f79e57fa262162998ac8dde44e9d993981781b5bfb94d377a9cf5b87fc57f2c6

Sharing

Copy URL Twitter E-mail

General

Target

f79e57fa262162998ac8dde44e9d993981781b5bfb94d377a9cf5b87fc57f2c6
Size

2.3MB
MD5

2f93d75fc6f1a5a7ae3eae4a41830a81
SHA1

a08c82f62d81867adddeb7cac06bfd0e0f207a4e
SHA256

f79e57fa262162998ac8dde44e9d993981781b5bfb94d377a9cf5b87fc57f2c6
SHA512

c17cd4681848b6b9d57f6ead1765e370cc6104c2be08c4694999cfceb286b5fa084d2a67aa3b7d929098ca64395e457b7f1bc657bcf8d09642aa692214c01741
SSDEEP

24576:7MqKBOzZrW3pe3joJymQSvQE9N+d6OxKdE5a2:fKwr+pe3jkpvQE3TOkUa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f79e57fa262162998ac8dde44e9d993981781b5bfb94d377a9cf5b87fc57f2c6

Files

f79e57fa262162998ac8dde44e9d993981781b5bfb94d377a9cf5b87fc57f2c6
.exe windows:5 windows x86

8fd678540f2752ac3e8cc21a54e937e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
memcpy_s
strftime
_ismbblead
atof
atoi
_beginthread
_splitpath
_purecall
_mktime64
printf
_time64
_localtime64_s
sprintf
__CxxFrameHandler3
??2@YAPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
memset
??3@YAXPAX@Z
_setmbcp

ctlmach

?GetLineHeight@CMachineParam@@QAEJXZ
?UserStartRun@CMachine@@QAEXXZ
?UserGetCarState@CMachine@@QAEEXZ
?UserPauseRun@CMachine@@QAEXXZ
?UserStopRun@CMachine@@QAEXXZ
?SetData@CFIFOBuffer@@QAEHAAVCBinaryPolyLineList@@HHJJ@Z
?UserNotifyToStopThread@CMachine@@QAEXXZ
?GetGlobalMachine@@YAPAVCMachineEx@@XZ
?SetMachIP@CMachineEx@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetSendedLine@CFIFOBuffer@@QAEMXZ
?UserGetRaster@CMachine@@QAEGXZ
??1CDlgMachineParam@@UAE@XZ
?UserClearCoordinate@CMachine@@QAEXXZ
?UserResumeRun@CMachine@@QAEXXZ
?UserSetCleanJet@CMachine@@QAEHXZ
?UserBack2Zero@CMachine@@QAEXXZ
?WorkFunc@@YAXPAX@Z
?SetConfigRunParam@CMachineEx@@QAEXJ@Z
?LoadMachineParam@CMachineEx@@QAEXXZ
?UserCleanAllJet@CMachine@@QAEXXZ
?SaveMachineParam@CMachineEx@@QAEXXZ
??_7CArea@@6B@
?UserStopMove@CMachine@@QAEXXZ
?UserMove2Left@CMachine@@QAEXXZ
?UserMove2Right@CMachine@@QAEXXZ
?UserMove2Front@CMachine@@QAEXXZ
?UserMove2Back@CMachine@@QAEXXZ
??0CSetIp@@QAE@PAVCWnd@@@Z
?SetW5300IP@CMachineEx@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00@Z
??1CSetIp@@UAE@XZ
?SaveSetting@CMachineParam@@QAEXXZ
??0CDlgMachineParam@@QAE@AAVCMachineParam@@PAVCMachineEx@@PAVCWnd@@@Z
?GetLocalAddress@CNetCom@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ

