a15a45f5d1fbc50ead3b0d3e8a4a800a904ccf17e59dee014a24c70ec66bc419

Sharing

Copy URL

Twitter E-mail

General

Target

a15a45f5d1fbc50ead3b0d3e8a4a800a904ccf17e59dee014a24c70ec66bc419
Size

312KB
MD5

ba39555586303ef7ecdbd68da07a79a9
SHA1

9dbb6bc2cc1dab8942fcf3624bc0312afc620de3
SHA256

a15a45f5d1fbc50ead3b0d3e8a4a800a904ccf17e59dee014a24c70ec66bc419
SHA512

250a2ac5327a83be33ab43e5e7f9ecb715dc4df1cef9a65a9606ae726e8bf34234f642fc77591cf1d7ba32d69c6496632aa675e0f8adeac6e48644f05f13570d
SSDEEP

3072:E5Bl3NVJJal79aX3LnbViY+vtkUsCnmh4uc25Bmmbd3f8Z6xDmNN8+f7olES:E5BtvadeLnJiYZ+up5BmmbaWmNNFQE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a15a45f5d1fbc50ead3b0d3e8a4a800a904ccf17e59dee014a24c70ec66bc419

Files

a15a45f5d1fbc50ead3b0d3e8a4a800a904ccf17e59dee014a24c70ec66bc419
.exe windows:5 windows x86 arch:x86

d7273322b3721db17cd8df0e65301709

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord4150
ord2986
ord3412
ord5019
ord5623
ord1003
ord3444
ord4691
ord3055
ord3061
ord6332
ord2502
ord2534
ord5738
ord1740
ord5573
ord3167
ord5650
ord4417
ord4950
ord4854
ord4819
ord4381
ord3449
ord3193
ord3256
ord3275
ord3376
ord4617
ord4424
ord456
ord6076
ord6171
ord3782
ord2006
ord6391
ord5451
ord3293
ord4477
ord1773
ord2785
ord2853
ord5648
ord5013
ord5100
ord4915
ord4997
ord4724
ord4663
ord4484
ord4339
ord4332
ord4641
ord5016
ord4486
ord4506
ord4956
ord4649
ord4376
ord4639
ord2540
ord5504
ord4032
ord3263
ord3348
ord4616
ord4418
ord5820
ord720
ord420
ord5952
ord1868
ord1886
ord1797
ord260
ord826
ord4294
ord2859
ord2371
ord1662
ord2644
ord5506
ord2937
ord2550
ord4458
ord6195
ord2385
ord2793
ord4017
ord3295
ord6466
ord744
ord3765
ord2515
ord993
ord1079
ord447
ord2386
ord6336
ord1258
ord2154
ord1262
ord6335
ord5994
ord3211
ord2246
ord2153
ord2170
ord4037
ord1640
ord429
ord748
ord2394
ord1984
ord3437
ord3792
ord4487
ord3490
ord1722
ord1130
ord824
ord1255
ord738
ord1196
ord3764
ord2167
ord2513
ord441
ord3023
ord4583
ord4886
ord4526
ord5070
ord4335
ord4343
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord6051
ord1768
ord5236
ord5286
ord3743
ord1719
ord4426
ord341
ord303
ord654
ord448
ord2082
ord357
ord535
ord858
ord2776
ord6211
ord861
ord3450
ord3397
ord1941
ord589
ord764
ord1172
ord4370
ord4847
ord325
ord4229
ord4282
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord489
ord4253
ord4254
ord4709
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord3695
ord496
ord768
ord771
ord2877
ord3658
ord3621
ord2406
ord3568
ord2855
ord4215
ord2576
ord3649
ord2430
ord1637
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord2442
ord5783
ord4155
ord540
ord5871
ord283
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord567
ord692
ord2332
ord2294
ord2729
ord5268
ord2606
ord1197
ord1145
ord3087
ord2293
ord2350
ord1560
ord1137
ord268
ord5706
ord941
ord940
ord665
ord1971
ord3784
ord5180
ord354
ord4224
ord4602
ord4710
ord6238
ord1173
ord1561
ord5977
ord2634
ord922
ord4273
ord4272
ord5679
ord5568
ord2914
ord5061
ord4629
ord4601
ord4744
ord5010
ord4828
ord355
ord2331
ord616
ord772
ord4263
ord6138
ord5856
ord4270
ord1634
ord3614
ord3566
ord1143
ord5781
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord500
ord5748
ord5878
ord3312
ord2854
ord3871
ord2836
ord2099
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord1703
ord1708
ord5230
ord6365
ord5275
ord5058
ord5244
ord2436
ord3725
ord807
ord554
ord3084
ord2072
ord4448
ord4491
ord6451
ord5080
ord2290
ord609
ord4118
ord2567
ord4390
ord3569
ord3867
ord319
ord4357
ord5083
ord4358
ord5078
ord1702
ord1704
ord3375
ord3680
ord450
ord747
ord1878
ord4246
ord4497
ord5950
ord3099
ord3133
ord4143
ord5491
ord2096
ord4454
ord6142
ord5879
ord2112
ord2879
ord5652
ord5472
ord6060
ord2486
ord2619
ord2618
ord6266
ord2004
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord739
ord439
ord442
ord736
ord5082
ord1834
ord4237
ord5996
ord2109
ord4504
ord4356
ord2992
ord5193
ord4695
ord1263
ord1229
ord5047
ord6191
ord3865
ord5024
ord1946
ord5468
ord4146
ord5278
ord674
ord796
ord6373
ord4451
ord529
ord366
ord2912
ord2795
ord958
ord6308
ord4172
ord3313
ord6006
ord5769
ord2593
ord3175
ord3178
ord3171
ord3502
ord3609
ord1259
ord6023
ord6381
ord6022
ord5438
ord1105
ord3785
ord703
ord603
ord6397
ord5441
ord1961
ord273
ord403
ord6398
ord6385
ord2885
ord3515
ord3516
ord1008
ord1192
ord4128
ord4292
ord4225
ord5784
ord5035
ord3688
ord6115
ord562
ord3578
ord620
ord1230
ord1709
ord5147
ord298
ord3749
ord1887
ord4952
ord3402
ord4984
ord4921
ord4926
ord4931
ord4711
ord4682
ord4851
ord5012
ord5102
ord4906
ord4640

