fd4fa38f116797b92f506c1ff2d7d70b02265f9b6a7ebaaf429eb2d96d2b4a46

Sharing

Copy URL Twitter E-mail

General

Target

fd4fa38f116797b92f506c1ff2d7d70b02265f9b6a7ebaaf429eb2d96d2b4a46
Size

201KB
MD5

e430aa45dbd2f2f5d7559f87adfaca0b
SHA1

f52a37724fe15099cd8a90fa261dcdcbd4648658
SHA256

fd4fa38f116797b92f506c1ff2d7d70b02265f9b6a7ebaaf429eb2d96d2b4a46
SHA512

2fac19a369de6262c5366f2e7542dccfd9e45e754c88acb703a8d437fae55fe01d1641ffe7b4feba28dffe5a77343188c15185c4d9c512ea66447f1f7d9103fc
SSDEEP

3072:oS1qE9mxt2kbXbmgjRmGp/yFKh+yyJqcB52CIMA1zPpg8cKHz:opLek+8RmGp/yFK0B52CIM58xz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd4fa38f116797b92f506c1ff2d7d70b02265f9b6a7ebaaf429eb2d96d2b4a46

Files

fd4fa38f116797b92f506c1ff2d7d70b02265f9b6a7ebaaf429eb2d96d2b4a46
.exe windows:4 windows x86 arch:x86

fdda34e73cbef5c23c621f87ebbe4c18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4458
ord1915
ord6571
ord2014
ord6395
ord5455
ord3298
ord4483
ord1781
ord2793
ord2957
ord2858
ord5652
ord5019
ord5106
ord4921
ord5003
ord4730
ord4389
ord4669
ord4490
ord4345
ord4338
ord1730
ord4647
ord5022
ord4495
ord4492
ord4512
ord4962
ord4655
ord4382
ord972
ord2059
ord4645
ord2548
ord5508
ord5957
ord4037
ord3268
ord3353
ord4622
ord5824
ord512
ord780
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord617
ord6215
ord6197
ord5301
ord5214
ord296
ord986
ord5914
ord411
ord4159
ord656
ord2621
ord1134
ord1199
ord1205
ord3610
ord6877
ord2818
ord5572
ord2915
ord939
ord924
ord923
ord5122
ord4563
ord5092
ord1917
ord4254
ord3853
ord4957
ord4861
ord4826
ord3187
ord4950
ord2437
ord2171
ord5020
ord4517
ord4640
ord4916
ord5002
ord4494
ord4491
ord5021
ord3106
ord4605
ord5000
ord4416
ord4652
ord5090
ord5501
ord4628
ord4657
ord5752
ord4155
ord2991
ord3417
ord5025
ord3515
ord6345
ord5627
ord1003
ord3449
ord3788
ord3251
ord4697
ord3060
ord3066
ord6336
ord2510
ord2542
ord5245
ord1747
ord5577
ord3172
ord5654
ord4423
ord4956
ord2403
ord4387
ord3454
ord3198
ord6032
ord4093
ord6082
ord6177
ord3261
ord3280
ord4623
ord4430
ord514
ord748
ord4825
ord5827
ord5742
ord4614
ord4613
ord1918
ord4261
ord2404
ord5341
ord2964
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord3748
ord3282
ord4432
ord5828
ord515
ord813
ord640
ord654
ord3663
ord3626
ord2414
ord609
ord693
ord5257
ord541
ord801
ord6887
ord4284
ord6195
ord3870
ord6880
ord4224
ord3092
ord2012
ord2864
ord4163
ord6625
ord4722
ord6134
ord3876
ord3329
ord2535
ord5295
ord2247
ord323
ord2371
ord4504
ord536
ord2763
ord6200
ord6222
ord4131
ord4130
ord6663
ord922
ord6883
ord5608
ord3763
ord4277
ord2764
ord1726
ord2086
ord3495
ord4736
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord3619
ord5937
ord1641
ord2513
ord293
ord6605
ord1140
ord2455
ord2863
ord3764
ord2526
ord469
ord3771
ord926
ord6282
ord6283
ord4129
ord5683
ord4202
ord941
ord2860
ord2450
ord5787
ord4160
ord5875
ord6172
ord283
ord1640
ord2971
ord5759
ord6192
ord5756
ord976
ord4330
ord6189
ord6021
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord2645
ord2582
ord4402
ord3370
ord3640
ord2575
ord4396
ord3574
ord6905
ord3998
ord3996
ord3302
ord3286
ord6696
ord4203
ord940
ord5053
ord3869
ord2127
ord4468
ord3350
ord975
ord2880
ord2383
ord4437
ord4428
ord529
ord796
ord5885
ord6209
ord2627
ord6000
ord2117
ord5255
ord4724
ord5284
ord2614
ord2919
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord489
ord768
ord4258
ord1908
ord1576
ord4259
ord2827
ord5651
ord3127
ord3616
ord798
ord2393
ord2808
ord1997
ord6407
ord5465
ord5194
ord350
ord533
ord700
ord398
ord5594
ord5710
ord6930
ord6223
ord913
ord6874
ord6648
ord4189
ord3439
ord5450
ord6394
ord5440
ord6383
ord3708
ord781
ord4275
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3395
ord3730
ord554
ord807
ord3693
ord4133
ord4297
ord5788
ord3571
ord2405
ord2753
ord2754
ord5785
ord5884
ord2921
ord2862
ord3742
ord686
ord818
ord384
ord4216
ord3797
ord6194
ord2096
ord2463
ord2119
ord6242
ord4083
ord1859
ord4287
ord2004
ord4299
ord2884
ord1175
ord2152
ord4774
ord4538
ord2859
ord5861
ord4496
ord6027
ord2841
ord2448
ord5834
ord2107
ord2044
ord402
ord4246
ord2391
ord4775
ord6619
ord4457
ord3089
ord4153
ord4501
ord5852
ord5871
ord4364
ord6862
ord6593
ord6594
ord6931
ord6860
ord6749
ord6491
ord620
ord6802
ord2681
ord4268
ord2923
ord1133
ord2587
ord4406
ord3394
ord3729
ord809
ord804
ord556
ord4267
ord816
ord2567
ord2714
ord562
ord3920
ord2408
ord1088
ord2122
ord6358
ord6178
ord2558
ord2920

