1457e94540dd9de049ff38ff352da8b59ad95363840a74a9c64de18f5955c847

Sharing

Copy URL

Twitter E-mail

General

Target

1457e94540dd9de049ff38ff352da8b59ad95363840a74a9c64de18f5955c847
Size

6.3MB
MD5

ee7ec8b91e1a3e0d85f6080e5d58a57d
SHA1

e00a0683a8f123003864edd36fd7666fc3233556
SHA256

1457e94540dd9de049ff38ff352da8b59ad95363840a74a9c64de18f5955c847
SHA512

28be2fa01e3d82527e8a04507e0e8c21c4677d3deda6d05c7ac99b33926fffd1ae96c34a89d9c0aa895b4e90e7f03c4dc6a8e47eef1d2511c560201801abae5e
SSDEEP

196608:yGGGGGGGGGG2WM/exGGGGGGGGGG2MPDwGGGGGGGGGG2SMOq2:yGGGGGGGGGG2WM/exGGGGGGGGGG2QwGr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1457e94540dd9de049ff38ff352da8b59ad95363840a74a9c64de18f5955c847

Files

1457e94540dd9de049ff38ff352da8b59ad95363840a74a9c64de18f5955c847
.exe windows:5 windows x86

2e5b459e70c8946d28ce3f58dbcf47a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

user32

LoadBitmapA
UpdateWindow
SetCapture
SetForegroundWindow
SendMessageA
LoadIconA
EnableWindow
CopyRect
InflateRect
DrawTextA
InvalidateRect
DestroyIcon
DrawIconEx
GetSysColor
LoadImageA
GetParent
OffsetRect
GetWindowRect
GetClientRect
LockWindowUpdate
SetTimer
GetWindow
GetFocus
wsprintfA
BringWindowToTop
SetActiveWindow
KillTimer
DrawFocusRect
FillRect
GetDC
PostQuitMessage
UnionRect
CreatePopupMenu
AppendMenuA
CheckMenuItem
EnableMenuItem
GetMenuState
GetSubMenu
LoadMenuA
ClientToScreen
ScreenToClient
GetDesktopWindow
WindowFromPoint
GetCursorPos
GetMessagePos
GetSystemMetrics
DispatchMessageA
TranslateMessage
PeekMessageA
PtInRect
ReleaseDC
SetCursor
IsWindow
CopyIcon
LoadCursorA
SetWindowLongA
MessageBeep
RegisterWindowMessageA
PostThreadMessageA
MsgWaitForMultipleObjects
PostMessageA

ole32

CLSIDFromString
CLSIDFromProgID
OleRun
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity

oleaut32

GetErrorInfo
SysAllocString
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString

msvcr90

_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memmove_s
realloc
_strupr
_strlwr
vsprintf_s
_vsnprintf
srand
fread
_beginthreadex
_endthreadex
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_mbsupr
memcpy
sprintf_s
fwrite
memcpy_s
fputs
vsprintf
isxdigit
rand
free
_mktime32
_localtime32
strtok
sprintf
atof
fprintf
__timezone
_time32
_strnicmp
fopen
fgets
fclose
strncmp
strncpy
memset
??_V@YAXPAX@Z
_mbsstr
strstr
strrchr
strchr
atol
??2@YAPAXI@Z
??3@YAXPAX@Z
atoi
_stricmp
__CxxFrameHandler3
_setmbcp
malloc

