b071c02415ae7a3e405a9d3cb83b6d6d30c1711c9d6dc5195ab0a577f83a21f8

Sharing

Copy URL

Twitter E-mail

General

Target

b071c02415ae7a3e405a9d3cb83b6d6d30c1711c9d6dc5195ab0a577f83a21f8
Size

139KB
MD5

1f9df01af89630b11bdf1a6dbb5b9edd
SHA1

f0e527cd68960467b29615061d81849a416eb5b7
SHA256

b071c02415ae7a3e405a9d3cb83b6d6d30c1711c9d6dc5195ab0a577f83a21f8
SHA512

2b9a866745d29d183e1ec127f9a952f160db9156ea3124421624626916e5ead0a95cb86e2339cfb3caaade99ca57654a0b4dbef89822bc5e7dbe5d07f6e82056
SSDEEP

3072:q4l4fHeIOHRxqyMF/pstBaDqwONnct43bBl3N2UN:mWIO2yMF/p/uwONct43D92U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b071c02415ae7a3e405a9d3cb83b6d6d30c1711c9d6dc5195ab0a577f83a21f8

Files

b071c02415ae7a3e405a9d3cb83b6d6d30c1711c9d6dc5195ab0a577f83a21f8
.exe windows:5 windows x64

ad83035ff8a1b21545913c741217e936

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc100

ord5319
ord2659
ord2877
ord2878
ord10054
ord9701
ord7833
ord10754
ord4340
ord11125
ord1294
ord1291
ord300
ord310
ord2538
ord5035
ord305
ord7190
ord6060
ord369
ord2839
ord2726
ord5321
ord12185
ord2354
ord10841
ord8047
ord5236
ord8000
ord5819
ord883
ord1202
ord3156
ord6423
ord12503
ord4608
ord12597
ord3270
ord10794
ord9095
ord6580
ord876
ord1266
ord6865
ord1863
ord1272
ord837
ord12311
ord946
ord990
ord902
ord1241
ord5871
ord8977
ord4895
ord11470
ord10840
ord10871
ord9145
ord7063
ord3934
ord10867
ord10859
ord5031
ord3288
ord13107
ord13110
ord13108
ord13111
ord13106
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1492
ord6823
ord11489
ord3477
ord3535
ord8182
ord12925
ord6806
ord12927
ord11107
ord11106
ord2116
ord4555
ord13393
ord11410
ord7213
ord7286
ord5580
ord3603
ord7924
ord5094
ord5617
ord3597
ord2653
ord7918
ord5543
ord3614
ord2745
ord7927
ord5849
ord1872
ord1895
ord4189
ord7283
ord6924
ord12181
ord1188
ord9724
ord6706
ord7571
ord858
ord1246
ord2022
ord6929
ord4971
ord12932
ord1457
ord3991
ord11312
ord411
ord957
ord4034
ord4050
ord7033
ord4740
ord1690
ord4743
ord2441
ord265
ord266
ord2171
ord4687
ord3846
ord1461
ord4347
ord856
ord1244
ord11331
ord4689
ord5586
ord405
ord10602
ord12974
ord2454
ord11174
ord2524
ord11465
ord11428
ord3990
ord4218
ord4255
ord4226
ord4238
ord4234
ord4230
ord4260
ord4251
ord4222
ord4264
ord4243
ord4209
ord4213
ord4246
ord3849
ord13605
ord3842
ord2573
ord12928
ord6807
ord12926
ord5887
ord10366
ord12138
ord5046
ord2285
ord10747
ord3355
ord2852
ord2851
ord2753
ord10790
ord4458
ord4722
ord4892
ord8135
ord4700
ord4920
ord4461
ord4597
ord4445
ord6640
ord6641
ord6631
ord4595
ord7065
ord8982
ord8001
ord12500
ord4190
ord2342
ord9171
ord11807
ord5969
ord6041
ord7071
ord8149
ord3479
ord3981
ord6425
ord926
ord924
ord2788
ord2785
ord7057
ord2353
ord13684
ord13686
ord13685
ord13683
ord13687
ord13670
ord13598
ord13599
ord7931
ord10712
ord3275
ord10577
ord12920
ord7766
ord2137
ord5589
ord5596
ord3313
ord316
ord889
ord4124
ord1948
ord10795
ord5973
ord9688
ord8026
ord2754
ord5542
ord373
ord12284
ord10877
ord10875
ord1474
ord1481
ord1487
ord776
ord1485
ord6062
ord2049
ord1709
ord1274

msvcr100

memset
_setmbcp
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
rename
strcpy_s
__CxxFrameHandler3

kernel32

UnhandledExceptionFilter
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
InitializeCriticalSection
GetCurrentProcess
TerminateProcess
GetStartupInfoW
Sleep
DecodePointer
EncodePointer
CloseHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
CreateFileA
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
WaitForSingleObject
CopyFileA
CreateDirectoryA
LeaveCriticalSection
EnterCriticalSection

user32

InflateRect
DrawIcon
GetWindowRect
MessageBoxA
InvalidateRect
GetClientRect
GetSystemMetrics
IsIconic
AppendMenuA
GetSystemMenu
LoadIconW
UpdateWindow
SendMessageA
EnableWindow
GetDesktopWindow
FillRect

gdi32

CreateFontIndirectA
CreateSolidBrush
GetStockObject

advapi32

RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad83035ff8a1b21545913c741217e936

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

version

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 70KB - Virtual size: 69KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 70KB - Virtual size: 69KB

.reloc
Size: 3KB - Virtual size: 2KB