48634be5dfd6b345d167bbd2cc74e679fee90fe76ac2dc98cf667bf23f1fee40

Sharing

Copy URL Twitter E-mail

General

Target

48634be5dfd6b345d167bbd2cc74e679fee90fe76ac2dc98cf667bf23f1fee40
Size

125KB
MD5

87a429e69429e13865a09603331e4d21
SHA1

5834114443f365a625f649ffd60202271f1a2e1c
SHA256

48634be5dfd6b345d167bbd2cc74e679fee90fe76ac2dc98cf667bf23f1fee40
SHA512

5226c95fd26747b755df772174f41e8e750c37c36b14bfd9276ccd8e5129a688be41fbd68e9b51f1be10fe5820f672010b3592062f27ad161e0c70fb91a37b15
SSDEEP

3072:Lv/gBrgjmRFCdalWldDnPdV6p5jpoj5AZ3Z:sZxY6SDFV6px

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48634be5dfd6b345d167bbd2cc74e679fee90fe76ac2dc98cf667bf23f1fee40

Files

48634be5dfd6b345d167bbd2cc74e679fee90fe76ac2dc98cf667bf23f1fee40
.exe windows:6 windows x86

2871103c1ea18256234eb0a1b6c7dcee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
sendto
connect
send
recv
getpeername
WSAGetLastError
bind
getsockname
closesocket

mfc120u

ord2262
ord2173
ord2214
ord10919
ord12006
ord6121
ord13612
ord2718
ord9091
ord8921
ord10896
ord11271
ord4442
ord3263
ord3260
ord10136
ord8092
ord10166
ord10168
ord10167
ord10165
ord10169
ord5557
ord11600
ord11601
ord9020
ord3795
ord3790
ord11811
ord8846
ord6875
ord10883
ord9137
ord3224
ord13738
ord12134
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord4867
ord4874
ord4909
ord4459
ord5693
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord6774
ord11592
ord13563
ord5838
ord7704
ord13997
ord5327
ord2640
ord11999
ord3898
ord3329
ord3330
ord3223
ord12043
ord12751
ord4456
ord2520
ord3650
ord3651
ord8628
ord4184
ord5857
ord4842
ord3889
ord6510
ord1386
ord887
ord2204
ord4621
ord2163
ord8352
ord7542
ord1467
ord8268
ord12122
ord10314
ord12799
ord12736
ord4546
ord8206
ord5262
ord10260
ord2444
ord12413
ord12412
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11858
ord11857
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord992
ord6758
ord3809
ord5821
ord12114
ord8099
ord12126
ord12094
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord4772
ord8242
ord14271
ord14277
ord4699
ord2948
ord5824
ord1520
ord1518
ord1042
ord280
ord285
ord296
ord2967
ord14180
ord12430
ord8064
ord5787
ord5019
ord4280
ord1658
ord1508
ord2367

msvcr120

strncpy
_stricmp
fclose
fopen
_getpid
toupper
sscanf
sprintf
vfprintf
atoi
fprintf
strncat
strrchr
strchr
strtol
_pctype
_isctype
__mb_cur_max
wcslen
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
malloc
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_ctime32
_time32
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
wcstol
__CxxFrameHandler3
__argc
__wargv
memset
free
_configthreadlocale

kernel32

OutputDebugStringW
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
GetVersionExA
CloseHandle
GetFileSize
MapViewOfFile
CreateFileMappingA
LocalFree
lstrlenA
GetVersion
lstrcmpA
GetProcAddress
FreeLibrary
WaitForSingleObject
CreateMutexA
ReleaseMutex
CreateEventA
OpenFileMappingA
CreateFileA
GetTempPathA
UnmapViewOfFile
FlushViewOfFile
SetEvent
GetCurrentProcessId
GlobalAlloc
GlobalFree
GetLastError
DecodePointer
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryA
LocalAlloc
ResetEvent
WideCharToMultiByte
QueryPerformanceCounter
CreateProcessW
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

KillTimer
LoadIconW
GetClientRect
DrawIcon
AppendMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetSystemMenu
GetSystemMetrics
EnableWindow
PeekMessageW
SetTimer
IsIconic
SendMessageW

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyA
RegOpenKeyExW

profuisu

?_TrackWndSystemPopupMenu@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEHPAVCPoint@@H@Z
?_InitSizeGripper@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@MAEXXZ
?_DoModalImpl@CExtResDlg@@MAEHXZ
?WindowProc@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@MAEJIIJ@Z
?ShowSizeGrip@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEXH@Z
?SaveWindowRect@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UBEXXZ
?PreTranslateMessage@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEHPAUtagMSG@@@Z
?PostNcDestroy@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@MAEXXZ
?PmBridge_OnThemeChanged@CExtPmBridge@@UAEXPAVCExtPaintManager@@PAVCWnd@@IJ@Z
?PmBridge_OnSysColorChange@CExtPmBridge@@UAEXPAVCExtPaintManager@@PAVCWnd@@@Z
?PmBridge_OnSettingChange@CExtPmBridge@@UAEXPAVCExtPaintManager@@PAVCWnd@@IPB_W@Z
?PmBridge_OnPaintManagerChanged@CExtResDlg@@UAEXPAVCExtPaintManager@@@Z
?PmBridge_OnDisplayChange@CExtPmBridge@@UAEXPAVCExtPaintManager@@PAVCWnd@@HVCPoint@@@Z
?PmBridge_Install@CExtResDlg@@UAEX_N@Z
?PmBridge_GetSafeHwnd@CExtResDlg@@UBEPAUHWND__@@XZ
?PmBridge_GetPM@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UBEPAVCExtPaintManager@@XZ
?PmBridge_Uninstall@CExtResDlg@@UAEXXZ
??CCExtResourceManagerAutoPtr@CExtResourceManager@@QAEPAV1@XZ
?DoModal@CExtResDlg@@UAEHXZ
?g_ResourceManager@@3VCExtResourceManagerAutoPtr@CExtResourceManager@@A
?OnInitDialog@CExtResDlg@@UAEHXZ
?GetThisMessageMap@CExtResDlg@@KGPBUAFX_MSGMAP@@XZ
?OnQuerySkinnedFontParmName@CExtResDlg@@UBEPB_WXZ
??0?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@QAE@IPAVCWnd@@@Z
??1?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAE@XZ
?Create@CExtResDlg@@UAEHIPAVCWnd@@@Z
?Create@CExtResDlg@@UAEHPB_WPAVCWnd@@@Z
?CreateIndirect@CExtResDlg@@UAEHPAXPAVCWnd@@@Z
?CreateIndirect@CExtResDlg@@UAEHPBUDLGTEMPLATE@@PAVCWnd@@PAX@Z
?DisableSaveRestore@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEXXZ
?EnableSaveRestore@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEXPB_W0_N@Z
?GetRuntimeClass@CExtResDlg@@UBEPAUCRuntimeClass@@XZ
?LoadWindowRect@?$CExtWS@V?$CExtADLG@VCExtResDlg@@@@$0BCN@@@UAEX_N@Z
?OnAdjustDialogTemplate@CExtResDlg@@UAEPAUDLGTEMPLATE@@PBU2@@Z
?OnQueryAutomaticRTLTransform@CExtResDlg@@MBE_NXZ

Exports

Exports

__mb_cur_max
_pctype

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2871103c1ea18256234eb0a1b6c7dcee

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

mfc120u

msvcr120

kernel32

user32

advapi32

profuisu

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 7KB - Virtual size: 6KB