efb8b5f3f57b7ac6ac42a605d96c81b0bf60d0a13ea6e094be63d78fa990ed0d

Sharing

Copy URL Twitter E-mail

General

Target

efb8b5f3f57b7ac6ac42a605d96c81b0bf60d0a13ea6e094be63d78fa990ed0d
Size

416KB
MD5

b30ba1d8c4cb9e0fa5526542434b7807
SHA1

9eb25c561f735d52fc113711b6728005c7d298ce
SHA256

efb8b5f3f57b7ac6ac42a605d96c81b0bf60d0a13ea6e094be63d78fa990ed0d
SHA512

fee4831458ba9040d6659cd94ea7bf8a050177f9d180936ea82cf80e28f96d9f2ffeb20b2b09f9acfce2d679aa0150ae0fde98be2278ec82ab29be96f9973b48
SSDEEP

6144:wlMs/KR02yMVZGLC00raNO+ihQBzQckl7j+uPl/hI9T8937K:wlMZRIk0C00ra4QBcCaK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efb8b5f3f57b7ac6ac42a605d96c81b0bf60d0a13ea6e094be63d78fa990ed0d

Files

efb8b5f3f57b7ac6ac42a605d96c81b0bf60d0a13ea6e094be63d78fa990ed0d
.exe windows:5 windows x86

520e018e892cb20dd326f6a2a6af07fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90ud

ord6164
ord6121
ord9366
ord5738
ord9368
ord6537
ord2906
ord2861
ord8169
ord5747
ord1389
ord7462
ord9297
ord7868
ord5781
ord2716
ord4474
ord7626
ord7628
ord5991
ord6804
ord7638
ord7603
ord8152
ord4323
ord6707
ord6465
ord3140
ord1857
ord5054
ord690
ord6772
ord5530
ord1641
ord6302
ord6107
ord6106
ord6407
ord7593
ord3462
ord4263
ord2942
ord302
ord5673
ord446
ord4465
ord2389
ord2987
ord784
ord352
ord3480
ord723
ord6090
ord7855
ord7294
ord3761
ord9002
ord8394
ord3369
ord4191
ord8243
ord1922
ord6816
ord4722
ord5062
ord9073
ord9017
ord3975
ord5064
ord9373
ord9070
ord8494
ord3950
ord930
ord3976
ord399
ord2321
ord2320
ord7044
ord872
ord8266
ord598
ord5990
ord874
ord8241
ord8238
ord9151
ord7961
ord750
ord2849
ord2565
ord600
ord950
ord7569
ord7029
ord7203
ord2863
ord2411
ord2410
ord2251
ord2250
ord4659
ord8780
ord2339
ord2336
ord5987
ord2032
ord6446
ord7538
ord2701
ord7420
ord9365
ord6377
ord3245
ord1408
ord4426
ord3667
ord6531
ord1663
ord1900
ord5197
ord7015
ord6169
ord377
ord6487
ord2307
ord8868
ord7644
ord7642
ord1218
ord1223
ord1227
ord1225
ord1229
ord3551
ord3571
ord3555
ord3561
ord3559
ord3557
ord3574
ord3569
ord3553
ord3576
ord3564
ord3546
ord3548
ord1453
ord5779
ord1189
ord961
ord6093
ord8111
ord7954
ord3686
ord286
ord963
ord3337
ord6142
ord943
ord1476
ord4899
ord8200
ord5668
ord1133
ord5948
ord8633
ord3523
ord7280
ord3566
ord3256
ord3243
ord2209
ord9367
ord734
ord935
ord2166
ord6212
ord270
ord267
ord1186
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord7590
ord3804
ord4122
ord4320
ord6518
ord4097
ord4348
ord3807
ord3996
ord3796
ord5598
ord5599
ord5589
ord3994
ord5994
ord6712
ord6466
ord3033
ord1769
ord8287
ord406
ord347
ord292
ord355
ord753
ord722
ord701
ord5281
ord1637
ord1635
ord1508
ord5487
ord6216
ord3622
ord7956
ord8330
ord3183
ord6268
ord1410
ord3231
ord724
ord4008
ord1503

msvcr90d

_snprintf_s
_errno
_CrtDbgReport
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
_time64
_mktime64
_gmtime64_s
memcmp
??1exception@std@@UAE@XZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_CRT_RTC_INITW
_initterm_e
_initterm
_CrtSetCheckCount
_wcmdln
exit
_cexit
_XcptFilter
_exit
__wgetmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
memmove_s
_wcsicmp
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter
_localtime64_s
wcsftime
_ultow_s
wcsrchr
wcslen
_wcsnicmp
_recalloc
calloc
free
malloc
abs
memset
memcpy_s
_resetstkoflw
__CxxFrameHandler3
_CrtDbgReportW
memcpy

kernel32

EnterCriticalSection
LeaveCriticalSection
Sleep
lstrlenW
GetVersion
GetModuleFileNameW
LocalFree
FormatMessageW
InterlockedExchange
CloseHandle
GetCurrentProcess
QueryDosDeviceW
GetLongPathNameW
GetTempPathW
DeleteFileW
FindClose
FindFirstFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
CopyFileW
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
FindResourceW
LoadResource
FreeResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
InitializeCriticalSection
DeleteCriticalSection
MulDiv
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetLastError
FreeLibrary
VirtualQuery
GetProcessHeap
HeapAlloc
HeapFree
UnhandledExceptionFilter
TerminateProcess
LoadLibraryA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
DebugBreak
RaiseException

user32

CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
SubtractRect
EqualRect
InflateRect
OffsetRect
UnionRect
IntersectRect
GetSysColor
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetSystemMetrics

gdi32

DeleteObject
CreateDIBSection
SetDIBColorTable
SelectObject
CreateCompatibleDC
DeleteDC
GetObjectW
StretchBlt
GetDIBColorTable

msimg32

TransparentBlt
AlphaBlend

advapi32

RegQueryInfoKeyW
SetThreadToken
RevertToSelf
OpenThreadToken
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
InitiateSystemShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegSaveKeyExW
RegCreateKeyExW

comctl32

InitCommonControlsEx

shlwapi

PathMatchSpecW
StrFormatByteSizeW
PathFileExistsW

ole32

CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysFreeString

languages

ord4

msvcp90d

?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Debug_message@std@@YAXPB_W0I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@U_Has_debug_it@01@@Z
?_Orphan_all@_Container_base_secure@std@@QBEXXZ
??1_Container_base_secure@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0_Container_base_secure@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z

gdiplus

GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipAlloc
GdipCloneImage
GdipFree
GdipDisposeImage
GdipCreateBitmapFromFileICM

guwndmanager

WindowsPosInitialize
WindowsPosHookWnd

crashreport

ord1

skinsmanager

InitializeLibrary
InitializeSkins
GetSkinsFile
UnitializeLibrary

register

GoHelp

config

ord10
ord9
ord5
ord12
ord4
ord7
ord20
ord19
ord1

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

520e018e892cb20dd326f6a2a6af07fc

Headers

DLL Characteristics

File Characteristics

Imports

mfc90ud

msvcr90d

kernel32

user32

gdi32

msimg32

advapi32

comctl32

shlwapi

ole32

oleaut32

languages

msvcp90d

gdiplus

guwndmanager

crashreport

skinsmanager

register

config

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 203KB - Virtual size: 202KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 203KB - Virtual size: 202KB

.reloc
Size: 9KB - Virtual size: 9KB