b7b7b196bb142fdae757d9d4f667b63ca8246635a4aa7ab8599bcd6271a0f30e

Sharing

Copy URL Twitter E-mail

General

Target

b7b7b196bb142fdae757d9d4f667b63ca8246635a4aa7ab8599bcd6271a0f30e
Size

312KB
MD5

6543c8df01bbd05fc112ce4c79a9ec7d
SHA1

ecf3c2622a20f5d2958429eff54e228db7e70942
SHA256

b7b7b196bb142fdae757d9d4f667b63ca8246635a4aa7ab8599bcd6271a0f30e
SHA512

c88ae497b0d8f6fa3a99dfe2b2fcab8f06358788d63c117704ed8f199c6b303d16f2bcf37cddea2e77ad85cd12998f3e822ca5ea5509e662a550b7f78a20946a
SSDEEP

6144:htJrjzZ2VSKFQqnz7aEssdMCIefySNO3xtXtriazV:Hb0zQsiEPDIeaSN0p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7b7b196bb142fdae757d9d4f667b63ca8246635a4aa7ab8599bcd6271a0f30e

Files

b7b7b196bb142fdae757d9d4f667b63ca8246635a4aa7ab8599bcd6271a0f30e
.exe windows:5 windows x86

7fe12a5de20fd1f5524cb1b7b4074096

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mfc42u

ord3087
ord1771
ord2634
ord1775
ord940
ord4229
ord942
ord6195
ord4704
ord4847
ord4050
ord2933
ord6330
ord5949
ord2286
ord2354
ord755
ord470
ord6153
ord5147
ord5784
ord5790
ord5783
ord4358
ord5244
ord3578
ord620
ord298
ord4225
ord2371
ord4753
ord3687
ord2066
ord1257
ord1196
ord3867
ord4470
ord5947
ord5977
ord3090
ord4532
ord4768
ord5641
ord5579
ord858
ord922
ord4124
ord5679
ord5706
ord536
ord4199
ord4315
ord816
ord562
ord6190
ord4018
ord6115
ord1941
ord4270
ord5286
ord567
ord818
ord1230
ord3747
ord6124
ord3016
ord4215
ord2576
ord3649
ord2430
ord6266
ord3490
ord2858
ord1637
ord3133
ord4357
ord5083
ord4444
ord4665
ord4679
ord1878
ord4246
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord5006
ord975
ord5472
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord747
ord739
ord439
ord450
ord442
ord736
ord5491
ord2096
ord4454
ord5652
ord5028
ord4407
ord5728
ord4237
ord3345
ord5468
ord4146
ord5278
ord674
ord366
ord2084
ord4451
ord5048
ord4787
ord5092
ord4614
ord4612
ord1886
ord4249
ord4010
ord4951
ord4855
ord4820
ord3182
ord4944
ord2429
ord2163
ord4511
ord4634
ord4910
ord4996
ord4485
ord5015
ord3101
ord4599
ord4994
ord4410
ord5497
ord4622
ord2986
ord3412
ord5019
ord3509
ord6340
ord5623
ord1003
ord3444
ord3782
ord3245
ord4691
ord3055
ord3061
ord6332
ord2502
ord5240
ord4417
ord2394
ord4381
ord3449
ord3193
ord6077
ord6171
ord3256
ord4617
ord4424
ord748
ord456
ord4819
ord4854
ord4950
ord5573
ord2776
ord5650
ord1740
ord5738
ord4651
ord1255
ord599
ord2721
ord1240
ord2719
ord2722
ord957
ord2007
ord962
ord750
ord603
ord1262
ord6386
ord1985
ord1961
ord273
ord2247
ord458
ord5200
ord2532
ord5014
ord6193
ord4488
ord2385
ord5734
ord4615
ord4356
ord5082
ord4442
ord4675
ord1263
ord1229
ord2755
ord2914
ord4589
ord5024
ord4989
ord4869
ord4904
ord5781
ord3701
ord6191
ord4609
ord4269
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5237
ord6370
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord3733
ord6360
ord3321
ord6361
ord4467
ord6346
ord5495
ord3273
ord3348
ord4616
ord6450
ord3676
ord3614
ord815
ord459
ord561
ord743
ord5496
ord2550
ord5712
ord5713
ord2028
ord986
ord6133
ord520
ord1202
ord6112
ord2717
ord1173
ord6371
ord4692
ord1197
ord925
ord1149
ord4604
ord3442
ord3191
ord537
ord927
ord1208
ord3998
ord1651
ord4369
ord4846
ord3379
ord482
ord5228
ord1561
ord5264
ord6238
ord1897
ord1937
ord4268
ord1922
ord5070
ord4335
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord560
ord813
ord5256
ord1891
ord2527
ord2238
ord2529
ord3512
ord4364
ord4884
ord4893
ord4458
ord4502
ord4343
ord4426
ord4294
ord4141
ord2486
ord2618
ord2619
ord4607
ord4608
ord1807
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord5788
ord2518
ord469
ord3517
ord3516
ord4154
ord6399
ord6398
ord1887
ord4952
ord3402
ord4984
ord4921
ord4711
ord5102
ord4906
ord4640
ord4974
ord4516
ord4531
ord5069
ord4033
ord3276
ord4620
ord749
ord2378
ord2379
ord457
ord2548
ord4647
ord4987
ord4851
ord5012
ord4682
ord2958
ord430
ord4931
ord4926
ord1821
ord3397
ord3605
ord656
ord5871
ord6376
ord6375
ord2081
ord3871
ord1930
ord1809
ord5878
ord3312
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord2455
ord1644
ord1259
ord4263
ord3290
ord4360
ord5080
ord1703
ord1708
ord5058
ord554
ord5879
ord4143
ord2112
ord807
ord4230
ord5076
ord1705
ord6049
ord642
ord327
ord2079
ord1795
ord1704
ord414
ord5855
ord4128
ord4292
ord713
ord6137
ord1258
ord5808
ord3570
ord610
ord6135
ord287
ord996
ord3971
ord2767
ord3974
ord860
ord2362
ord2281
ord324
ord3592
ord4419
ord2438
ord5257
ord5276
ord4493
ord3122
ord4401
ord5230
ord4398
ord1768
ord4073
ord6051
ord5647
ord535
ord5601
ord2753
ord1081
ord715
ord415
ord1863
ord823
ord1143
ord5035
ord3792
ord6211
ord5047
ord6065
ord3289
ord2706
ord2522
ord3480
ord1634
ord5777
ord1702
ord5079
ord2381
ord4116
ord5467