msvcrt

_ftol
memmove
setlocale
_wcsdup
free
_wcsicmp
_c_exit
wcstod
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_vsnwprintf
wcscoll
wcscmp
_exit
iswspace
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
__CxxFrameHandler
_purecall
wcslen
_controlfp
?terminate@@YAXXZ
_onexit

advapi32

RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

kernel32

ResetEvent
SetEvent
GlobalGetAtomNameW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
GetLocalTime
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetProcAddress
GetTimeFormatW
FreeLibrary
lstrcmpW
lstrcmpiW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
InterlockedIncrement
LoadLibraryW
GlobalAlloc
lstrlenA
WideCharToMultiByte
CloseHandle
CreateEventW
FindResourceW
GlobalSize
lstrcmpA
DeleteAtom
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
SetThreadPriority
ResumeThread
GlobalAddAtomW
GetLocaleInfoW
Sleep
GetShortPathNameW
GetVersion
GlobalDeleteAtom
SetCurrentDirectoryW
AddAtomW
LoadLibraryExA
ReadFile
CreateFileW
LoadLibraryExW
GetLastError
GetModuleHandleA
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetDateFormatW
LoadLibraryA

gdi32

CreateFontIndirectW
CreatePen
DeleteObject
EnumFontFamiliesW
EnumFontFamiliesExW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateSolidBrush
GetStockObject
Escape
SetPixel
RectVisible
PtVisible
GetTextExtentPoint32W
TextOutW
Rectangle
GetTextColor
GetBkColor
CreateICW
GetPaletteEntries
ScaleWindowExtEx
DPtoLP
GetDeviceCaps
GetObjectW
SelectObject
SetDCBrushColor
SetBkMode
SetTextColor
ExtTextOutW
CreateDCW

user32

SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
DefWindowProcW
GetAsyncKeyState
KillTimer
SetTimer
LoadMenuW
RemoveMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
GetWindow
GetActiveWindow
DialogBoxParamW
ChildWindowFromPoint
GetDlgCtrlID
GetCursorPos
SetCursor
SendMessageW
RegisterWindowMessageW
EnableWindow
RegisterClipboardFormatW
PtInRect
SetRect
OffsetRect
GetWindowRect
GetClientRect
ClientToScreen
UpdateWindow
InvalidateRect
SetActiveWindow
SetCapture
ReleaseCapture
GetKeyState
IsClipboardFormatAvailable
CountClipboardFormats
GetMonitorInfoW
MonitorFromWindow
WinHelpW
CopyRect
FillRect
DrawFocusRect
CreatePopupMenu
AppendMenuW
TabbedTextOutW
DrawTextW
GrayStringW
LoadStringW
GetSysColor
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowTextW
SetFocus
IsWindow
IsWindowEnabled
GetFocus
GetParent
IsChild
LoadBitmapW
GetNextDlgTabItem
DispatchMessageW
TranslateMessage
GetDlgItem
GetDesktopWindow
BringWindowToTop
ScreenToClient
GetSystemMetrics
PostMessageW
LoadIconW
GetClassInfoW
PeekMessageW
MsgWaitForMultipleObjects
CharToOemBuffA
CharToOemA
OemToCharBuffA
SetRectEmpty
EqualRect
LoadCursorW
DrawEdge
GetCapture
SetForegroundWindow
SendMessageTimeoutW
GetClassNameW
IntersectRect
EnumWindows
GetDC
ReleaseDC
FindWindowW
SendDlgItemMessageW
EndDialog

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
CommDlgExtendedError

shell32

DragQueryFileW
SHGetSettings
ShellAboutW
ShellExecuteExW
SHGetSpecialFolderPathW
DragFinish

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
StringFromCLSID
OleInitialize
OleUninitialize
OleRegGetUserType
CoTaskMemFree
ReleaseStgMedium
ReadClassStg

shlwapi

PathFindFileNameW
SHRegGetValueW

Exports

Exports

DllVerifyCLSIDIsSafeToLoad

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d7273322b3721db17cd8df0e65301709

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 168KB - Virtual size: 189KB

.text
Size: 137KB - Virtual size: 137KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 168KB - Virtual size: 189KB