0517cba8c243803ea2c104f13d1bbf364f8384a32c0d5b5aee124b1b96d34399

Sharing

Copy URL Twitter E-mail

General

Target

0517cba8c243803ea2c104f13d1bbf364f8384a32c0d5b5aee124b1b96d34399
Size

194KB
MD5

ad0ce481c75bf2531fc11c6066032721
SHA1

2f3d1a4256229c34a695e4e386125f1469014e15
SHA256

0517cba8c243803ea2c104f13d1bbf364f8384a32c0d5b5aee124b1b96d34399
SHA512

90add33da56a04763afa5f6c6859e6cb4f385cf641a365c8451ec4696ebbeb67010d11fa126b0bf8cebc1bdac251a00506b1c2dfb702f49ce63738e36b2ab9d2
SSDEEP

3072:vbIVkbtoZsi3NQu/nl11+pqPyMxA1eIgBk:vbIVkbtwsoQu1gpUM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0517cba8c243803ea2c104f13d1bbf364f8384a32c0d5b5aee124b1b96d34399

Files

0517cba8c243803ea2c104f13d1bbf364f8384a32c0d5b5aee124b1b96d34399
.exe windows:6 windows x86 arch:x86

99ec9a4fe9dc2220fd6ee220084c3d87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120

ord980
ord7526
ord1980
ord3854
ord1687
ord2199
ord3645
ord3644
ord3646
ord2518
ord4447
ord14281
ord6408
ord3117
ord3354
ord3353
ord458
ord10302
ord11218
ord10844
ord8878
ord11990
ord9048
ord2716
ord13537
ord6096
ord11949
ord7348
ord4272
ord1691
ord4091
ord8658
ord13908
ord14009
ord4425
ord6937
ord3100
ord5761
ord4170
ord8585
ord2946
ord3821
ord1065
ord8966
ord2162
ord4042
ord8317
ord13116
ord5018
ord13113
ord13562
ord2249
ord14372
ord3188
ord4798
ord262
ord540
ord3135
ord4825
ord3818
ord1166
ord6723
ord5725
ord5698
ord8803
ord1455
ord7501
ord6484
ord3881
ord2482
ord4175
ord8587
ord10083
ord5646
ord12037
ord12069
ord8062
ord12057
ord5797
ord3801
ord6729
ord990
ord13690
ord6226
ord14441
ord6227
ord14442
ord6225
ord14440
ord7848
ord12345
ord3890
ord11802
ord11803
ord1985
ord7789
ord12759
ord4039
ord4100
ord9234
ord14366
ord7770
ord14368
ord12355
ord12356
ord2442
ord10211
ord5241
ord8167
ord4537
ord12677
ord12740
ord10264
ord12065
ord8229
ord1463
ord7507
ord8311
ord2944
ord7508
ord3903
ord450
ord13090
ord13826
ord1103
ord11907
ord1384
ord13914
ord13267
ord8595
ord9536
ord10867
ord2168
ord6839
ord14151
ord1465
ord992
ord4119
ord4597
ord13094
ord6436
ord3831
ord6443
ord2210
ord14430
ord12219
ord14377
ord12162
ord321
ord2352
ord8308
ord4764
ord1521
ord1041
ord310
ord300
ord316
ord8070
ord6625
ord2334
ord2339
ord2342
ord2341
ord266
ord265
ord1502
ord7498
ord4888
ord8830
ord11597
ord11537
ord2582
ord2606
ord1451
ord5721
ord3317
ord3212
ord979
ord7283
ord13760
ord14351
ord11896
ord11916
ord11989
ord3888
ord8017
ord12271
ord8182
ord3791
ord4203
ord4233
ord4199
ord4157
ord4127
ord4061
ord2607
ord6098
ord13541
ord3256
ord3253
ord10088
ord8055
ord2717
ord10118
ord10120
ord10119
ord6844
ord10831
ord9094
ord3217
ord13658
ord12077
ord12075
ord1706
ord1718
ord1726
ord1722
ord1731
ord4863
ord4904
ord4871
ord4883
ord4879
ord4875
ord4912
ord4900
ord4867
ord4916
ord4851
ord4858
ord4893
ord4450
ord5672
ord9528
ord4442
ord3008
ord14369
ord7771
ord14367
ord6745
ord4414
ord13488
ord5814
ord2638
ord3321
ord3782
ord14361
ord12038
ord11214
ord9303
ord7668
ord5306
ord5303
ord4827
ord997
ord6366
ord2478
ord4823
ord8204
ord8599
ord4613
ord4612
ord2950
ord5801
ord1688
ord1524
ord305
ord2963
ord12374
ord5005
ord4969
ord1645
ord1453
ord6193
ord1138
ord501
ord6103
ord2256
ord1128
ord6989
ord1106
ord2476
ord4041
ord3322
ord3216
ord11986
ord5136
ord5433
ord5643
ord9186
ord5409
ord5139
ord5295
ord5119
ord7574
ord4889
ord13335
ord8188
ord11538
ord12840
ord2818
ord887
ord7667
ord7575
ord7565
ord5293
ord8064
ord5311
ord11942
ord10117
ord10121
ord5536
ord11546
ord11547
ord8977
ord3787
ord14240
ord11756
ord9047
ord13436
ord1504
ord2365

msvcr120

_setmbcp
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_time64
srand
rand
vsprintf
sprintf
fprintf
fopen_s
fopen
fclose
mbstowcs_s
_mbstok_s
strcpy_s
ldiv
memcpy
_CxxThrowException
_mbslen
memmove
memmove_s
_purecall
memset
__CxxFrameHandler3
memcpy_s
free
_strupr

kernel32

OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
CopyFileA
OpenFile
GetLocalTime
CloseHandle
GetFileSize
CreateDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
lstrcpyA
GetCurrentDirectoryA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DecodePointer

user32

GetWindowTextA
DrawIcon
IsIconic
DrawEdge
GetMenuDefaultItem
GetMenuItemCount
CreatePopupMenu
DestroyIcon
CopyRect
ScreenToClient
DestroyMenu
InvalidateRect
IsWindowEnabled
GetFocus
GetDlgCtrlID
GetParent
MessageBeep
GetAsyncKeyState
SendMessageA
PtInRect
OffsetRect
InflateRect
GetSysColor
GetCursorPos
GetWindowRect
GetClientRect
RedrawWindow
GetSystemMetrics
KillTimer
SetTimer
GetKeyState
SetWindowPos
IsWindow
EnableWindow
LoadIconW

gdi32

CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoA
SHGetPathFromIDListA
ExtractIconA
SHBrowseForFolderA

comctl32

ImageList_GetImageInfo
ImageList_GetIcon
ImageList_ReplaceIcon

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99ec9a4fe9dc2220fd6ee220084c3d87

Headers

DLL Characteristics

File Characteristics

Imports

mfc120

msvcr120

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcp120

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 109KB - Virtual size: 108KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 109KB - Virtual size: 108KB

.reloc
Size: 7KB - Virtual size: 6KB