e8e1f895b89286bd0d7d43f96d6264eb2a0ab87910ccc91507899da770364fda

Sharing

Copy URL Twitter E-mail

General

Target

e8e1f895b89286bd0d7d43f96d6264eb2a0ab87910ccc91507899da770364fda
Size

196KB
MD5

604638c7e86602f9584046eca277453b
SHA1

4adbf7bb53435ef005b0efe393e139d9f5f9c071
SHA256

e8e1f895b89286bd0d7d43f96d6264eb2a0ab87910ccc91507899da770364fda
SHA512

dea5b07a474d960cc9b7a69bc060eb0aff2a91a515705e84623583338639e29f4ba15a60cb127db677d5d93e4e15f5ce3736e4b857de0a79cc181f49e45a41ce
SSDEEP

3072:JZqq8AcFHw2/95qR3WPJyJOKLCJsh+VkcgkzGrdTC7rgxMy2sc1D1:MAAHw2/fqR3WEOtfy2syD1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8e1f895b89286bd0d7d43f96d6264eb2a0ab87910ccc91507899da770364fda

Files

e8e1f895b89286bd0d7d43f96d6264eb2a0ab87910ccc91507899da770364fda
.exe windows:4 windows x86

bd8a935fa52885a1b9dfc5c4ce8c895f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetLocalTime
LoadLibraryA
Sleep
SetUnhandledExceptionFilter
lstrcmpiA
GetCommandLineA
InterlockedIncrement
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
FlushInstructionCache
HeapAlloc
CreateThread
LocalFree
GetStartupInfoA
GetModuleHandleA
GetLastError
VirtualQuery
GetModuleFileNameA
WaitForSingleObject
GetDiskFreeSpaceExA
InterlockedDecrement
HeapFree
SetEvent
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentProcessId
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
LoadLibraryExA
GetProcAddress
FreeLibrary
GlobalFree
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GetProcessHeap
lstrlenA

user32

DispatchMessageA
PostMessageA
SendMessageA
SetWindowLongA
GetWindowThreadProcessId
GetParent
CallWindowProcA
CreateWindowExA
ShowWindow
SetFocus
IntersectRect
EqualRect
OffsetRect
DestroyWindow
SetWindowPos
UnionRect
PtInRect
GetKeyState
BeginPaint
GetClientRect
EndPaint
InvalidateRect
IsWindow
GetFocus
IsChild
GetMessageA
SetWindowRgn
wsprintfA
CharNextA
PostThreadMessageA
GetWindowLongA
DefWindowProcA

gdi32

SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
TextOutA
SetTextAlign
Rectangle
RestoreDC
DeleteDC
CreateMetaFileA
SetViewportOrgEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

ole32

OleRegGetMiscStatus
CoTaskMemAlloc
CreateOleAdviseHolder
OleRegGetUserType
CreateDataAdviseHolder
OleRegEnumVerbs
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
SysAllocStringLen
SysAllocString
VariantInit
CreateErrorInfo
VariantChangeType
OleCreatePropertyFrame
VariantClear
SysStringLen
LoadRegTypeLi

videowindow

CreateVideoWindow
ReleaseVideoWindow

surveillance

CleanupApp
ReleaseTransImp
GetTransModuleImp
InitApp

atl

ord21
ord43
ord44
ord51
ord50
ord46
ord27
ord26
ord31
ord30
ord58
ord32
ord20
ord17
ord57
ord23
ord16
ord18

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1_Lockit@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0_Lockit@std@@QAE@XZ

msvcrt

strncpy
memset
__CxxFrameHandler
??1type_info@@UAE@XZ
_snprintf
strlen
malloc
memcpy
sprintf
_ftol
??2@YAPAXI@Z
free
strcmp
abs
strstr
_access
strcpy
_mbsrchr
_purecall
memcmp
realloc
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcslen
_CxxThrowException
strcat

winmm

PlaySoundA
timeBeginPeriod
timeSetEvent
timeKillEvent

shlwapi

PathAppendA
PathRemoveFileSpecA
PathAddBackslashA

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd8a935fa52885a1b9dfc5c4ce8c895f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

videowindow

surveillance

atl

msvcp60

msvcrt

winmm

shlwapi

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 394KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 394KB

.rsrc
Size: 40KB - Virtual size: 36KB