4f533709a4c758666d87a5dd3d0362feaf9391e8b3ff9ab285198e7353810885

Sharing

Copy URL Twitter E-mail

General

Target

4f533709a4c758666d87a5dd3d0362feaf9391e8b3ff9ab285198e7353810885
Size

3.7MB
MD5

e5827655b1a4ee551b8c0e955646a884
SHA1

9693abfd0707597d8cf79be30255872e3ca65807
SHA256

4f533709a4c758666d87a5dd3d0362feaf9391e8b3ff9ab285198e7353810885
SHA512

a5625d6c43d9a7828acbe41a6e133447da4159d300202463347d6e462ea16193bbcd6bc48cb6edb41b54f1438ec5fce82840b1f137748ae0ca85ae62e84db548
SSDEEP

98304:A7es50R3vNKxPen6hwgWlLvthyv+PnDsz6QCpMu+x6ei7nA6:TRVKcnfdGN2Mzx6jH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f533709a4c758666d87a5dd3d0362feaf9391e8b3ff9ab285198e7353810885

Files

4f533709a4c758666d87a5dd3d0362feaf9391e8b3ff9ab285198e7353810885
.dll windows:5 windows x64

6f0518a932ceca3a442c96fb9eb86537

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mfc90

ord1515
ord2326
ord790
ord290
ord286
ord296
ord2972
ord886
ord265
ord6299
ord6305
ord4178
ord5607
ord791
ord1019
ord778
ord2380
ord2602
ord877
ord888
ord2973
ord316
ord300
ord310
ord589
ord795
ord798
ord797
ord919
ord2328
ord4179
ord6297
ord6295
ord6296
ord4206
ord5681
ord4095
ord588
ord6247
ord1523
ord305
ord3006
ord1516
ord280
ord788
ord776
ord1213
ord5333
ord5350
ord4041
ord5344
ord3002
ord1966
ord266
ord569
ord2342
ord760
ord3418
ord577
ord3923
ord5499
ord6348
ord5220
ord1023
ord3897
ord5701
ord2065
ord2110
ord4429
ord6407
ord3892
ord6409
ord3921
ord2303
ord5684
ord4677
ord5346
ord4112
ord771
ord3774
ord4136
ord4363
ord4586
ord4042
ord2709
ord3800
ord3810
ord3809
ord2797
ord2904
ord4410
ord2780
ord4207
ord5647
ord5608
ord306
ord2598
ord2711
ord2605
ord2907
ord2516
ord1103
ord592
ord1239
ord320
ord1963
ord1205
ord1203
ord1229
ord1146
ord1195
ord379
ord1118
ord1238
ord1236
ord1111
ord1052
ord321
ord779
ord1060

msvcr90

_mbsnbcpy
_mbsstr
_mbsupr
strncmp
_snprintf
strtoul
_wcsnicmp
rand
srand
strncat
_strnicmp
wcsncat
calloc
abort
__CxxFrameHandler3
?terminate@@YAXXZ
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_vsnprintf
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_vsnwprintf
strncpy
malloc
free
wcsstr
_wcsicmp
exit
_time64
_invalid_parameter_noinfo
_beginthread
atoi
strstr
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@XZ
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
sprintf
memmove_s
memcmp
_CxxThrowException

kernel32

GetModuleFileNameA
Process32First
OpenProcess
GetFileAttributesA
CreateProcessA
TerminateProcess
Module32First
Process32Next
LocalAlloc
CreateToolhelp32Snapshot
Module32Next
WinExec
WriteFile
GetSystemTimeAsFileTime
SystemTimeToFileTime
SetFilePointer
GetComputerNameA
GetTickCount
GetCommandLineA
InitializeCriticalSection
Sleep
GetLastError
EnterCriticalSection
GetModuleHandleA
OutputDebugStringA
DeleteFileA
OutputDebugStringW
CreateFileA
SetUnhandledExceptionFilter
GetCurrentProcess
GetLocalTime
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
LocalFree
ReadFile
GetProcAddress
DeviceIoControl
WideCharToMultiByte
MultiByteToWideChar
HeapFree
GetProcessHeap
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
LocalFileTimeToFileTime
GetCurrentDirectoryA
CreateDirectoryA
SetFileTime
GetFileSize
LoadLibraryA
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
LocalAlloc
GetCurrentProcess
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
CreateFileA
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
LocalFree
ReadFile
WriteConsoleW
GetConsoleOutputCP
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
GetProcAddress
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA

