ffe1cdcea61332a1189610204cf0511ac13b6119c3f4b355c24070adf7f6cabd

Sharing

Copy URL Twitter E-mail

General

Target

ffe1cdcea61332a1189610204cf0511ac13b6119c3f4b355c24070adf7f6cabd
Size

208KB
MD5

4492ff458630b6d7cd4c59c316f5dc9a
SHA1

898292510f6ea439a1084661caac61de3dbe72a8
SHA256

ffe1cdcea61332a1189610204cf0511ac13b6119c3f4b355c24070adf7f6cabd
SHA512

330d5fecdba87a711898d5d23ad1f53d035c32ac2c9f5cd34ff3719ea039f3a3993c58ff24688d28c2831fcc5bf743c6057e2432a6f10f6558f2f23af00fcdbc
SSDEEP

6144:s6k38pUN0QskK9xH1yuGaN5P7kA/tdQ+4I4uBO5YEP:s6/20QbAfc+KuZEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffe1cdcea61332a1189610204cf0511ac13b6119c3f4b355c24070adf7f6cabd

Files

ffe1cdcea61332a1189610204cf0511ac13b6119c3f4b355c24070adf7f6cabd
.exe windows:5 windows x64

75d65db8f2b243aa7887a712b3b225da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

aoiautolib

D_AOIAutoLib
D_GetAutoLibPinPad
D_ReleaseAutoLib
D_TestFillPolygon
D_TestTextDetection
D_AOIAutoRLCLib
D_AOIAutoDIPLib
D_GetAutoDIPLibPad
D_ReleaseAutoDIPLib
D_TestTextRemove
D_AOIAutoLib2
D_GetAutoConnectorLibPinPad
D_ReleaseAutoLib2
D_TestStructDLL
D_AOIAutoRCNetLib
D_GetAutoRCNetLibPinPad
D_ReleaseAutoRCNetLib
D_AOIAutoQLib
D_GetAutoQLibPinPad
D_ReleaseAutoQLib
D_AOIAutoQFNLib
D_GetAutoQFNLibPinPad
D_ReleaseAutoQFNLib
D_AOIAutoChipLib2
D_AOIAutoICLib2
D_GetAutoLibPin2
D_AOINewConnectorLib
D_AOIAutoRNetLib2
D_GetAutoRCNetLibPin2
D_AOIAuto3D

mfc100

ord5035
ord305
ord2538
ord1457
ord9095
ord6580
ord876
ord1266
ord6865
ord1863
ord12311
ord5871
ord8977
ord4895
ord11470
ord10840
ord10871
ord9145
ord7063
ord3934
ord10867
ord10859
ord5031
ord3288
ord13107
ord8001
ord13108
ord13111
ord13106
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1709
ord6823
ord11489
ord3477
ord3535
ord8182
ord12925
ord6806
ord12927
ord11107
ord11106
ord2116
ord4555
ord13393
ord11410
ord7213
ord7286
ord4340
ord7563
ord3605
ord5634
ord3346
ord3617
ord2846
ord2748
ord7930
ord5224
ord5857
ord1249
ord1872
ord1895
ord7628
ord2140
ord12597
ord12931
ord12503
ord410
ord956
ord3480
ord5406
ord11174
ord5562
ord11770
ord3270
ord10794
ord5542
ord336
ord9171
ord1188
ord776
ord6423
ord3156
ord11807
ord11125
ord1241
ord883
ord5849
ord8000
ord8982
ord7065
ord4595
ord6631
ord6641
ord6640
ord5236
ord4445
ord4597
ord4461
ord4920
ord4700
ord8135
ord4892
ord4722
ord4458
ord10790
ord2753
ord2851
ord2852
ord3355
ord10747
ord2285
ord5046
ord12138
ord10366
ord5887
ord12926
ord6807
ord12928
ord2573
ord3842
ord13605
ord3849
ord4246
ord4213
ord4209
ord4243
ord4264
ord4222
ord4251
ord4260
ord4230
ord4234
ord4238
ord4226
ord4255
ord4218
ord1492
ord1485
ord1487
ord1481
ord1474
ord10875
ord10877
ord12284
ord2754
ord8047
ord9688
ord5973
ord10841
ord7766
ord12920
ord10577
ord3275
ord10712
ord7927
ord13599
ord2454
ord10602
ord1244
ord856
ord989
ord5616
ord7923
ord2683
ord3602
ord7562
ord2527
ord3305
ord12906
ord2345
ord1461
ord13598
ord13670
ord13687
ord13683
ord13685
ord13686
ord13684
ord2354
ord7057
ord2785
ord2788
ord12185
ord5321
ord3991
ord11428
ord2745
ord3614
ord7576
ord2441
ord1690
ord1274
ord1272
ord4743
ord7033
ord4050
ord4034
ord957
ord411
ord1246
ord858
ord12332
ord7571
ord12334
ord12333
ord11579
ord5890
ord4608
ord9724
ord10754
ord7833
ord9701
ord10054
ord3479
ord2878
ord2877
ord2659
ord5319
ord12181
ord2353
ord12500
ord7931
ord924
ord369
ord6060
ord11312
ord12710
ord3990
ord11465
ord7190
ord310
ord2440
ord2435
ord896
ord324
ord10593
ord405
ord5586
ord4687
ord4689
ord11331
ord1294
ord955
ord409
ord1210
ord815
ord1688
ord11173
ord2524
ord311
ord307
ord1986
ord1291
ord10961
ord2018
ord3961
ord286
ord888
ord2529
ord12709
ord300
ord7194
ord7622
ord5813
ord5596
ord3313
ord4124
ord1948
ord11621
ord784
ord4185
ord889
ord316
ord2022
ord2024
ord2028
ord2049
ord265
ord266
ord13110

msvcr100

memset
memcpy
_CxxThrowException
ceil
_setmbcp
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__C_specific_handler
_purecall
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fwrite
_unlock_file
_lock_file
fclose
ungetc
fputc
fgetc
_makepath
atof
atoi
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
calloc
_recalloc
memmove
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
_resetstkoflw
memcpy_s
malloc
free
floor

kernel32

DecodePointer
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
EncodePointer
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentDirectoryA
GetModuleFileNameA
Sleep
GlobalFree
LeaveCriticalSection
GlobalLock
GlobalAlloc
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
MultiByteToWideChar
RtlLookupFunctionEntry
lstrlenA
EnterCriticalSection
GlobalUnlock

user32

LoadIconW
SendMessageA
GetSystemMetrics
GetClientRect
LoadMenuW
IsIconic
DrawIcon
FillRect
GetDC
ReleaseDC
InvalidateRect
EnableWindow
GetWindowRect
SetRect

gdi32

StretchBlt
SetDIBColorTable
SelectObject
GetDIBColorTable
DeleteObject
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC
GetObjectA
AngleArc

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindExtensionA

ole32

CreateStreamOnHGlobal

gdiplus

GdipDisposeImage
GdipGetImageGraphicsContext
GdipFree
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipCreateBitmapFromStream

msvcp100

?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Decref@facet@locale@std@@QEAAPEAV123@XZ
?_Incref@facet@locale@std@@QEAAXXZ
??Bid@locale@std@@QEAA_KXZ

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75d65db8f2b243aa7887a712b3b225da

Headers

DLL Characteristics

File Characteristics

Imports

aoiautolib

mfc100

msvcr100

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ole32

gdiplus

msvcp100

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 3KB - Virtual size: 2KB