mfc90

ord5928
ord3004
ord5844
ord1466
ord6027
ord5589
ord2239
ord2204
ord6742
ord2862
ord2854
ord4979
ord650
ord5122
ord3935
ord4028
ord4880
ord4881
ord588
ord4679
ord4895
ord3135
ord5633
ord1728
ord1791
ord1792
ord2139
ord1445
ord3218
ord6356
ord5389
ord3670
ord6782
ord4160
ord6784
ord1644
ord2368
ord2375
ord2625
ord2607
ord2605
ord2623
ord2635
ord2612
ord2628
ord2633
ord2616
ord2618
ord2620
ord2614
ord2630
ord2610
ord969
ord965
ord967
ord963
ord958
ord5666
ord5668
ord6446
ord1729
ord4688
ord5139
ord3732
ord5647
ord4589
ord6780
ord5497
ord2074
ord5584
ord4650
ord1497
ord4331
ord1752
ord1755
ord6391
ord3346
ord4364
ord5279
ord5282
ord4786
ord4791
ord4788
ord4806
ord4808
ord4793
ord5195
ord5005
ord4585
ord4576
ord5403
ord5209
ord4851
ord792
ord5607
ord2232
ord2588
ord3528
ord595
ord3487
ord3277
ord5608
ord1446
ord3671
ord5585
ord4640
ord1670
ord2277
ord4496
ord1604
ord2103
ord4030
ord3579
ord1247
ord5750
ord2566
ord1252
ord6791
ord1709
ord636
ord2141
ord6079
ord2470
ord6166
ord6527
ord1357
ord367
ord3175
ord5761
ord6802
ord374
ord3506
ord4668
ord5636
ord1496
ord6388
ord3344
ord1678
ord1809
ord1810
ord5309
ord5152
ord4617
ord5615
ord1938
ord2057
ord945
ord6740
ord4733
ord2360
ord2899
ord300
ord4993
ord3783
ord1937
ord2047
ord1507
ord2723
ord2896
ord4727
ord7159
ord12762
ord6873
ord3553
ord4643
ord1698
ord2279
ord4497
ord1605
ord2105
ord6771
ord1492
ord692
ord4529
ord2590
ord6327
ord3650
ord3269
ord4649
ord1723
ord1786
ord2286
ord784
ord4254
ord6557
ord6787
ord6048
ord3234
ord6910
ord9132
ord8895
ord12243
ord4644
ord2280
ord9728
ord7183
ord4248
ord1490
ord6333
ord4022
ord6291
ord1935
ord1603
ord4252
ord6335
ord941
ord817
ord2069
ord6675
ord3519
ord664
ord3390
ord2209
ord3351
ord405
ord2721
ord3157
ord1087
ord1061
ord262
ord1691
ord436
ord3782
ord638
ord370
ord2962
ord1753
ord1448
ord4603
ord5087
ord4770
ord4314
ord6573
ord3061
ord6581
ord4149
ord6762
ord2344
ord4774
ord4911
ord5949
ord6653
ord3359
ord2922
ord2976
ord6663
ord2475
ord1488
ord1024
ord5824
ord4060
ord4052
ord3080
ord4273
ord2170
ord2880
ord3986
ord4992
ord2691
ord2046
ord1932
ord1944
ord3654
ord3273
ord790
ord4256
ord6329
ord3141
ord6681
ord6669
ord1926
ord5835
ord6682
ord6676
ord3643
ord4646
ord1720
ord2283
ord777
ord899
ord3738
ord1500
ord4663
ord2045
ord7151
ord6859
ord3479
ord686
ord6170
ord4760
ord349
ord3555
ord3245
ord5600
ord4645
ord4794
ord5199
ord4608
ord4850
ord2281
ord621
ord3832
ord3998
ord333
ord3148
ord2587
ord9963
ord9988
ord9751
ord9336
ord9458
ord9457
ord12989
ord12779
ord9456
ord12769
ord9455
ord12220
ord8592
ord9902
ord7134
ord776
ord7185
ord7243
ord7254
ord10438
ord3217
ord6355
ord13264
ord9708
ord10450
ord1384
ord2369
ord12253
ord5581
ord4330
ord1684
ord2645
ord2646
ord3278
ord12339
ord978
ord6361
ord3222
ord6359
ord3221
ord11861
ord3224
ord10203
ord12097
ord12095
ord2855
ord8127
ord2445
ord5339
ord4970
ord7526
ord11547
ord7519
ord8790
ord11922
ord10433
ord10789
ord11915
ord7406
ord8324
ord8168
ord8352
ord8346
ord10487
ord7045
ord7027
ord6912
ord575
ord6839
ord12034
ord7580
ord11427
ord9495
ord3663
ord796
ord3895
ord753
ord539
ord5137
ord5644
ord4618
ord4594
ord5262
ord5286
ord5216
ord5493
ord5496
ord5494
ord5495
ord5032
ord4013
ord4638
ord1668
ord611
ord3478
ord2273
ord5153
ord1378
ord1925
ord5924
ord4725
ord4678
ord1643
ord4686
ord5645
ord1711
ord1409
ord3896
ord549
ord756
ord4014
ord4996
ord6534
ord6074
ord3568
ord2282
ord4498
ord2130
ord1361
ord2591
ord3056
ord6922
ord5307
ord2271
ord1766
ord2469
ord613
ord337
ord4759
ord2758
ord6209
ord3932
ord4337
ord3676
ord6646
ord4513
ord4713
ord6465
ord9480
ord7304
ord7109
ord11303
ord10665
ord7515
ord10524
ord9599
ord3655
ord3274
ord5606
ord4157
ord1767
ord4027
ord538
ord4116
ord548
ord6788
ord550
ord3730
ord1536
ord1045
ord6760
ord789
ord2327
ord586
ord1611
ord305
ord3213
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord4333
ord4981
ord5663
ord5646
ord6001
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759

kernel32

FileTimeToSystemTime
GetFileTime
CreateFileA
GetModuleFileNameA
GetShortPathNameA
GetTempPathA
TerminateProcess
GetExitCodeProcess
OpenProcess
CreateDirectoryA
GetPrivateProfileStringA
GetCurrentProcess
lstrcatA
GetVersionExA
CreateSemaphoreA
DeleteFileA
Sleep
CopyFileA
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetSystemDirectoryA
_lopen
_lread
_lclose
CreateToolhelp32Snapshot
Process32Next
WinExec
GetWindowsDirectoryA
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
InterlockedDecrement
GetModuleHandleA
SetLastError
GetLastError
FindClose
FindNextFileA
FindFirstFileA
MultiByteToWideChar
GetTickCount
GetComputerNameExA
GetComputerNameA
GetPrivateProfileIntA
MoveFileA
GetCurrentThreadId
LocalFree
LocalAlloc
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileSectionA
GetPrivateProfileSectionA
lstrcpyA
lstrcpynA
WideCharToMultiByte
GetCurrentThread
CloseHandle
TerminateThread
Process32First

gdi32

CreateCompatibleBitmap
GetObjectA
GetBkColor
GetTextColor
GetCurrentObject
GetStockObject
GetDeviceCaps
CreateCompatibleDC
DeleteObject
GetTextExtentPoint32A
CreateFontIndirectA

advapi32

CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegQueryValueA
QueryServiceConfigA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA

shell32

ShellExecuteA
SHCreateItemFromParsingName

comctl32

InitCommonControlsEx

ws2_32

getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e5b459e70c8946d28ce3f58dbcf47a4

Headers

DLL Characteristics

File Characteristics

Imports

msvcp90

user32

ole32

oleaut32

msvcr90

mfc90

kernel32

gdi32

advapi32

shell32

comctl32

ws2_32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 445KB - Virtual size: 445KB

.data Size: 16KB - Virtual size: 41KB

.rsrc Size: 4.6MB - Virtual size: 4.6MB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 445KB - Virtual size: 445KB

.data
Size: 16KB - Virtual size: 41KB

.rsrc
Size: 4.6MB - Virtual size: 4.6MB