user32

GetWindowThreadProcessId
MapVirtualKeyA
GetWindowTextA
GetForegroundWindow
FindWindowExA
GetWindowRect
MessageBoxW
PostMessageA
GetClassNameW
wsprintfA
CharUpperBuffW
MessageBoxW

shell32

SHCreateDirectoryExA

shlwapi

PathFileExistsA

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantInit
VariantClear

msvcp90

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBDAEBV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@AEBV10@PEBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2_KB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAXAEAV12@@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IEAAPEADXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KAEBV12@_K@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_NXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAD_K@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAX_K@Z
?capacity@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAX_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD0@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAXXZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAXXZ
??7ios_base@std@@QEBA_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@PEBD_K@Z
?length@?$char_traits@D@std@@SA_KPEBD@Z
?eq_int_type@?$char_traits@D@std@@SA_NAEBH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ

iphlpapi

GetIpNetTable
GetAdaptersInfo
GetIpForwardTable

wininet

InternetOpenA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle

psapi

GetModuleFileNameExW
GetModuleFileNameExA

wtsapi32

WTSSendMessageW

advapi32

RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
RegCloseKey

Exports

Exports

6��T{M׀��E'��-�J�Ȱ��ӚI�P��O�n�j�>�zѵaY2|5Ăң�19?M�k.4��2��Yz6��@��s�?�Mt��l��.�~:莲PO5�sçzYr ��>��&�F�;۔_�� $�P��&z�n{��1�6ݹ��:��[�D1�Ui�_�f�B��(�� ]�*Z~�;�Έ.��N�W�H�;��,ɓ�hb�}��~��7C��Ȫ:OФ��KT�+�J��}�3��4'��ܿ�u�%�7{�]��ʰ��IF$�LH��?#8�� 0�a �P��'ZK��?��M �Pd}��`�J��}�*� �I��&�iv��zg�S?џ��\z� Q��ᜃ�F�y�)�F�tS��i��@z�=f"�!5��L�m��q�u��< F�gE��H�*��a7�p�(H��@u㝐��wN��*'��F!+ �hrL��2�K�l�%8Hͪ�u�O�&9�<�a&�Wn��vJ|��u��H5;nC9�0K��W3X@;�T��n5��}NP|�&��kF ��;� ?��!E7�X�(�6O97Bd�s�3��%^�1ÞYl��l�H �I�qc�3��k:��-{@V��WԳ�w�G��^}�Ѭg��;$��s��G;$xrw͐��j9!��1��!v��h[P�g2ſ��w��o�Au�̙��ā�� P�(��:L�-�0��N1��O�U�\ńxp3*��3�J[ ��U9Yݙ�ڙ9��L|��rY�娹�Yqv�\1��[`�,�6�'�ge��ʊ�F�-�W9 �~;֐rL�Ut� �w%�� p��)$��K��5~+�@�!VjQ=��_g%4�W��Q�f�Nk�}SGJ�rp��߅U��d*Bgg1s.