4cf2d1871f9d8c11b9b1c6b2ca495bd7c688ad40856b7e7c51eace60f0f11af7

Sharing

Copy URL Twitter E-mail

General

Target

4cf2d1871f9d8c11b9b1c6b2ca495bd7c688ad40856b7e7c51eace60f0f11af7
Size

259KB
MD5

4cd7635d29931fe8f52ce2fd953f0068
SHA1

bc401d46994f082487578129f5d0224d0091c905
SHA256

4cf2d1871f9d8c11b9b1c6b2ca495bd7c688ad40856b7e7c51eace60f0f11af7
SHA512

6f2080a3e7a53f9c09a92f0d4c7842e17c765c104c74eb33d56ca8280c186c1c901e93124fef8d6fe626523e35b0c564569aa9b31a824a9e979a6eeb1cf086ef
SSDEEP

6144:RVxoLCkC0FOIaBMLR9XkcXe6AMLTNP7/Yf83gKgEK2+5c2N3Lg8rD51+Cjsn2o24:6y0day9P3LZ7Af83gKgEH+5c2Ns8rDTG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cf2d1871f9d8c11b9b1c6b2ca495bd7c688ad40856b7e7c51eace60f0f11af7

Files

4cf2d1871f9d8c11b9b1c6b2ca495bd7c688ad40856b7e7c51eace60f0f11af7
.exe windows:5 windows x86

265a1ef43fdfdaa22dde0d5d0991eafe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
__set_app_type
_XcptFilter
_exit
_c_exit
??1exception@@UAE@XZ
_purecall
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_ltow
qsort
_itow
wcscat
wcsncmp
??2@YAPAXI@Z
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_wcsicmp
_wsplitpath
_controlfp
wcsncpy
wcscmp
swprintf
swscanf
_cexit
free
realloc
malloc
_wcsnset
wcschr
iswalpha
_snwprintf
wcsrchr
wcscpy
??3@YAXPAX@Z
__CxxFrameHandler
wcsstr
wcsspn
wcslen
_except_handler3

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHABV12@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??_F?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ

advapi32

RegEnumKeyW
LookupPrivilegeValueW
RegOpenKeyExW
RegCreateKeyW
RegDeleteValueW
RegRestoreKeyW
RegSaveKeyW
CloseServiceHandle
ControlService
EnumDependentServicesW
QueryServiceStatus
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
ImpersonateLoggedOnUser
RevertToSelf
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetPrivateObjectSecurity
SetPrivateObjectSecurity
MapGenericMask
AccessCheckAndAuditAlarmW
OpenThreadToken
GetTokenInformation
LookupAccountSidW
RegQueryValueExW
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
OpenProcessToken
CreatePrivateObjectSecurity
FreeSid
RegCreateKeyExW
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorLength
RegSetValueExW
MakeSelfRelativeSD
AllocateAndInitializeSid
LogonUserW
DuplicateToken
CopySid
IsValidSid
EqualSid
GetLengthSid
RegisterServiceCtrlHandlerW
DestroyPrivateObjectSecurity
SetServiceStatus
StartServiceCtrlDispatcherW
RegOpenKeyW
ConvertSidToStringSidW
ConvertStringSidToSidW
RegCloseKey