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_CxxThrowException
free
_getdcwd
rand
_purecall
_wcsdup
wcscat
_wcsicmp
_strcmpi
strncmp
strstr
atol
strrchr
_itow
wcsncpy
wcstok
_except_handler3
_exit
_XcptFilter
exit
_wcmdln
_wtol
_ltow
_wtoi
_wsplitpath
_EH_prolog
__CxxFrameHandler
wcscmp

advapi32

RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExA
RegCreateKeyW
RegSetValueW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

kernel32

GetStartupInfoW
WideCharToMultiByte
GlobalAlloc
lstrcmpW
IsDBCSLeadByte
lstrcpyW
GetACP
GetThreadLocale
GetModuleHandleA
GetTickCount
FindFirstFileW
FindClose
GetModuleFileNameW
lstrcpynW
GetShortPathNameW
GetLastError
GetCommandLineW
GetModuleHandleW
GetProcAddress
lstrcmpiW
DeleteFileW
SetEndOfFile
SetErrorMode
MulDiv
lstrlenA
MultiByteToWideChar
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GetTempFileNameW
GlobalLock
GlobalUnlock
GlobalFree
CreateFileW
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CloseHandle
GetNumberFormatW
GetLocaleInfoW
lstrcatW
lstrlenW
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
ReadFile
CreateFileA
FindFirstFileA
lstrcpyA
lstrcatA
lstrcmpA