��뭎��c��mf�(��p<��Dӧ�Q25K{�e6��^�PE��Q@�,��s�Љt`�|��y�GZQ7��(��VZN��#R��)6 ��O$�=�:�#�ü:`�?qt��w�(qyz��KP"��s�f�:�&;�xN�Ȫ��"��e"5�s"�K�w�R1��z$A�>��P�}��s7O�q�'`�R�Y�ł7C�M��i%w��۷��΁��D��V��p/�� \)�Lƕ��xhp�s��V.�5�r.��.z��|��xf��~X�~pu�Z��i�aTs�1�6m��m�\*$-��s��2��lv��(M�$��ͅq�c��,��? ��8��F��\xJ:mg01g�� }9#xD*JA7S.��s K�ߑS�}�hX�"B�殈&T﷞8��ɕX[��:��r|ZP��,<� 4��~�5;��eW�m�n��7O~��R�d��1i0�Phɋ�B�7�0��+�Eol)��x�V:� ґ��Ҩ�ڦ�Nc��oS*� %�ҏwx��!LE�|��ć��مb��4[3��o ��UY� �~��W�V�k��|�&mB�0�$ǘ�}��آ`!ϖ�A��y�j��#�Hz5�h��&�ތ��wbJe��M��\�g��2XD�c��n��/�j��Z��ò�l3d5�cv��q1��v{b�Ur��ifTX�`�@f�bc{&9�Y��c�|�zIp<�E�Ѽi��(�g��e� ��:�cQK'��@G��.��۝-�xo7l�8A0�Ww�oY��->�Ж��!�h��>r��j0�H��*j�s�D��5E�K7z�ѕ�G=�L\!RU %�2�� Z5�>��"a��#e͑��n��5�� '�P��Q��7-��u�¡Дy��Z?Z!h˄�}3��Ⱥ�?��!��'�:^��7#�<â��ܙ�� J��v&��1��qS�G�� t��z�u?��j`Z|G�d^��v��F�u#�ξo�b-��R�uڈ�ԊR��ivP�R��Uְlh��f`Z�)ˉ� fe��k��m��M,�ĭ#�g��޼kǰvI7�b��V8��(��2��\�8V��/�[�]r��r6��Ĩ�);��<O��5^�؜�a � �"��r��hm�&o�t��v�u�%M)<��n`di� �"��v��U��P��Cنi�r�3��5L/ۖ��*��&30��XP��jZ��vd��^_\I�<6��ţ��D�v��&++Y�Tҭ�V�ScV8§��:>�l��w�z`Z�|�/�56NC��:,d�ڬ��+�x�b%��G��M��/��P�<l��2��L��F��1��"�y\��3�;��>_�L�j1A֬�P�m��7��Ô��0+��1G��oa��lmB�O�Ә��o�o��҂_'.3�H�V��N�/Ғ�p��_u~d� ��K�b��@+]��0�3 O��t��k�*M��" �";��v��I1l=��ۋ<{�y��iM<*�Ȗo^��O�ӊ�׍��)�9��*��4� �`��z�d~)�)p��8�+�cd�m�y��$��G��E��å� Rou�L@��i��L��!��}��Ae��`ڏ��<��8t2E��;��m-��C'I��d��j�L0� �e�ulC�|�uv��TUf��\�]��=�4;��w�� *�sx��]Pd\��?�L�X��t}�B��h�I�Z~��j�IZ�0R��n�,�c륊�=�-��-_�A�p �w�3Q?ޭ��ψ��h��`��$3@��ӛ��_`��Ct@��d!].]�"�#�D�Q�5>�@.c,��N2��RJ��ȳmǓ��ୖ-��Zܽ 6�o *��Œ�br�\��Iv'b19#��&(��a��x"jm֣�-�1n��3��

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

rdata2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Editable
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6f0518a932ceca3a442c96fb9eb86537

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

shell32

shlwapi

ole32

oleaut32

msvcp90

iphlpapi

wininet

psapi

wtsapi32

advapi32

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 16KB - Virtual size: 16KB

rdata2 Size: 4KB - Virtual size: 4KB

Editable Size: 4KB - Virtual size: 4KB

.vmp0 Size: 1.8MB - Virtual size: 1.8MB

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 23KB - Virtual size: 23KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 16KB - Virtual size: 16KB

rdata2
Size: 4KB - Virtual size: 4KB

Editable
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 1.8MB - Virtual size: 1.8MB

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 23KB - Virtual size: 23KB