0be11e70654be8d1db6d5fef8eff38eb0b933e5c28cb3d6a3833329a8298c491

Sharing

Copy URL

Twitter E-mail

General

Target

0be11e70654be8d1db6d5fef8eff38eb0b933e5c28cb3d6a3833329a8298c491
Size

1.6MB
MD5

52aa9286a8db3511289568a6f7d765a5
SHA1

a11dcbaf391775c865195ef603d78911279d1e47
SHA256

0be11e70654be8d1db6d5fef8eff38eb0b933e5c28cb3d6a3833329a8298c491
SHA512

055088cd39af5732f4062f9426a96ca37f9022fec995fb269ef64eff2d50f5cec57f2a66ddee5ca1030e07511c7eb4b2208d420a9bb2e52ab280203cf8b520f7
SSDEEP

24576:dGv6B87aMkdIq6ZMOgK4jy2IaVR1k0+6ovzz1jxitKZiM1rmxRHMZrAY6ei:X87fkdIpaVR1kv7SKNmdWi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0be11e70654be8d1db6d5fef8eff38eb0b933e5c28cb3d6a3833329a8298c491

Files

0be11e70654be8d1db6d5fef8eff38eb0b933e5c28cb3d6a3833329a8298c491
.exe windows:4 windows x86

a9d655b013960efcca834bc053a7d913

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5638
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord602
ord1270
ord347
ord5630
ord2361
ord2366
ord1894
ord4119
ord2155
ord2651
ord4123
ord5727
ord2648
ord6063
ord3678
ord3198
ord2077
ord1536
ord5911
ord1393
ord4226
ord6271
ord5210
ord5196
ord572
ord587
ord3417
ord4109
ord5398
ord2461
ord3983
ord3756
ord1957
ord1386
ord3922
ord4112
ord1176
ord2362
ord5864
ord3985
ord2121
ord745
ord557
ord1156
ord2365
ord1058
ord5914
ord6161
ord655
ord1434
ord4098
ord5966
ord5105
ord421
ord1946
ord6140
ord896
ord900
ord3435
ord4347
ord4019
ord5609
ord894
ord2444
ord2893
ord1472
ord5829
ord563
ord753
ord1006
ord1939
ord1867
ord1883
ord6232
ord1873
ord1864
ord3875
ord2261
ord860
ord4121
ord2918
ord5862
ord3873
ord651
ord416
ord2876
ord2364
ord3869
ord1555
ord5869
ord6061
ord1632
ord1562
ord4232
ord658
ord2860
ord1921
ord1959
ord589
ord330
ord3635
ord354
ord605
ord6279
ord4574
ord723
ord531
ord1000
ord5441
ord5455
ord1920
ord2255
ord4117
ord2870
ord3395
ord3995
ord5637
ord502
ord3793
ord1645
ord1589
ord2872
ord3877
ord3674
ord754
ord3581
ord3990
ord1641
ord1585
ord4237
ord2086
ord1582
ord4234
ord2066
ord3666
ord3561
ord5984
ord6087
ord4585
ord4659
ord3345
ord1416
ord4929
ord2254
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord4175
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord3338
ord1351
ord5170
ord4267
ord732
ord544
ord503
ord5972
ord758
ord567
ord1719
ord3590
ord760
ord5710
ord5633
ord3174
ord530
ord722
ord2225
ord1192
ord1115
ord5440
ord1960
ord3157
ord620
ord3448
ord4882
ord5657
ord993
ord5101
ord2799
ord1146
ord1388
ord6262
ord1924
ord1475
ord4093
ord1561
ord4231
ord657
ord777
ord3400
ord326
ord6002
ord5712
ord5711
ord5442
ord899
ord4126
ord1999
ord1293
ord4125
ord4668
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4704
ord4790
ord4371
ord4370
ord4788
ord4942
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord4513
ord4383
ord4165
ord4172
ord4581
ord5910
ord1610
ord5202
ord1553
ord2711
ord2413
ord2414
ord2415
ord2412
ord2411
ord4358
ord4667
ord3644
ord4094
ord2085
ord3238
ord1274
ord3471
ord4957
ord4281
ord410
ord648
ord4656
ord4337
ord5147
ord4514
ord4194
ord2797
ord4879
ord2229
ord5272
ord3596
ord1182
ord1178
ord2132
ord4292
ord2809
ord5558
ord4027
ord5162
ord3677
ord764
ord762
ord1079
ord4032
ord1198
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord4041
ord4042
ord1154
ord783
ord1202
ord642
ord4230
ord1549
ord1628
ord2081
ord3467
ord2871
ord731
ord1578
ord3560
ord384
ord5083
ord317
ord1425
ord1430
ord584
ord629
ord6299
ord3043
ord5485
ord2250
ord1172
ord2297
ord6111
ord5337
ord1027
ord3508
ord3482
ord2489
ord5742
ord2867
ord3396
ord2788
ord3483
ord3645
ord748
ord3577
ord3670
ord6116
ord591
ord4228
ord1538
ord4092
ord1474
ord3433
ord1271
ord3296
ord3155
ord1925
ord3204
ord314
ord2460
ord501
ord709
ord4314
ord1785
ord4256
ord4480
ord2856
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1922
ord3424
ord6282
ord5316
ord6293
ord5327
ord1571
ord3249
ord2340
ord2932
ord3497
ord5981
ord4755
ord741
ord3570
ord3927
ord2895
ord6044
ord1588
ord2252
ord6251
ord870
ord5648
ord2368
ord2622
ord2713
ord3752
ord765
ord315
ord1200
ord1087
ord1162
ord581
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord577
ord757
ord293
ord566