msvcrt

__CxxFrameHandler
_mbsstr
strrchr
atoi
_mbscmp
time
_mbsicmp
_mbsicoll
localtime
_ftol
_except_handler3
_CxxThrowException
strtol
toupper
memmove
free
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_setmbcp

kernel32

ReadFile
WriteFile
GetTempPathA
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
GetVersionExA
lstrlenA
lstrcpynA
GetSystemDefaultLangID
GetLastError
SetLastError
CreateThread
CreateEventA
DuplicateHandle
GetCurrentProcess
CreatePipe
TerminateThread
WaitForSingleObject
SetEvent
GetCurrentThreadId
CreateProcessA
PeekNamedPipe
WaitForMultipleObjects
GlobalAlloc
GetModuleHandleA
EnumTimeFormatsA
EnumDateFormatsA
GetUserDefaultLCID
GetLocalTime
GetTimeFormatA
lstrcatA
GetDateFormatA
GetLogicalDrives
ExpandEnvironmentStringsA
lstrcmpiA
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
Beep
GetStartupInfoA
Sleep

user32

InflateRect
IsWindow
BeginDeferWindowPos
RedrawWindow
GetClientRect
IsWindowVisible
SetWindowLongA
GetWindowLongA
GetWindow
LoadBitmapA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemInfoA
CallNextHookEx
GetMenu
IsZoomed
SetTimer
ScreenToClient
TrackPopupMenuEx
InvalidateRect
GetMenuStringW
OffsetRect
LoadImageA
BringWindowToTop
PtInRect
GetClassInfoExA
GetClassNameA
GetClassLongA
GetCursorPos
CheckMenuItem
SetRectEmpty
MapDialogRect
DeferWindowPos
SetWindowTextA
OemToCharA
CharToOemA
GetMenuStringA
MessageBoxA
SetWindowPlacement
GetSystemMenu
InsertMenuA
GetWindowPlacement
TrackPopupMenu
SetMenu
EnableMenuItem
GetWindowTextA
GrayStringA
DrawTextA
TabbedTextOutA
DrawFocusRect
FillRect
LoadMenuA
GetSubMenu
GetMenuItemCount
DeleteMenu
RemoveMenu
GetKeyState
GetSystemMetrics
CreatePopupMenu
ClientToScreen
AppendMenuA
GetFocus
CopyRect
SetParent
GetWindowRect
SetWindowPos
GetSysColor
EndDeferWindowPos
PostMessageA
IsMenu
SystemParametersInfoA
UpdateWindow
wsprintfA
ShowWindow
GetParent
EnableWindow
LoadIconA
SendMessageA
MapWindowPoints
GetDlgItem

gdi32

ExtCreatePen
GetBitmapDimensionEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateBitmap
CreatePen
DeleteObject
Escape
ExtTextOutA
RectVisible
PtVisible
CreateICA
GetTextExtentPoint32A
GetBkColor
GetTextColor
TextOutA
Rectangle
GetPaletteEntries
GetStockObject
GetObjectA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetFileInfoA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Replace
ImageList_GetBkColor
ImageList_GetImageCount

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdda34e73cbef5c23c621f87ebbe4c18

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 14KB - Virtual size: 16KB

.rsrc Size: 52KB - Virtual size: 74KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 52KB - Virtual size: 74KB