6631
ord12808
ord11099
ord6868
ord13109
ord13106
ord13111
ord13108
ord13110
ord13107
ord3288
ord5031
ord10859
ord10867
ord3934
ord7063
ord9145
ord10871
ord10840
ord11470
ord4895
ord8977
ord5871
ord12311
ord6641
ord6640
ord5236
ord4445
ord4597
ord4461
ord4920
ord4700
ord8135
ord4892
ord4722
ord1863
ord6865
ord4458
ord10790
ord1266
ord876
ord6580
ord9095
ord5769
ord2753
ord2851
ord2852
ord3355
ord10747
ord2285
ord5046
ord12138
ord10366
ord5887
ord12926
ord6807
ord12928
ord2573
ord3842
ord13605
ord3849
ord4246
ord4213
ord4209
ord4243
ord4264
ord4222
ord4251
ord4260
ord4230
ord4234
ord4238
ord4226
ord4255
ord4218
ord1492
ord1485
ord1487
ord1481
ord1474
ord10875
ord10877
ord12284
ord2754
ord8047
ord9688
ord5973
ord10841
ord7766
ord12920
ord10577
ord3275
ord10712
ord7923
ord13599
ord13598
ord13670
ord13687
ord13683
ord13685
ord13686
ord13684
ord2354
ord7057
ord2785
ord2788
ord12185
ord5321
ord2683
ord3602
ord7562
ord2527
ord3305
ord12906
ord2345
ord4340
ord2538
ord305
ord5035
ord300
ord1291
ord4124
ord310
ord889
ord5842
ord2735
ord2842
ord7283
ord2022
ord7286
ord7213
ord11410
ord13393
ord4555
ord2116
ord11106
ord11107
ord12927
ord6806
ord12925
ord8182
ord3535
ord3477
ord11489
ord6823
ord1709
ord8000
ord13700
ord316
ord266
ord265
ord2049
ord1272
ord1274
ord2140
ord2024
ord12845

msvcr100

_setmbcp
memset
exp
memcpy
_CxxThrowException
log10
floor
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
calloc
_recalloc
_mktime64
_resetstkoflw
malloc
free
atof
_localtime64_s
atoi
?what@exception@std@@UEBAPEBDXZ
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fwrite
_unlock_file
_lock_file
fclose
_time64
srand
ungetc
fputc
fgetc
??0exception@std@@QEAA@AEBV01@@Z
memcpy_s
memmove
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
pow

kernel32

EncodePointer
DecodePointer
Sleep
GetStartupInfoW
TerminateProcess
GetModuleFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CopyFileA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetFileTime
_lopen
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenA
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
CreateDirectoryA
GetLastError
GetCurrentProcess
GetCurrentDirectoryA

user32

GetCursorPos
IsIconic
LoadMenuW
DrawIcon
GetSystemMetrics
EnableWindow
GetClientRect
AppendMenuA
GetSystemMenu
LoadIconW
UpdateWindow
DrawTextA
ReleaseDC
GetDC
InvalidateRect
SendMessageA
GetParent
GetSubMenu

gdi32

DeleteObject
CreateDIBSection
GetObjectA
CreateFontA
CreateSolidBrush
SelectObject
BitBlt
CreateCompatibleDC
DeleteDC
SetDIBColorTable

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindExtensionA

msvcp100

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Decref@facet@locale@std@@QEAAPEAV123@XZ
?_Incref@facet@locale@std@@QEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28f6367088efe1022b0cf1c59cae1b5f

Headers

DLL Characteristics

File Characteristics

Imports

aoidefectclassification

version

mfc100

msvcr100

kernel32

user32

gdi32

shell32

comctl32

shlwapi

msvcp100

gdiplus

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 4KB