b8c73f94407afb33d0c63f59874d26c833f359c6562c7c40c699ba9757ccc562

Sharing

Copy URL Twitter E-mail

General

Target

b8c73f94407afb33d0c63f59874d26c833f359c6562c7c40c699ba9757ccc562
Size

185KB
MD5

6a73ff30780f53f006b9fad17834ac5e
SHA1

6dc84e243e6da88e0b8446e6569ec93d2b72cd57
SHA256

b8c73f94407afb33d0c63f59874d26c833f359c6562c7c40c699ba9757ccc562
SHA512

83f73997e1f4bd36b393504b9e00dd7d97f3c8a7befebbb42775d95cacbbb2343351e779d2c13ddd68d164645daaa3f986c966fbd5c09c0131bd0a5e2e51d74e
SSDEEP

3072:BCu/iASELaRr5cTsVEJPXR3h95eajhjZ+6z:gutO5cYVEJPPeq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8c73f94407afb33d0c63f59874d26c833f359c6562c7c40c699ba9757ccc562

Files

b8c73f94407afb33d0c63f59874d26c833f359c6562c7c40c699ba9757ccc562
.exe windows:6 windows x86

7e0785d4388e593f1f91a2dbca36d5b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140d

ord4467
ord13963
ord10874
ord13563
ord13562
ord6798
ord12039
ord12035
ord12037
ord12038
ord12036
ord17243
ord1603
ord3310
ord3024
ord5145
ord9816
ord12005
ord3890
ord3893
ord16044
ord7508
ord7385
ord1646
ord12131
ord9109
ord1645
ord1655
ord1171
ord12000
ord6959
ord4749
ord1218
ord14097
ord14147
ord9825
ord14129
ord7159
ord4483
ord8222
ord1090
ord16241
ord7685
ord17126
ord7686
ord17127
ord7684
ord17125
ord9535
ord14513
ord16915
ord13837
ord13838
ord2371
ord9476
ord15029
ord4747
ord4808
ord11139
ord17051
ord9454
ord17053
ord14523
ord14524
ord10692
ord6440
ord9960
ord9532
ord5490
ord14942
ord15010
ord12187
ord14137
ord10043
ord1599
ord3021
ord5142
ord10143
ord2558
ord1220
ord1036
ord8952
ord1880
ord9771
ord322
ord306
ord316
ord1141
ord5752
ord10140
ord8232
ord963
ord1512
ord13785
ord8234
ord3847
ord15206
ord8414
ord9824
ord10534
ord6208
ord10461
ord15821
ord9690
ord7695
ord13409
ord13474
ord3745
ord3744
ord4007
ord4006
ord12225
ord13218
ord12821
ord10769
ord2925
ord5026
ord10947
ord3309
ord16040
ord7506
ord14006
ord12844
ord2581
ord10084
ord7898
ord493
ord14051
ord10973
ord2610
ord14098
ord5382
ord3086
ord4729
ord8405
ord12807
ord10994
ord3848
ord16191
ord14159
ord14155
ord1972
ord1994
ord2020
ord2006
ord2027
ord5876
ord5943
ord5888
ord5906
ord5900
ord5894
ord5953
ord5937
ord5882
ord5959
ord5914
ord5852
ord5867
ord5928
ord5394
ord6986
ord11437
ord5380
ord3628
ord17054
ord9455
ord17052
ord8244
ord13554
ord15975
ord7186
ord3217
ord13999
ord4586
ord3884
ord3966
ord3967
ord14046
ord1097
ord8898
ord6274
ord6678
ord6956
ord11091
ord6648
ord6277
ord2878
ord17046
ord6506
ord6256
ord9208
ord9209
ord9198
ord6504
ord9829
ord10946
ord15253
ord1653
ord2884
ord1643
ord2801

kernel32

HeapAlloc
HeapReAlloc
HeapFree
SetLastError
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
HeapDestroy
HeapSize
OutputDebugStringW
DeleteCriticalSection
MultiByteToWideChar
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
FreeLibrary
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
GetCurrentThreadId
LoadLibraryW
DecodePointer

user32

GetSystemMetrics
GetClientRect
IsWindow
PostQuitMessage
PeekMessageA
UnregisterClassA

gdi32

DeleteDC
CreateSolidBrush

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

vcruntime140d

memset
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove
__CxxFrameHandler3

ucrtbased

wcslen
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
free
malloc
_CrtDbgReport
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_CrtDbgReportW
_initterm_e
exit
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
terminate
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_controlfp_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
_initterm
wcscpy_s
_setmbcp
__stdio_common_vswprintf_s

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 625B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e0785d4388e593f1f91a2dbca36d5b1

Headers

DLL Characteristics

File Characteristics

Imports

mfc140d

kernel32

user32

gdi32

comctl32

oleaut32

gdiplus

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 1KB - Virtual size: 12KB

.idata Size: 6KB - Virtual size: 6KB

.msvcjmc Size: 1024B - Virtual size: 625B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 44KB - Virtual size: 44KB

.reloc Size: 7KB - Virtual size: 6KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 12KB

.idata
Size: 6KB - Virtual size: 6KB

.msvcjmc
Size: 1024B - Virtual size: 625B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 44KB - Virtual size: 44KB

.reloc
Size: 7KB - Virtual size: 6KB