polylinecore

?ReleasePen@CBinaryPolyLineList@@SAXXZ
?Count@OL_List@@QBEHXZ
??5@YAAAVCArchive@@AAV0@AAVCBinaryPolyLineList@@@Z
?Render@CBinaryPolyLineList@@QAEXPAVCDC@@HHHH@Z
?SelectToDelete@CBinaryPolyLineList@@QAEXVCPoint@@H@Z
?GetPictureBound@CBinaryPolyLineList@@QAEHAAVCRect@@@Z
??0CBinaryPolyLineList@@QAE@XZ
?Append@OL_List@@UAEXPAV1@@Z
?CopyFrom@OL_List@@UAEXPAV1@@Z
?Replace@OL_List@@UAEHPAVOL_Object@@0@Z
?Clear@CBinaryPolyLineList@@UAEXXZ
?IsInList@OL_List@@UBEHPAVOL_Object@@@Z
?GoOut@OL_List@@UAEPAVOL_Object@@PAV2@@Z
?AddTail@CBinaryPolyLineList@@UAEHPAVOL_Object@@@Z
??1CBinaryPolyLineList@@UAE@XZ
?OToHPGLCode@CBinaryPolyLineList@@QAEXAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetNext@OL_List@@QBEPAVOL_Object@@PAV2@@Z
?PtNum@CPolyLine@@QAEGXZ
?GetPen@CPolyLine@@QAEGXZ
?Point@CPolyLine@@QAE?AVCPoint@@H@Z
?GetHead@OL_List@@QBEPAVOL_Object@@XZ
?CalArea@CBinaryPolyLineList@@QAEPBVCArea@@XZ
??1CArea@@UAE@XZ
?Scale@CBinaryPolyLineList@@QAEXMM@Z
?AddSnapLine@CBinaryPolyLineList@@QAEXJJJH@Z
?CutByHLine@CBinaryPolyLineList@@QAEXJPAV1@0H@Z
?Rotate@CBinaryPolyLineList@@QAEXJDJ@Z
?Move@CBinaryPolyLineList@@QAEXJJ@Z
?CutByVLine@CBinaryPolyLineList@@QAEXJPAV1@0H@Z
?GetArea@CBinaryPolyLineList@@QAEPBVCArea@@H@Z
?Mirror@CBinaryPolyLineList@@QAEXXZ
??4CBinaryPolyLineList@@QAEAAV0@ABV0@@Z
?SetFont@CBinaryPolyLineList@@QAEXPAVCShxLib@@0@Z
?tranToCut@CBinaryPolyLineList@@QAEXXZ
?tranToDraw@CBinaryPolyLineList@@QAEXXZ
?SelectToChangePen@CBinaryPolyLineList@@QAEXVCPoint@@GH@Z

shxlib

??0CShxLib@@QAE@XZ
?load_shx_file@CShxLib@@QAE_NV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??1CShxLib@@UAE@XZ

mfc100

ord3359
ord381
ord5803
ord11107
ord10007
ord8137
ord946
ord6678
ord3363
ord6314
ord5837
ord3439
ord5774
ord2184
ord1900
ord2183
ord11924
ord2406
ord1210
ord943
ord374
ord788
ord12344
ord6622
ord1284
ord8321
ord11059
ord2337
ord6127
ord11024
ord7437
ord10253
ord10256
ord8595
ord8610
ord8600
ord9030
ord9034
ord8612
ord9512
ord8031
ord8021
ord10113
ord8109
ord10134
ord9093
ord9094
ord10697
ord2067
ord2063
ord1929
ord1939
ord6054
ord5776
ord5830
ord6070
ord12861
ord7927
ord7491
ord4340
ord4345
ord3390
ord5540
ord11940
ord11949
ord917
ord12681
ord341
ord10109
ord1981
ord978
ord11744
ord5511
ord3621
ord5539
ord422
ord884
ord12473
ord12850
ord4131
ord7994
ord3421
ord12740
ord3167
ord11917
ord4060
ord6831
ord6628
ord1292
ord7933
ord12724
ord12154
ord12555
ord7892
ord3143
ord11655
ord12962
ord6836
ord1288
ord888
ord6112
ord9281
ord5098
ord11787
ord11153
ord11184
ord9449
ord7355
ord11180
ord11172
ord5238
ord3409
ord13481
ord13484
ord13482
ord13485
ord13480
ord13483
ord7144
ord11413
ord13181
ord10922
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord7487
ord4078
ord5627
ord7581
ord1480
ord5504
ord4955
ord13135
ord11627
ord1314
ord1437
ord417
ord5827
ord4868
ord4870
ord11646
ord8486
ord4143
ord7576
ord3984
ord2538
ord13348
ord10915
ord868
ord11626
ord7876
ord7875
ord6835
ord9185
ord921
ord11179
ord10967
ord345
ord1586
ord1890
ord6328
ord963
ord8307
ord9282
ord13735
ord12805
ord12608
ord2502
ord4961
ord5514
ord8178
ord3414
ord10244
ord4930
ord11453
ord14124
ord14042
ord14129
ord13656
ord13875
ord13651
ord13852
ord13863
ord13717
ord8570
ord11822
ord11029
ord3662
ord3616
ord13223
ord4744
ord4735
ord9447
ord14043
ord13803
ord13804
ord13783
ord13814
ord13784
ord9968
ord13203
ord3977
ord11648
ord7363
ord6279
ord1230
ord3636
ord1639
ord822
ord8292
ord3406
ord2056
ord2374
ord2617
ord13130
ord12984
ord977
ord909
ord14116
ord2524
ord2514
ord325
ord10906
ord421
ord4282
ord13312
ord419
ord2061
ord14062
ord404
ord14119
ord4936
ord6686
ord10016
ord6344
ord985
ord1264
ord1261
ord8308
ord5252
ord12479
ord8332
ord2215
ord3985
ord7322
ord11017
ord7348
ord2762
ord7520
ord4429
ord4430
ord5445
ord11348
ord1524
ord12488
ord5257
ord12486
ord5256
ord10395
ord5273
ord7945
ord10751
ord10746
ord4736
ord3400
ord4076
ord10459
ord9422
ord11038
ord8511
ord10505
ord12583
ord5875
ord3746
ord7863
ord3475
ord4344
ord2187
ord7590
ord863
ord865
ord433
ord12577
ord5580
ord12415
ord7889
ord12132
ord8392
ord5575
ord13095
ord10596
ord301
ord6690
ord850
ord6082
ord8306
ord7587
ord4953
ord5502
ord1589
ord11535
ord2997
ord2998
ord7135
ord11805
ord2544
ord10921
ord14074
ord12268
ord9446
ord1250
ord6671
ord1894
ord6089
ord8349
ord9993
ord2837
ord3187
ord3201
ord11370
ord8968
ord9530
ord13979
ord3181
ord3459
ord12989
ord12987
ord3445
ord3413
ord4434
ord12069
ord2348
ord1530
ord3617
ord3664
ord3665
ord7058
ord5091
ord5025
ord13097
ord13090
ord3697
ord12729
ord13000
ord13012
ord10546
ord6820
ord877
ord6103
ord3482
ord11034
ord10671
ord4397
ord11106
ord13284
ord11014
ord2306
ord2282
ord10727
ord2307
ord3640
ord3702
ord3729
ord3768
ord3797
ord3771
ord3399
ord7469
ord11345
ord7312
ord8091
ord12736
ord2842
ord2940
ord5167
ord1276
ord9627
ord6826
ord12498
ord3365
ord3970
ord355
ord5859
ord5303
ord11041
ord8229
ord8613
ord3745
ord927
ord6370
ord1004
ord5612
ord2156
ord11027
ord6207
ord2769
ord457
ord7206
ord8437
ord5175
ord6216
ord5141
ord12440
ord5163
ord6695
ord4317
ord6010
ord11274
ord13310
ord11297
ord13329
ord4343
ord5151
ord12865
ord6213
ord3488
ord3489
ord2505
ord12152
ord2574
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8305
ord919
ord1227
ord6572
ord1316
ord310
ord306
ord1479
ord1483
ord300
ord4283
ord290
ord1482
ord900
ord4144
ord1313
ord2611
ord1448
ord901
ord316
ord3839
ord4498
ord6809
ord6970
ord10013
ord9475
ord423
ord4188
ord4207
ord7317
ord4939
ord11781
ord7832
ord2525
ord979
ord3373

