d17f8cfab5019a4f0b9470a9f10199d72839be21ae30e10f21eaa16bb533e4f0

Sharing

Copy URL Twitter E-mail

General

Target

d17f8cfab5019a4f0b9470a9f10199d72839be21ae30e10f21eaa16bb533e4f0
Size

197KB
MD5

3b81952833617e84ddc4aba91df4b5ea
SHA1

6a993db3fec97ca025a150ac8bdbd5444bd649e4
SHA256

d17f8cfab5019a4f0b9470a9f10199d72839be21ae30e10f21eaa16bb533e4f0
SHA512

9333705708915ee4ca23aff4fcc5ce84100b3b8554d148c8c10763923c7d8b75c06d035a7abf69b67b3ebf78d4b8ef8eeaa21529268021c06fec7765f581a68a
SSDEEP

6144:rkfDpyr4iPrS0O7/o09cfjbIgH/Kw2utkssIyTM9WOOTVM7:IfDmBfjb6TM9WvM7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d17f8cfab5019a4f0b9470a9f10199d72839be21ae30e10f21eaa16bb533e4f0

Files

d17f8cfab5019a4f0b9470a9f10199d72839be21ae30e10f21eaa16bb533e4f0
.exe windows:5 windows x64 arch:x64

a49446121926ae41d00228b27a038aba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crashrpt1403

ord8
ord16
ord24
ord27
ord9

mfc100

ord4124
ord10602
ord1457
ord856
ord319
ord2037
ord11775
ord7534
ord3991
ord1244
ord12764
ord957
ord4034
ord411
ord1895
ord11465
ord7576
ord11428
ord11147
ord11770
ord1415
ord4308
ord306
ord12762
ord2524
ord1948
ord11312
ord12763
ord12974
ord12758
ord3990
ord1461
ord12955
ord10984
ord12936
ord2018
ord10961
ord5769
ord12751
ord7539
ord11311
ord6745
ord12358
ord7190
ord12752
ord300
ord310
ord266
ord1272
ord1426
ord265
ord7575
ord2454
ord11005
ord2530
ord4742
ord1291
ord3697
ord1294
ord5002
ord7038
ord316
ord305
ord5035
ord4341
ord1274
ord889
ord3285
ord2024
ord857
ord1245
ord2022
ord1905
ord2538
ord2028

msvcr100

_amsg_exit
__getmainargs
_XcptFilter
_exit
_cexit
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
atoi
memcpy_s
memmove
_mbsicmp
printf
??0exception@std@@QEAA@AEBQEBDH@Z
?what@exception@std@@UEBAPEBDXZ
_onexit
_time64
_purecall
sprintf
free
malloc
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
_CxxThrowException
_fullpath
memcpy
srand
_recalloc
calloc
memset
__CxxFrameHandler3
memcmp
_lock
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
_difftime64
_vsnprintf
_access
strcpy_s
atol
_localtime64_s
strftime
_mktime64
memmove_s

kernel32

MultiByteToWideChar
lstrlenA
GetModuleHandleA
GetFileAttributesA
LocalFree
GetEnvironmentVariableA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
GetModuleFileNameA
QueueUserWorkItem
WaitForSingleObject
SetEvent
CreateEventA
DeleteFileA
GetTempFileNameA
GetTempPathA
SetConsoleCtrlHandler
SetEnvironmentVariableA
Beep
Sleep
LeaveCriticalSection
EnterCriticalSection
GetNativeSystemInfo
GetPrivateProfileStringA
GetPrivateProfileIntA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
CloseHandle
DeviceIoControl
CreateFileA

advapi32

StartServiceCtrlDispatcherA
DeleteService
QueryServiceStatus
ControlService
OpenServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
CreateServiceA

shlwapi

PathFileExistsA

msvcp100

?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z

oleaut32

VariantCopy
GetErrorInfo
VariantInit
VariantClear
SysAllocString
SysFreeString

hpsocket

HP_Destroy_TcpServer
HP_Create_TcpServer

iphlpapi

SendARP

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA

ws2_32

gethostname
WSACleanup
inet_addr
WSAStartup

user32

IsWindow
SendMessageA

ole32

OleRun
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a49446121926ae41d00228b27a038aba

Headers

DLL Characteristics

File Characteristics

Imports

crashrpt1403

mfc100

msvcr100

kernel32

advapi32

shlwapi

msvcp100

oleaut32

hpsocket

iphlpapi

setupapi

ws2_32

user32

ole32

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB