ba056532806b87544a1f95e9947aefd379610383f22a7e649e071c6e8d2dd7d2

Sharing

Copy URL Twitter E-mail

General

Target

ba056532806b87544a1f95e9947aefd379610383f22a7e649e071c6e8d2dd7d2
Size

225KB
MD5

7ba4dd4fb772e2fdc423fa8d52c532b9
SHA1

582b4965200c3667ae5bf2b89dc0ea055bf3c2ca
SHA256

ba056532806b87544a1f95e9947aefd379610383f22a7e649e071c6e8d2dd7d2
SHA512

196e053838592fceb54a0c1968efea8fb44441d5bf14a19e8c02432cd9ad24ab5e7c0d9c38aa03b76d4889bf8dad5aec18414174317a0f1e0c724aa6b345ec8c
SSDEEP

6144:fn8g+bHcNgYTBJvrUYmGW6dF/p/uwONct43j92UC:PLgYTrvAYZH9pGHNu4B2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba056532806b87544a1f95e9947aefd379610383f22a7e649e071c6e8d2dd7d2

Files

ba056532806b87544a1f95e9947aefd379610383f22a7e649e071c6e8d2dd7d2
.exe windows:6 windows x86

599c4362475cfffc69f4336520131e85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120u

ord2951
ord8626
ord4179
ord3105
ord9009
ord6400
ord3321
ord3212
ord6731
ord4182
ord9013
ord5887
ord6492
ord4176
ord3103
ord9007
ord6393
ord2173
ord3654
ord7384
ord10353
ord503
ord1141
ord971
ord1445
ord1520
ord5019
ord4672
ord4692
ord8059
ord2948
ord5491
ord13117
ord5488
ord7946
ord887
ord1386
ord10919
ord14367
ord3790
ord9016
ord6389
ord5327
ord4838
ord2480
ord12941
ord3821
ord5753
ord2954
ord14224
ord2130
ord501
ord1140
ord4050
ord6129
ord500
ord1139
ord6099
ord11837
ord12919
ord5789
ord12222
ord2843
ord12430
ord2844
ord6436
ord9091
ord9116
ord12048
ord2718
ord13612
ord6121
ord3122
ord3361
ord3362
ord11271
ord10896
ord8921
ord12006
ord293
ord12792
ord11601
ord11600
ord5557
ord10169
ord10165
ord10167
ord10168
ord10166
ord2719
ord8092
ord3829
ord3263
ord13616
ord6123
ord3215
ord4193
ord462
ord8352
ord8268
ord12736
ord8206
ord13738
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord3809
ord5821
ord12114
ord12122
ord4546
ord8099
ord10314
ord12126
ord12094
ord12799
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord6758
ord1110
ord6392
ord6469
ord3839
ord4772
ord2262
ord1108
ord1063
ord1177
ord1437
ord1067
ord1130
ord6452
ord9020
ord999
ord6735
ord10136
ord6032
ord5693
ord12043
ord3223
ord3329
ord3330
ord3898
ord11999
ord2640
ord5838
ord13563
ord11592
ord1441
ord4049
ord13771
ord7206
ord13302
ord949
ord2163
ord7881
ord1467
ord992
ord7542
ord10260
ord4621
ord8638
ord6774
ord14455
ord7807
ord14449
ord3013
ord2967
ord285
ord4451
ord9574
ord4459
ord4909
ord3224
ord9137
ord10883
ord6875
ord12095
ord4874
ord4867
ord4905
ord4932
ord4883
ord4916
ord4928
ord4891
ord4895
ord4899
ord4887
ord4920
ord4879
ord1736
ord1727
ord1731
ord1723
ord1711
ord12132
ord3260
ord12134
ord280
ord5824
ord8639
ord5785
ord2478
ord1105
ord450
ord266
ord265
ord13514
ord13516
ord7951
ord4843
ord7699
ord290
ord2341
ord286
ord1518
ord13997
ord2204
ord1506
ord1042
ord2343
ord2347
ord8846
ord14447
ord11811
ord3795
ord5262
ord11964
ord2367
ord296
ord7704
ord1508

msvcr120

__CxxFrameHandler3
_CxxThrowException
memcpy
fflush
longjmp
fprintf
__iob_func
abort
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
fwrite
_resetstkoflw
_mkdir
_wtoi
free
malloc
fgetc
fopen
sprintf
fread
ftell
fseek
fclose
_localtime64_s
wcsftime
_time64
memcpy_s
memmove
_setjmp3

kernel32

DecodePointer
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
CloseHandle
WideCharToMultiByte
EncodePointer
MultiByteToWideChar
InitializeCriticalSectionEx
GetLastError
EnterCriticalSection
OutputDebugStringW
lstrlenA
DeleteCriticalSection
LocalFree
LeaveCriticalSection
CreateFileW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent

user32

GetDC
ReleaseDC
SetTimer
KillTimer
DrawIcon
PtInRect
SetCapture
ReleaseCapture
GetClientRect
GetSystemMetrics
IsIconic
LoadIconW
EnableWindow
SendMessageW
GetWindow
MessageBoxA

gdi32

CreateDIBSection
SelectObject
DeleteDC
CreateCompatibleDC
GetDIBColorTable
CreateCompatibleBitmap
StretchBlt
BitBlt
GetObjectW
DeleteObject

msimg32

TransparentBlt
AlphaBlend

shell32

SHGetMalloc
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFindExtensionW

oleaut32

VariantClear
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreatePen1
GdipDeletePen
GdipGraphicsClear
GdipDrawLineI
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipDrawImageI
GdipDrawPolygon
GdipDrawRectangleI
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1017.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

599c4362475cfffc69f4336520131e85

Headers

DLL Characteristics

File Characteristics

Imports

mfc120u

msvcr120

kernel32

user32

gdi32

msimg32

shell32

comctl32

shlwapi

oleaut32

gdiplus

msvcp120

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 1024B - Virtual size: 1017.6MB

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 1024B - Virtual size: 1017.6MB

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 8KB - Virtual size: 8KB