kernel32

EncodePointer
ActivateActCtx
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleA
DecodePointer
GetSystemInfo
GetCurrentProcess
SetProcessAffinityMask
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
InterlockedExchange
InterlockedCompareExchange
LoadLibraryA
CloseHandle
CreateFileA
lstrlenA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
InterlockedDecrement
InterlockedIncrement
CreateMutexA
SetThreadUILanguage
GetLastError
GetModuleFileNameA
GetShortPathNameA
GlobalAddAtomA
CopyFileA
Sleep
DeleteFileA
CreateDirectoryA
GetPrivateProfileIntA
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcessId
GetTickCount
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetExitCodeProcess
HeapSetInformation
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter

user32

EnableWindow
SetWindowRgn
GetWindowRect
SendMessageA
LoadBitmapW
SetWindowPos
LoadImageA
GetSysColor
GetParent
LoadMenuA
RemoveMenu
GetFocus
DrawFocusRect
DrawFrameControl
InflateRect
CopyRect
TrackPopupMenu
DestroyMenu
LoadIconA
DestroyIcon
LoadIconW
KillTimer
SetTimer
LoadMenuW
GetSubMenu
PostQuitMessage
SetForegroundWindow
UpdateWindow
IsIconic
MessageBoxA
SetParent
ReleaseCapture
ChangeWindowMessageFilter
GetCursorPos
SetCursor
LoadCursorW
SetCapture
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
GetClientRect
PostMessageA
OffsetRect
PtInRect

gdi32

GetTextExtentPoint32A
SetBkMode
GetDeviceCaps
DeleteObject
EndPath
BeginPath
StretchBlt
Rectangle
InvertRgn
FillRgn
SetBrushOrgEx
PathToRegion
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreatePen
GetObjectA
CreateRoundRectRgn
BitBlt

advapi32

RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetFolderPathA
Shell_NotifyIconA
DragAcceptFiles
DragQueryFileA
DragQueryFileW

comctl32

ImageList_Create

shlwapi

PathRemoveFileSpecA
PathIsDirectoryA

oleaut32

SysFreeString

ws2_32

WSAGetLastError
recvfrom
sendto
htons
setsockopt
WSACleanup
WSASocketA
gethostbyname
inet_addr
WSAStartup

iphlpapi

GetNetworkParams
GetAdaptersInfo
GetInterfaceInfo

mprapi

MprConfigServerConnect
MprConfigGetFriendlyName

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fd678540f2752ac3e8cc21a54e937e5

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

ctlmach

polylinecore

shxlib

mfc100

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oleaut32

ws2_32

iphlpapi

mprapi

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 17KB - Virtual size: 17KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 26KB - Virtual size: 25KB