msvcr71

rand
sprintf
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wtoi64
swscanf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
free
_i64toa
wcscpy
wcscat
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
memset
sscanf
vsprintf
printf
localtime
_endthreadex
wcsncmp
wcsstr
wcslen
_snwprintf
__CxxFrameHandler
_except_handler3
fflush
isalnum
swprintf
isspace
strstr
strchr
fread
fseek
_snprintf
atol
wcschr
fprintf
_wtoi
strtoul
time
srand
_wcsicmp
_wtol
_i64tow
fopen
fwrite
atoi
memmove
_itow
wcscmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
fputwc
toupper
ftell
_localtime64
_time64
_vscprintf
isprint
tolower
_ftime
_itoa
wcsncpy
wcstok
strncmp
_purecall
_beginthreadex
malloc
strncpy
_controlfp
_atoi64
_wcsnicmp
_waccess
_wfopen
fclose

kernel32

GetVersionExA
GetWindowsDirectoryW
lstrcpyW
WinExec
lstrcatW
GlobalReAlloc
GlobalSize
FindResourceExW
WaitForMultipleObjects
lstrlenA
DeviceIoControl
GetVersion
ReadFile
GetDriveTypeW
SetFileAttributesW
WriteFile
CreateEventA
CreateMutexW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
GetStartupInfoW
GetModuleHandleA
LocalAlloc
LocalFree
GetProcessHeap
lstrlenW
MulDiv
GetTempPathW
GetTickCount
WritePrivateProfileStringW
ResumeThread
LockResource
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
FindResourceW
SizeofResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetUnhandledExceptionFilter
GetModuleHandleW
DeleteFileW
CreateDirectoryW
GetPrivateProfileIntW
Sleep
GetPrivateProfileStringW
GetLastError
LoadLibraryW
FreeLibrary
MultiByteToWideChar
UnmapViewOfFile
OpenProcess
MapViewOfFile
OpenFileMappingW
WideCharToMultiByte
GetProcAddress
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

