15f9e359b5fe5a25cd3f9bec389f720a7e22bf10407fc7dd79fed52a74c6eb88

Sharing

Copy URL Twitter E-mail

General

Target

15f9e359b5fe5a25cd3f9bec389f720a7e22bf10407fc7dd79fed52a74c6eb88
Size

756KB
MD5

c58dc9fe79cb248a4b5bafa1382fc4be
SHA1

efa0396dbdc2d09c8b25bb6faa70047cba12b28f
SHA256

15f9e359b5fe5a25cd3f9bec389f720a7e22bf10407fc7dd79fed52a74c6eb88
SHA512

992b36211c2f3497e924630a5e99dbd68af7ffdd47a48ef6ac4166ab286cbc23b0d72b4726011b4327511d53e6f99e76d0262060531de47e5ef7c96a51ef6b84
SSDEEP

12288:z6jspupuUS/NWxQoE2ZsbrlHwUg6cpIZWpSK+aHTm+sgUBi5gWTZUUVqS/nwfQSQ:z64pcudiQoE2ZsbKUg6cpIZWpSK+azmf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15f9e359b5fe5a25cd3f9bec389f720a7e22bf10407fc7dd79fed52a74c6eb88

Files

15f9e359b5fe5a25cd3f9bec389f720a7e22bf10407fc7dd79fed52a74c6eb88
.exe windows:5 windows x86 arch:x86

dbeae4ba951f6c03a2ccfe559b2effc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120

ord1136
ord5729
ord7915
ord13444
ord2123
ord501
ord1138
ord6103
ord4042
ord6193
ord3757
ord5417
ord10211
ord7507
ord990
ord1463
ord7845
ord2158
ord949
ord13238
ord7175
ord13690
ord2224
ord2259
ord4537
ord6729
ord10083
ord5646
ord12740
ord12037
ord12069
ord10264
ord8062
ord12065
ord12057
ord11949
ord3801
ord6226
ord14441
ord6227
ord14442
ord6225
ord14440
ord7848
ord12345
ord14240
ord11803
ord11802
ord1985
ord7789
ord12759
ord4039
ord4100
ord9234
ord14366
ord7770
ord14368
ord12356
ord12355
ord2442
ord5241
ord8167
ord12677
ord8229
ord8311
ord4826
ord10867
ord6410
ord1106
ord4040
ord365
ord4119
ord1061
ord6367
ord8964
ord3098
ord4167
ord1063
ord362
ord1128
ord6426
ord8977
ord1691
ord13701
ord6436
ord13094
ord8208
ord8652
ord12898
ord12897
ord6669
ord895
ord6366
ord358
ord450
ord1103
ord6405
ord13062
ord13559
ord12372
ord12392
ord12765
ord12679
ord12907
ord12899
ord13090
ord13826
ord13892
ord8720
ord12831
ord12834
ord6363
ord6443
ord3831
ord5101
ord2476
ord2478
ord11990
ord12165
ord13900
ord13889
ord13904
ord4597
ord4822
ord4272
ord9303
ord11214
ord5303
ord13335
ord4827
ord13908
ord1384
ord887
ord7508
ord3782
ord1438
ord997
ord1467
ord6707
ord9047
ord10088
ord8064
ord5293
ord7565
ord7575
ord7574
ord6007
ord5119
ord5295
ord5139
ord5672
ord5409
ord9186
ord5643
ord5433
ord5136
ord11986
ord3216
ord3321
ord492
ord3890
ord11942
ord2638
ord5814
ord13488
ord11538
ord13457
ord12860
ord4255
ord11781
ord5469
ord5472
ord5465
ord6205
ord6430
ord2827
ord5765
ord4447
ord2518
ord2352
ord321
ord1055
ord346
ord494
ord6432
ord5398
ord12596
ord1137
ord500
ord11783
ord5396
ord12874
ord7948
ord7270
ord6408
ord12901
ord12840
ord5306
ord4433
ord7348
ord6662
ord458
ord6686
ord4823
ord1465
ord992
ord11455
ord14102
ord6930
ord2130
ord7188
ord6734
ord2818
ord2302
ord1959
ord4671
ord12425
ord1406
ord926
ord1174
ord6465
ord8969
ord3142
ord2947
ord3823
ord14346
ord2709
ord8878
ord11991
ord9073
ord10844
ord14281
ord2209
ord4425
ord7350
ord3646
ord1108
ord462
ord6973
ord13914
ord6891
ord8658
ord14009
ord3813
ord6745
ord14367
ord7771
ord14369
ord3008
ord4442
ord9528
ord4450
ord4893
ord4858
ord4851
ord4889
ord4916
ord4867
ord4900
ord4912
ord4875
ord4879
ord4883
ord4871
ord4904
ord4863
ord1731
ord1722
ord1726
ord1718
ord1706
ord12075
ord12077
ord13658
ord3217
ord9094
ord10831
ord6844
ord12038
ord8803
ord14361
ord11756
ord3787
ord11907
ord8973
ord11547
ord11546
ord5536
ord10121
ord10117
ord10119
ord10120
ord10118
ord2717
ord8055
ord3253
ord3256
ord13541
ord6098
ord3208
ord4184
ord4969
ord3906
ord2168
ord7667
ord1687
ord1688
ord310
ord12697
ord8204
ord265
ord2339
ord1524
ord4764
ord305
ord5801
ord2963
ord1656
ord2716
ord13537
ord6096
ord3117
ord3353
ord3354
ord4041
ord10302
ord11218
ord2838
ord498
ord8308
ord3765
ord1348
ord821
ord10260
ord11725
ord13714
ord13715
ord6748
ord12854
ord7910
ord13059
ord10567
ord6843
ord14103
ord5553
ord7364
ord1175
ord8970
ord7029
ord12960
ord13056
ord13741
ord1347
ord820
ord1645
ord1442
ord971
ord1157
ord8968
ord3128
ord3293
ord7010
ord4171
ord3138
ord1166
ord540
ord14320
ord1980
ord1453
ord980
ord5008
ord2844
ord4746
ord1698
ord14230
ord8335
ord3322
ord14379
ord12374
ord5012
ord2199
ord316
ord300
ord8614
ord6839
ord6376
ord9048
ord13479
ord5841
ord5005
ord1521
ord1041
ord2256
ord10843
ord12882
ord8877
ord2365
ord266
ord1502
ord5797
ord1504

