34d50e049eb240c82dbc7261a107421e1ef615511a92558d89ee707b07727735

Sharing

Copy URL Twitter E-mail

General

Target

34d50e049eb240c82dbc7261a107421e1ef615511a92558d89ee707b07727735
Size

180KB
MD5

73c29bb12e4d6de65a3a55287b4a49ae
SHA1

eda5c0c5a68ae0a5ee5b51c293d77135fd46a8f7
SHA256

34d50e049eb240c82dbc7261a107421e1ef615511a92558d89ee707b07727735
SHA512

9b7442585e5bb360d0207d6b261a57a00ff40e2f70084d8928ceca05f83376bdaf680a08406ee6877cc48f20a3e4001a0511a09f70635c1694ded048735254d0
SSDEEP

3072:LnZ0lxEwPgD/zyiVZaRHyzUskVbBDRZu0GxJInGM2mj0YaWPJs:T4xTUBiSzjYZuWnB2g0dY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34d50e049eb240c82dbc7261a107421e1ef615511a92558d89ee707b07727735

Files

34d50e049eb240c82dbc7261a107421e1ef615511a92558d89ee707b07727735
.exe windows:5 windows x86

4d8dfe7cda9fa1df59c219b54df5c2fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mfc42u

ord4717
ord6195
ord4458
ord2644
ord2239
ord1662
ord1165
ord1255
ord2385
ord2793
ord5854
ord4017
ord6136
ord3998
ord4016
ord4015
ord720
ord3295
ord420
ord599
ord1240
ord3023
ord738
ord1196
ord2386
ord3764
ord1262
ord6335
ord1258
ord2167
ord2513
ord441
ord4502
ord448
ord744
ord3765
ord2859
ord2515
ord5246
ord2550
ord447
ord2371
ord6336
ord2154
ord5994
ord3211
ord2246
ord2153
ord2170
ord5506
ord4037
ord1640
ord429
ord4294
ord2082
ord357
ord823
ord535
ord858
ord2776
ord6211
ord861
ord3450
ord4951
ord4855
ord4820
ord3182
ord4944
ord2429
ord2163
ord5014
ord4511
ord4634
ord4910
ord4996
ord654
ord6408
ord5015
ord1079
ord993
ord4485
ord4410
ord5084
ord5497
ord4622
ord4651
ord5748
ord4150
ord2986
ord3412
ord5019
ord5623
ord1003
ord3444
ord4691
ord3055
ord3061
ord6332
ord2502
ord2534
ord5738
ord1740
ord5573
ord3167
ord5650
ord4417
ord4950
ord4854
ord4819
ord4381
ord3449
ord3193
ord3256
ord3275
ord3376
ord4617
ord4424
ord456
ord748
ord6076
ord1567
ord6171
ord3782
ord2394
ord1984
ord3437
ord3792
ord2006
ord6391
ord5451
ord3293
ord4477
ord1773
ord2785
ord2853
ord5648
ord5013
ord5100
ord4915
ord4997
ord4724
ord4663
ord4484
ord4339
ord4332
ord4641
ord5016
ord4486
ord4506
ord4956
ord4649
ord4376
ord4639
ord2540
ord5504
ord4488
ord3101
ord3348
ord4616
ord4418
ord5820
ord4487
ord4599
ord4994
ord1130
ord4032
ord5952
ord1868
ord266
ord1797
ord826
ord260
ord824
ord3397
ord1941
ord589
ord1172
ord764
ord4370
ord4847
ord3592
ord3716
ord3614
ord801
ord795
ord1634
ord4155
ord541
ord540
ord567
ord3621
ord3658
ord2406
ord2070
ord2108
ord609
ord5977
ord4282
ord5857
ord1137
ord2637
ord2506
ord3951
ord613
ord6193
ord5785
ord289
ord2567
ord4390
ord3569
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord326
ord4229
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord489
ord768
ord4253
ord4254
ord4709
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord3695
ord496
ord771
ord2877
ord3649
ord1637
ord4215
ord2576
ord2430
ord2855
ord2442
ord5783
ord5871
ord283
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord2332
ord2294
ord2729
ord5268
ord2606
ord1197
ord1145
ord2293
ord2350
ord3087
ord1971
ord665
ord5706
ord3784
ord5180
ord354
ord1560
ord268
ord941
ord940
ord4224
ord4629
ord4601
ord4744
ord5010
ord4828
ord355
ord2634
ord4602
ord5061
ord4710
ord6238
ord1173
ord1561
ord3263
ord3490
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord1703
ord1708
ord5230
ord6365
ord1722
ord1886
ord5244
ord2436
ord3743
ord341
ord554
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord500
ord772
ord5080
ord3084
ord2072
ord4448
ord4491
ord5878
ord3566
ord6451
ord6138
ord5856
ord3568
ord3312
ord5781
ord2854
ord4270
ord3871
ord2099
ord2836
ord1143
ord2290
ord319
ord4118
ord3867
ord4357
ord5083
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord3398
ord2874
ord1125
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord4358
ord5078
ord1702
ord1704
ord3375
ord3680
ord739
ord439
ord450
ord442
ord747
ord736
ord1878
ord4246
ord5491
ord2096
ord4454
ord6060
ord2486
ord2619
ord2618
ord6142
ord5879
ord4143
ord2112
ord4497
ord2879
ord5652
ord5472
ord5950
ord3099
ord6266
ord2004
ord3133
ord5568
ord2914
ord5082
ord1834
ord4237
ord5468
ord4146
ord5278
ord796
ord674
ord529
ord366
ord1263
ord1229
ord6373
ord4451
ord5996
ord2109
ord4504
ord5047
ord6191
ord3865
ord5024
ord4356
ord2992
ord1946
ord5193
ord4695
ord2912
ord2795
ord958
ord6308
ord4172
ord3313
ord6006
ord5769
ord2593
ord3175
ord3178
ord3171
ord3502
ord3609
ord6022
ord5438
ord6381
ord6023
ord1105
ord3785
ord1099
ord1259
ord703
ord603
ord6397
ord5441
ord1961
ord273
ord403
ord6398
ord6385
ord2885
ord3515
ord3516
ord1008
ord1192
ord4128
ord4292
ord6115
ord5784
ord562
ord4225
ord3578
ord3688

