f7209a1bd821cd4a0ec45ec0a07ee56e3f3da18ccb1628a6425edf27c832ef7b

Sharing

Copy URL Twitter E-mail

General

Target

f7209a1bd821cd4a0ec45ec0a07ee56e3f3da18ccb1628a6425edf27c832ef7b
Size

406KB
MD5

e86b4de6b64967d3f7015a4ee34d4ae5
SHA1

a6b69f34facfd9ac7601d50514dbcb45b5c31542
SHA256

f7209a1bd821cd4a0ec45ec0a07ee56e3f3da18ccb1628a6425edf27c832ef7b
SHA512

1a930f84c237cf0b4379efc167bbc2c322113c9da56200f135b088e9f0f89360f7ae934c4d03b6e773dd1102f109795225a6d793dfbd5aea67693d51a1b6f316
SSDEEP

6144:1j1+2LOAtC5Tr2oVdM41UDMx4TrjailUr:1wtoUTKWUlcr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7209a1bd821cd4a0ec45ec0a07ee56e3f3da18ccb1628a6425edf27c832ef7b

Files

f7209a1bd821cd4a0ec45ec0a07ee56e3f3da18ccb1628a6425edf27c832ef7b
.exe windows:5 windows x86

7d6ede38ea0d115bdeb3bd0d79ebf162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libeay32

ord2996
ord2720
ord304
ord299
ord301
ord57
ord256
ord961
ord2660
ord276
ord2894
ord3873
ord95
ord67
ord87
ord52
ord3823
ord109
ord78

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
FreeResource
LockResource
TerminateProcess
GetExitCodeProcess
SetLastError
WaitForSingleObject
LoadResource
SizeofResource
CloseHandle
CreateProcessW
ExpandEnvironmentStringsW
FindResourceA
SearchPathW
GetComputerNameExW
GetUserDefaultUILanguage
GetProcAddress
LocalFree
GetModuleHandleA
GetCommandLineW
GetVersionExA
SetThreadLocale
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
RemoveDirectoryW
GetLastError
DeviceIoControl
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
GetSystemTimeAsFileTime

user32

ShowWindow
PostQuitMessage
DefWindowProcA
DispatchMessageA
MessageBoxA
UpdateWindow
TranslateMessage
GetMessageA
LoadImageA
CallWindowProcA
RegisterClassExA
CreateWindowExA
DestroyWindow
SetWindowPos
CreateDialogParamA
GetDlgItemTextA
GetDlgItemTextW
GetSystemMetrics
GetDC
ReleaseDC
SetWindowTextW
GetClientRect
GetWindowRect
MessageBoxW
SetWindowLongA
IsDialogMessageA

shell32

CommandLineToArgvW

ole32

CreateStreamOnHGlobal

advapi32

RegOpenKeyExA
RegQueryValueExW
RegCloseKey

msvcp140

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ

comctl32

InitCommonControlsEx

gdiplus

GdiplusShutdown
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdiplusStartup
GdipSetStringFormatAlign
GdipDrawString
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectI
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipDeleteFont

vcruntime140

_purecall
__std_exception_copy
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__std_type_info_name
__std_type_info_compare
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
memchr
__std_terminate
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_exit
_set_app_type
_seh_filter_exe
_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_cexit
_initialize_onexit_table
_crt_atexit
strerror
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fputwc
ungetwc
_get_stream_buffer_pointers
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fputc
fgetpos
fgetc
fgetwc
fflush
fclose
__p__commode

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
_set_new_mode
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d6ede38ea0d115bdeb3bd0d79ebf162

Headers

DLL Characteristics

File Characteristics

Imports

libeay32

kernel32

user32

shell32

ole32

advapi32

msvcp140

comctl32

gdiplus

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 6KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 84B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 115KB - Virtual size: 115KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 6KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 84B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 115KB - Virtual size: 115KB

.reloc
Size: 11KB - Virtual size: 10KB