e0a23ac69fe8368e0617c91da544a401798d2b70f8e963c81929932ca56cfdd8

Sharing

Copy URL Twitter E-mail

General

Target

e0a23ac69fe8368e0617c91da544a401798d2b70f8e963c81929932ca56cfdd8
Size

139KB
MD5

6793df8802bce07870ee89a54f1bc2ba
SHA1

218d07233925a19f1bc371f87cb0e11487203740
SHA256

e0a23ac69fe8368e0617c91da544a401798d2b70f8e963c81929932ca56cfdd8
SHA512

a2e84741a7fd2dd74059a5b8e340822b31a42a008bbd32b837833408422e3cbe9aba998f37e41acbdbf9d6713f36032af4df637c09b34a35b55862d9809a9122
SSDEEP

3072:8vC8CIGWony+9ntbb+GuzvgEMOE9CSkIhVXvNW:yZCIwyyBbzu7ByCYhN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0a23ac69fe8368e0617c91da544a401798d2b70f8e963c81929932ca56cfdd8

Files

e0a23ac69fe8368e0617c91da544a401798d2b70f8e963c81929932ca56cfdd8
.exe windows:6 windows x64

85f92546a8d6cf441c96ccdf5ee47259

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

??Bid@locale@std@@QEAA_KXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ

mfc140

ord3270
ord3165
ord11798
ord10680
ord11761
ord5980
ord13327
ord2695
ord8863
ord8693
ord10657
ord11037
ord10117
ord3300
ord3299
ord3066
ord6226
ord1367
ord878
ord4714
ord2182
ord2207
ord2473
ord2917
ord305
ord5691
ord2899
ord4903
ord12873
ord310
ord1504
ord1507
ord1671
ord8374
ord3723
ord9903
ord3202
ord3205
ord6266
ord450
ord11803
ord8888
ord9016
ord7206
ord1032
ord316
ord6299
ord3748
ord8862
ord9898
ord3271
ord5211
ord7420
ord7431
ord7430
ord13438
ord5213
ord11754
ord5539
ord5323
ord9001
ord5536
ord5347
ord5224
ord2264
ord6229
ord7028
ord2173
ord1089
ord4648
ord940
ord3943
ord1087
ord6590
ord981
ord13469
ord6101
ord14208
ord6102
ord14209
ord6100
ord14207
ord7688
ord12160
ord14007
ord11615
ord11614
ord2004
ord7637
ord12571
ord3941
ord4002
ord9049
ord14133
ord7619
ord14135
ord12171
ord12170
ord2437
ord10026
ord5167
ord7989
ord7685
ord4436
ord12490
ord12552
ord10079
ord11877
ord7890
ord3804
ord3166
ord8050
ord1446
ord7363
ord8131
ord13050
ord11849
ord11881
ord7888
ord11869
ord5687
ord10644
ord6703
ord5067
ord13689
ord8618
ord7519
ord5704
ord13284
ord11357
ord14128
ord11575
ord4326
ord7881
ord8413
ord3705
ord14134
ord3710
ord7620
ord14136
ord2962
ord4343
ord11719
ord8792
ord9343
ord5566
ord4351
ord4817
ord4756
ord4741
ord4803
ord4848
ord4771
ord4826
ord4842
ord4783
ord11366
ord4789
ord4795
ord4777
ord4832
ord4765
ord1750
ord1729
ord1743
ord11365
ord5435
ord1717
ord9936
ord1695
ord11888
ord9932
ord2627
ord5064
ord9934
ord11892
ord9935
ord9933
ord5049
ord14279
ord2368
ord6607

kernel32

GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
CreateThread
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
GetLastError
CreateEventW
WriteProcessMemory
InitializeCriticalSectionEx
ReadProcessMemory
CloseHandle
Process32Next
Sleep
CreateToolhelp32Snapshot
OpenProcess
OutputDebugStringW
Module32Next

user32

KillTimer
GetClientRect
SendMessageA
LoadIconW
IsIconic
DrawIcon
GetSystemMetrics
GetSystemMenu
EnableWindow
SetTimer

gdi32

CreatePatternBrush

comctl32

InitCommonControlsEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__current_exception
__current_exception_context
__C_specific_handler
_CxxThrowException
memset
memmove
__std_exception_copy
__std_exception_destroy
memcpy

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__p__commode
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc
fclose
fflush
fputc
_set_fmode

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

atof
atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85f92546a8d6cf441c96ccdf5ee47259

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

mfc140

kernel32

user32

gdi32

comctl32

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 70KB - Virtual size: 72KB

.reloc Size: 1024B - Virtual size: 656B

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 70KB - Virtual size: 72KB

.reloc
Size: 1024B - Virtual size: 656B