7680599f386849ce1ae5a7258f21492974460998d8f224d8c3faaf8f218d5645

Sharing

Copy URL Twitter E-mail

General

Target

7680599f386849ce1ae5a7258f21492974460998d8f224d8c3faaf8f218d5645
Size

2.4MB
MD5

38d15d91b9f36628f578c3470b0eee8c
SHA1

3cd23e5a1aff4fe11f95327fc9059b830abf07b4
SHA256

7680599f386849ce1ae5a7258f21492974460998d8f224d8c3faaf8f218d5645
SHA512

52c36d6e184e2eb220bd6f697b3517fe796057b0b74c2b3f23dc0a7e2e29424860573436b6b3e7f3238bc9c993929a1bb06431d816bf87ffd09ac501ffc62236
SSDEEP

49152:Buj9s8eVaYYaPA6TakdZXB8YR7GVz1z/dp5CvRwv05MNbDzfQcP3ST:K98aYYaPA6GkXX5R7GVz1zsa05i3zfQc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7680599f386849ce1ae5a7258f21492974460998d8f224d8c3faaf8f218d5645

Files

7680599f386849ce1ae5a7258f21492974460998d8f224d8c3faaf8f218d5645
.exe windows:5 windows x86 arch:x86

39fce282d6e8ca89a32c81499e3a8ec1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140u

ord4936
ord1777
ord1756
ord1770
ord1744
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord14588
ord11936
ord3838
ord12089
ord9132
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord2761
ord5003
ord3302
ord3305
ord13756
ord6220
ord4225
ord540
ord8464
ord7447
ord290
ord7495
ord2385
ord2389
ord462
ord8470
ord8386
ord12865
ord8324
ord5357
ord2486
ord12541
ord12542
ord14589
ord7922
ord4966
ord9398
ord4152
ord4090
ord12947
ord8210
ord4948
ord5013
ord2034
ord11982
ord11983
ord7820
ord5850
ord8757
ord2477
ord1523
ord10472
ord4885
ord3833
ord890
ord1391
ord11038
ord14137
ord3182
ord4884
ord8062
ord13656
ord5813
ord13646
ord8067
ord4886
ord8746
ord4227
ord6607
ord3932
ord2526
ord14377
ord6533
ord9210
ord9235
ord12173
ord2760
ord13752
ord6218
ord3164
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord3852
ord5918
ord12239
ord12247
ord4960
ord14595
ord4997
ord3403
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord3404
ord11396
ord4502
ord11015
ord9693
ord4494
ord9040
ord12131
ord3055
ord5110
ord14590
ord4663
ord7923
ord14596
ord6877
ord12884
ord12921
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5790
ord5984
ord10255
ord6589
ord1002
ord4219
ord3145
ord9126
ord6129
ord6490
ord9139
ord6549
ord4360
ord2215
ord2246
ord4954
ord3697
ord3816
ord7941
ord7481
ord1526
ord4589
ord8217
ord10433
ord12251
ord12219
ord12928
ord5249
ord5549
ord5760
ord9350
ord5525
ord5763
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord6860
ord1113
ord6489
ord6566
ord3882
ord296
ord4815
ord2304
ord1111
ord1133
ord1066
ord1180
ord1171
ord4092
ord13911
ord7313
ord13442
ord952
ord2205
ord7997
ord1472
ord995
ord7653
ord10379
ord280
ord1045
ord286
ord265
ord266
ord2409
ord1511
ord1513

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetVersion
GetCommandLineA
IsBadCodePtr
SetStdHandle
FlushFileBuffers
LCMapStringA
GetEnvironmentStringsW
WriteFile
ExitProcess
SetHandleInformation
GetComputerNameA
LoadLibraryA
RtlMoveMemory
GetVersionExA
GetWindowsDirectoryA
lstrcpyn
MultiByteToWideChar
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
Process32NextW
OpenProcess
GetProcessTimes
FileTimeToSystemTime
TerminateProcess
VirtualQuery
FreeLibrary
GetEnvironmentVariableA
GetLastError
GetTempPathA
CreateFileW
DeviceIoControl
CreateThread
Sleep
TerminateThread
HeapCreate
VirtualFree
LCMapStringW
SetSystemTime
OutputDebugStringW
CreateFileA
GetVolumeInformationA
CreateMutexW
VirtualProtect
VirtualAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
GetStringTypeA
GetStringTypeW
Process32FirstW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
GetTickCount
QueryPerformanceFrequency
GetPrivateProfileIntA
GetModuleHandleW
GetFileAttributesA
CreateDirectoryA
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetProcAddress
GetCurrentProcess
GetPrivateProfileIntW
GetLocalTime
GetPrivateProfileStringA
GetFileSize
ReadFile
GetFileAttributesW
WideCharToMultiByte
GetCurrentProcessId
CreateEventA
CreateFileMappingA
CreateProcessA
SetEvent
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
HeapFree
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapReAlloc
RaiseException
HeapAlloc
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
CreateEventW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
SetLastError
GetExitCodeThread
IsBadReadPtr
GetSystemInfo
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
HeapDestroy

user32

MoveWindow
CreateWindowStationA
UpdateWindow
GetWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
SendMessageA
GetWindowTextW
LoadMenuW
GetParent
GetCursorPos
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
wsprintfA
GetWindowRect
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
PostMessageA
SetDlgItemTextW
SendMessageW
MessageBoxW
LoadIconW
GetSubMenu
EnableWindow
CloseWindowStation
MessageBoxA
DispatchMessageA
GetMessageA
PeekMessageA
GetDesktopWindow

advapi32

OpenSCManagerA
OpenServiceA
CreateServiceA
StartServiceA
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileA
SHGetFolderPathA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon

shlwapi

StrCmpW

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

ws2_32

closesocket
gethostbyname
inet_ntoa
setsockopt
WSASocketW
bind
WSAIoctl
WSARecv
WSAGetLastError
htons
WSAStartup
shutdown
inet_addr
select
connect
ioctlsocket

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

iphlpapi

GetAdaptersInfo

vcruntime140

__telemetry_main_return_trigger
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__CxxFrameHandler3
memset
strstr
memmove
__std_terminate
memcpy
_CxxThrowException
__telemetry_main_invoke_trigger

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-runtime-l1-1-0

_get_wide_winmain_command_line
exit
_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
system
_exit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-string-l1-1-0

strtok
toupper

api-ms-win-crt-time-l1-1-0

_mktime64
_time64
_localtime64_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
_set_fmode
__p__commode
fopen
__stdio_common_vsscanf
fwrite
__stdio_common_vfprintf
__acrt_iob_func
fclose

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-convert-l1-1-0

_wtol
atoll
atol
_wtoll
_wtoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39fce282d6e8ca89a32c81499e3a8ec1

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

advapi32

shell32

comctl32

shlwapi

msvcp140

ws2_32

wininet

iphlpapi

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 366KB - Virtual size: 366KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 76KB - Virtual size: 90KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 366KB - Virtual size: 366KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 76KB - Virtual size: 90KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 12KB - Virtual size: 12KB