gdi32

RectVisible
CreateDCW
CreateFontIndirectW
CreatePolygonRgn
ExtFloodFill
SetBrushOrgEx
UnrealizeObject
RoundRect
SetStretchBltMode
StretchBlt
GetPixel
Ellipse
Polygon
OffsetRgn
CreatePen
MoveToEx
LineTo
SetPixel
SetDIBitsToDevice
GetNearestColor
CreateDIBitmap
GetDIBits
CreateHalftonePalette
CreateDIBSection
SetViewportExtEx
PlayMetaFile
SaveDC
SetMapMode
LPtoDP
RestoreDC
CreatePalette
Rectangle
GetDIBColorTable
SetDIBColorTable
GetStockObject
FillRgn
CreateSolidBrush
CreatePatternBrush
GetPaletteEntries
GetNearestPaletteIndex
ResizePalette
SetPaletteEntries
GetDeviceCaps
CreateBitmap
SetDIBits
DeleteObject
DeleteDC
CreateCompatibleBitmap
SelectPalette
RealizePalette
SetBkMode
SetTextColor
SetBkColor
PatBlt
SelectObject
SetTextAlign
ExtTextOutW
CreateCompatibleDC
CreateRectRgnIndirect
BitBlt
CreateICW
GetTextMetricsW
GetTextExtentPointW
GetObjectW
SetROP2
TextOutW
Escape
StretchDIBits
TranslateCharsetInfo
GetTextColor
GetBkMode
EnumFontFamiliesExW
EnumFontFamiliesW
PolyBezier
PtVisible
Polyline

user32

WindowFromPoint
ScreenToClient
GetCursorPos
UnionRect
GetKeyState
IsRectEmpty
IntersectRect
SetTimer
KillTimer
EqualRect
SetCursor
LoadCursorW
BringWindowToTop
SetActiveWindow
GetFocus
ReleaseCapture
SetCapture
ClientToScreen
GetSubMenu
LoadMenuW
GetDesktopWindow
RemoveMenu
GetSystemMenu
PostMessageW
OpenClipboard
GetClassInfoW
IsWindowVisible
SystemParametersInfoW
DestroyIcon
LoadStringW
GetDC
DrawFocusRect
GetMenu
SetWindowLongW
CopyRect
CharNextW
GrayStringW
GetWindowDC
EndPaint
BeginPaint
GetUpdateRect
ValidateRect
ShowCaret
HideCaret
GetKeyboardLayout
SetCaretPos
GetCaretPos
CreateCaret
DestroyCaret
SetClassLongW
ShowCursor
GetWindow
RedrawWindow
CheckMenuItem
DestroyWindow
DefWindowProcW
ShowWindow
CreateWindowExW
RegisterClassW
EnableScrollBar
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
FrameRect
GetCapture
GetClientRect
WinHelpW
RegisterClipboardFormatW
TabbedTextOutW
DrawTextW
ReleaseDC
OffsetRect
PtInRect
SetWindowTextW
wvsprintfW
MessageBoxW
GetParent
FillRect
SetRect
SetRectEmpty
MessageBeep
GetSystemMetrics
EnableWindow
SendMessageW
LoadBitmapW
IsWindow
GetWindowRect
UpdateWindow
InvalidateRect
wsprintfW
GetSysColor
InflateRect
IsMenu
LoadIconW
EnableMenuItem
LoadStringA

comdlg32

GetFileTitleW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

StringFromCLSID
CoTaskMemFree
WriteFmtUserTypeStg
WriteClassStg

shell32

ExtractIconW
ShellAboutW
CommandLineToArgvW

imm32

ImmGetCompositionStringW
ImmGetContext
ImmNotifyIME
ImmSetCompositionWindow
ImmGetCompositionWindow
ImmAssociateContext
ImmReleaseContext

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7fe12a5de20fd1f5524cb1b7b4074096

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

ole32

shell32

imm32

Sections

.text Size: 234KB - Virtual size: 233KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 70KB - Virtual size: 70KB

.text
Size: 234KB - Virtual size: 233KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 70KB - Virtual size: 70KB