kernel32

CloseHandle
UnmapViewOfFile
SearchPathW
lstrcpynW
FindClose
FindFirstFileW
DeleteFileW
GetTempFileNameW
SetEvent
FindNextFileW
GetSystemTimeAsFileTime
WaitForMultipleObjects
WaitForSingleObject
CreateEventW
FileTimeToSystemTime
VirtualFree
InterlockedExchange
SetThreadExecutionState
GetModuleFileNameW
EnterCriticalSection
lstrcpyW
lstrcatW
WriteFile
ReadFile
FileTimeToLocalFileTime
PostQueuedCompletionStatus
ResetEvent
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetFilePointer
LeaveCriticalSection
RaiseException
FormatMessageW
GetLocalTime
CopyFileW
InterlockedExchangeAdd
InterlockedIncrement
GetFileSize
CreateIoCompletionPort
GetFileAttributesW
HeapFree
Sleep
GetQueuedCompletionStatus
InterlockedDecrement
SystemTimeToFileTime
InterlockedCompareExchange
SetWaitableTimer
GetSystemTime
CancelWaitableTimer
GetFullPathNameW
ReleaseMutex
CreateMutexW
HeapAlloc
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
CreateThread
CreateWaitableTimerW
SetErrorMode
MapViewOfFile
CreateFileMappingW
GetTempPathW
GetFileInformationByHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
LocalAlloc
LocalFree
SetLastError
LoadLibraryW
GetProcessHeap
HeapCreate
GetLastError
GetProcAddress
lstrlenW
lstrcmpiW
HeapDestroy
GetFileSizeEx
GetComputerNameW
CreateFileW
FreeLibrary
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetTimeFormatW
IsValidLanguageGroup
GetStringTypeExW
InitializeCriticalSection
CreateDirectoryW
GetDateFormatW
GetVersionExW
ExpandEnvironmentStringsW
lstrlenA

rpcrt4

RpcServerUseProtseqEpW
RpcServerListen
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerUnregisterIfEx
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
NdrClientCall2
NdrServerCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingSetOption
RpcBindingFree
RpcBindingInqAuthClientExW
RpcNetworkIsProtseqValidW
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoW
I_RpcBindingIsClientLocal

tapi32

lineNegotiateAPIVersion
lineTranslateAddressW
lineSetStatusMessages
lineGetLineDevStatus
lineGetDevCapsW
lineGetCountryW
lineInitializeExW
lineOpenW
lineGetCallInfoW
lineClose
lineShutdown
lineHandoffW
lineDeallocateCall
lineSetAppPriorityW

ntdll

RtlValidRelativeSecurityDescriptor

winspool.drv

DocumentPropertiesW
AddPrinterW
SetPrinterW
GetPrinterW
EnumPrintersW
OpenPrinterW
ClosePrinter

user32

DrawTextW
LoadStringW
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ole32

CLSIDFromString
CoCreateInstance
StgOpenStorageEx
FreePropVariantArray
CoTaskMemFree
StringFromIID
CoUninitialize
CoInitialize
IIDFromString
StringFromGUID2
OleRun

netapi32

NetMessageBufferSend

credui

CredUIParseUserNameW

fxsevent

FXSEVENTFree
FXSEVENTInitialize
GetEventsCounters
RefreshEventLog
GetLoggingCategories
FaxLog
InitializeEventLog

fxstiff

TiffOpen
TiffAddMsTags
MergeTiffFiles
TiffPostProcessFast
TiffRecoverGoodPages
TiffClose
MemoryMapTiffFile
TiffExtractFirstPage
FXSTIFFInitialize
GetMsTagString
MmrAddBranding

fxsapi

FXSAPIFree
FXSAPIInitialize

gdi32

SetTextColor
GetDeviceCaps
LPtoDP
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
SetBkMode
RestoreDC
PlayEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
DeleteObject
SaveDC
GetTextMetricsW
CreateDCW
StartDocW
StartPage
EndPage
EndDoc
DeleteDC
CreateRectRgnIndirect
SelectClipRgn
DeleteEnhMetaFile
SelectObject
CreateFontIndirectW

oleaut32

GetErrorInfo
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString

shell32

SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation

crypt32

CryptUnprotectData
CryptProtectData

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

265a1ef43fdfdaa22dde0d5d0991eafe

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

rpcrt4

tapi32

ntdll

winspool.drv

user32

version

ole32

netapi32

credui

fxsevent

fxstiff

fxsapi

gdi32

oleaut32

shell32

crypt32

Sections

.text Size: 247KB - Virtual size: 247KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 247KB - Virtual size: 247KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 6KB - Virtual size: 6KB