msvcrt

_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
isspace
free
_wcsdup
setlocale
strncpy
memmove
_ftol
wcstod
swprintf
wcscoll
wcscmp
iswctype
wcslen
wcscpy
_purecall
_wcsicmp
_EH_prolog
__CxxFrameHandler

advapi32

RegOpenKeyExA
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegQueryValueExA

kernel32

SetThreadPriority
GetModuleFileNameW
GetShortPathNameW
FormatMessageW
GetModuleHandleW
GetLocaleInfoW
WideCharToMultiByte
DeleteAtom
ResumeThread
GlobalAddAtomW
GetVersion
lstrcmpA
SetCurrentDirectoryW
FindResourceW
CreateEventW
GlobalSize
ResetEvent
SetEvent
GetProcAddress
LoadLibraryW
lstrlenA
CloseHandle
GlobalGetAtomNameW
lstrcpynW
lstrcpyA
GetLastError
GetFileAttributesW
ExpandEnvironmentStringsW
GetDateFormatW
lstrcatW
GetTimeFormatW
GetUserDefaultLCID
EnumDateFormatsW
GetLocalTime
GlobalAlloc
FreeLibrary
EnumTimeFormatsW
lstrcmpW
lstrcmpiW
lstrlenW
GlobalLock
GlobalUnlock
MulDiv
InterlockedIncrement
LoadLibraryA
GlobalFree
GetModuleHandleA
GetCurrentThreadId
CreateFileW
ReadFile
Sleep
lstrcpyW
GetStartupInfoW

gdi32

GetTextExtentPointW
DPtoLP
ScaleWindowExtEx
CreateFontIndirectW
GetDeviceCaps
GetTextMetricsW
CreateICW
PtVisible
RectVisible
CreateDCW
TextOutW
Escape
GetPaletteEntries
GetStockObject
Rectangle
GetTextColor
GetBkColor
EnumFontFamiliesExW
BitBlt
CreateCompatibleDC
CreateSolidBrush
EnumFontFamiliesW
GetObjectW
DeleteObject
SelectObject
CreatePen
SetPixel
ExtTextOutW

user32

GetKeyState
UpdateWindow
SetCapture
CountClipboardFormats
OffsetRect
GetMonitorInfoW
MonitorFromWindow
GetClientRect
IsClipboardFormatAvailable
PtInRect
ClientToScreen
SetActiveWindow
LoadIconW
GetDlgItem
DrawTextW
GetSystemMetrics
TabbedTextOutW
GrayStringW
GetWindowRect
AppendMenuW
LoadStringW
WinHelpW
GetSysColor
FillRect
DrawFocusRect
CopyRect
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowTextW
RegisterClipboardFormatW
SetFocus
IsWindow
IsWindowEnabled
GetFocus
IsChild
wsprintfW
DispatchMessageW
TranslateMessage
SetRect
ReleaseCapture
BringWindowToTop
GetDesktopWindow
ScreenToClient
GetClassInfoW
PostMessageW
OemToCharBuffA
CharToOemBuffA
PeekMessageW
MsgWaitForMultipleObjects
CharToOemA
LoadCursorW
SetRectEmpty
EqualRect
DrawEdge
GetCapture
GetDC
ReleaseDC
FindWindowW
EnumWindows
SetForegroundWindow
SendMessageTimeoutW
GetClassNameW
IntersectRect
GetMenuItemCount
DeleteMenu
RemoveMenu
GetSubMenu
SetTimer
KillTimer
GetAsyncKeyState
GetWindow
LoadMenuW
DefWindowProcW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnableWindow
SendMessageW
RegisterWindowMessageW
InvalidateRect
GetNextDlgTabItem
LoadBitmapW
CreatePopupMenu
GetParent

comdlg32

ChooseFontW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

shell32

SHGetSpecialFolderPathW
DragFinish
ShellAboutW
DragQueryFileW

ole32

OleUninitialize
StgOpenStorage
OleRegGetUserType
CoTaskMemFree
ReadClassStg
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleInitialize
StringFromCLSID

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d8dfe7cda9fa1df59c219b54df5c2fb

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

shell32

ole32

Sections

.text Size: 127KB - Virtual size: 127KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 46KB - Virtual size: 76KB

.text
Size: 127KB - Virtual size: 127KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 46KB - Virtual size: 76KB