MoveWindow
SetLayeredWindowAttributes
GetWindowRect
PtInRect
GetSystemMetrics
SetWindowRgn
KillTimer
SetTimer
GetParent
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CopyRect
CreateWindowExW
ShowWindow
UpdateWindow
LoadIconW
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
PostMessageW
EnableWindow
GetClientRect
PeekMessageW
TranslateMessage
IntersectRect
EnumWindows
UnregisterClassW
RegisterHotKey
UnregisterHotKey
GetScrollInfo
GetWindowThreadProcessId
MessageBoxW
SendMessageW
GetClassInfoW
IsWindowVisible
InvalidateRect
CallWindowProcW
SetPropW
GetClassInfoExW
RegisterClassW
GetMenuState
LoadMenuW
InsertMenuW
ModifyMenuW
CreateMenu
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
EndPaint
BeginPaint
FindWindowExW
GetPropW
GetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
GetMenu
GetUpdateRect
EnumChildWindows
GetNextDlgGroupItem
IsWindowEnabled
DestroyCursor
GetMessagePos
MessageBeep
LoadBitmapW
SetParent
GetWindowTextW
RemovePropW
DrawIcon
EnableMenuItem
GetSubMenu
IsIconic
BringWindowToTop
SetActiveWindow
SetForegroundWindow
GetWindowDC
RedrawWindow
IsWindow
GetCursorPos
GetDlgCtrlID
GetWindowInfo
DispatchMessageW
FrameRect
GetForegroundWindow
DestroyIcon
SetWindowPos
SwitchToThisWindow
SystemParametersInfoW
wsprintfW
GetActiveWindow
GetClassNameW
FindWindowW
LoadImageW
SetRect
SetWindowLongW
GetWindowLongW
InflateRect
IsRectEmpty
ScreenToClient
GetFocus
GetSysColor
SetCapture
ReleaseCapture
FillRect
GetSysColorBrush
SetCursor
TrackMouseEvent
OffsetRect
ClientToScreen
GetCapture
GetMessageW
CreatePopupMenu
AppendMenuW

gdi32

RectVisible
TextOutW
ExtTextOutW
Escape
BitBlt
CreateRoundRectRgn
GdiFlush
PtVisible
CreateFontIndirectW
GetObjectW
GetTextExtentPoint32W
CreateBitmap
GetBitmapBits
DPtoLP
DeleteDC
SetBkMode
CreateCompatibleDC
GetDeviceCaps
ExcludeClipRect
CreateDCW
CombineRgn
DeleteObject
ExtCreateRegion
CreateDIBSection
CreateRectRgn
OffsetRgn
CreatePatternBrush
GetTextExtentPointW
CreateCompatibleBitmap
CreateRectRgnIndirect
GetStockObject
CreatePen
SelectObject
CreateFontW
CreateSolidBrush
GetViewportOrgEx
SetTextColor

msimg32

TransparentBlt

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueW

shell32

SHGetFolderPathA
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW

comctl32

ImageList_GetImageCount
ord17
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_DrawEx

shlwapi

PathFileExistsW
PathIsDirectoryW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString

gdiplus

GdipDrawPath
GdipSetTextRenderingHint
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipCloneBrush
GdipCreateFont
GdipCreateRegionRectI
GdipDrawString
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipIsVisibleRegionPointI
GdipDeleteRegion
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetFontHeightGivenDPI
GdipCreateBitmapFromStream
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetImageAttributesColorKeys
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipClonePath
GdipMeasureString
GdipCreateBitmapFromHBITMAP
GdipSetPenMode
GdipDrawRectangleI
GdipSetClipRectI
GdipSaveImageToStream
GdipDrawImageI
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipDrawImageRectI
GdipDrawCachedBitmap
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipReleaseDC
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRectI
GdipGetGenericFontFamilySansSerif
GdipSetStringFormatTrimming
GdipSetPixelOffsetMode
GdipTranslateWorldTransform

msvcp71

?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

psapi

GetProcessImageFileNameW

wininet

InternetSetOptionW
InternetGetCookieExW

dbghelp

MiniDumpWriteDump

crashreport

UninstallEx
InstallEx

netapi32

Netbios

ws2_32

closesocket
WSAGetLastError
gethostbyname
inet_addr
htons
WSAStartup
WSACleanup
send
socket
recv
connect
select
__WSAFDIsSet
ioctlsocket
shutdown
inet_ntoa

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 741KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a9d655b013960efcca834bc053a7d913

Headers

File Characteristics

Imports

mfc71u

msvcr71

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

msvcp71

psapi

wininet

dbghelp

crashreport

netapi32

ws2_32

Sections

.text Size: 688KB - Virtual size: 687KB

.rdata Size: 168KB - Virtual size: 164KB

.data Size: 8KB - Virtual size: 50KB

.v-lizer Size: 741KB - Virtual size: 741KB

.text
Size: 688KB - Virtual size: 687KB

.rdata
Size: 168KB - Virtual size: 164KB

.data
Size: 8KB - Virtual size: 50KB

.v-lizer
Size: 741KB - Virtual size: 741KB