msvcr120

_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
memcpy
_libm_sse2_log10_precise
_libm_sse2_pow_precise
__CxxFrameHandler3
_CxxThrowException
_setmbcp
_CIatan2
_CIsinh
_except1
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
memset
round
atoi
rand
_time64
srand
_mbsstr
sprintf
memcpy_s
memmove
free
malloc
_splitpath
_libm_sse2_cos_precise

kernel32

FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
WideCharToMultiByte
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
GetLastError
MultiByteToWideChar
lstrlenA
LocalFree
OutputDebugStringW
InterlockedIncrement
GetModuleFileNameA
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetUserDefaultUILanguage
DecodePointer
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
MulDiv
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
CloseHandle
CreateFileMappingA
GetCurrentProcessId
CreateProcessA
lstrcatA
GetVersionExA

user32

GetClientRect
ReleaseCapture
InvalidateRect
EnableWindow
DrawIcon
IsIconic
AppendMenuA
GetSystemMenu
LoadIconW
DestroyIcon
HideCaret
SystemParametersInfoA
AdjustWindowRectEx
UnionRect
LoadBitmapA
IsWindow
SetWindowLongA
MessageBeep
GetCapture
GetNextDlgTabItem
DrawEdge
DrawFrameControl
IsRectEmpty
IntersectRect
SetRectEmpty
ChildWindowFromPoint
LoadCursorW
UpdateWindow
GetCursorPos
CopyRect
IsWindowVisible
GetDesktopWindow
MapWindowPoints
LoadBitmapW
SendMessageA
GetWindowLongA
DrawFocusRect
SetRect
OffsetRect
FillRect
GetWindowRect
ClientToScreen
InflateRect
DestroyCursor
GetSystemMetrics
GetSysColor
KillTimer
PtInRect
SetCursor
CopyIcon
LoadCursorA
ReleaseDC
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetDC
SetTimer
GetKeyState
RedrawWindow
GetParent
PostMessageA
SetCapture

gdi32

RectVisible
PtVisible
CreatePen
CreateSolidBrush
TextOutA
SelectObject
CreateFontIndirectA
DeleteObject
GetStockObject
ExtTextOutA
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetViewportExtEx
GetWindowExtEx
DPtoLP
BitBlt
Polygon
Rectangle
SetTextColor
CreateBitmap
CreateDCA
Ellipse
Polyline
CreateRoundRectRgn
SetBrushOrgEx
GetBrushOrgEx
GetTextMetricsA
RealizePalette
CreatePalette
CreateRectRgn
PtInRegion
CreateRectRgnIndirect
FrameRgn
CreatePolygonRgn
GetTextExtentPoint32A
CreateFontA
DeleteDC
StretchBlt
SetStretchBltMode
GetObjectA
GetDeviceCaps
GetPixel
SetBkColor
GetBkColor

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueA

shell32

SHFileOperationA
ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_AddMasked

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
VariantChangeType
SysAllocString
VariantInit
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear

gdiplus

GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipGetGenericFontFamilySansSerif
GdipGetDpiY
GdipSetSolidFillColor
GdipSetPenColor
GdipFillPolygon
GdipDrawLine
GdiplusShutdown
GdiplusStartup
GdipFillRectangleI
GdipReleaseDC
GdipDrawLines
GdipTranslateWorldTransform
GdipSetClipRectI
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectI
GdipFillEllipseI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipLoadImageFromFile
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStreamICM
GdipSetStringFormatFlags

ws2_32

inet_addr
gethostbyname
gethostname
inet_ntoa
recvfrom
ioctlsocket
closesocket
bind
socket
htonl
htons
WSACleanup
WSAStartup
sendto

msvcp120

?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

winmm

timeBeginPeriod
timeEndPeriod
timeSetEvent
timeGetDevCaps
timeKillEvent

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbeae4ba951f6c03a2ccfe559b2effc6

Headers

DLL Characteristics

File Characteristics

Imports

mfc120

msvcr120

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

ws2_32

msvcp120

winmm

Sections

.text Size: 339KB - Virtual size: 339KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 3KB - Virtual size: 3.5MB

_RDATA Size: 6KB - Virtual size: 6KB

.rsrc Size: 276KB - Virtual size: 275KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 339KB - Virtual size: 339KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 3KB - Virtual size: 3.5MB

_RDATA
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 276KB - Virtual size: 275KB

.reloc
Size: 36KB - Virtual size: 35KB