8e38103492478aaa27af467f896f8511c11442b8d10d6b77ae76001edc920994

Sharing

Copy URL Twitter E-mail

General

Target

8e38103492478aaa27af467f896f8511c11442b8d10d6b77ae76001edc920994
Size

417KB
MD5

7ce3e78e9b038074374d01e1e493ec60
SHA1

9adf2b44cdead109c18aaecf134f0c16acddf928
SHA256

8e38103492478aaa27af467f896f8511c11442b8d10d6b77ae76001edc920994
SHA512

37e4a179c11ab1ca1dea3c723b81936033910980e7b3fcd3dc9e349f52bd4c97109af3ef008194f2316f266a70936acb6b84c6166ac6584376219d3ce0238928
SSDEEP

6144:8CtvBr1HlwxRkajZzDAF/p/uwONct43j92UT:hv0xF49pGHNu4B2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e38103492478aaa27af467f896f8511c11442b8d10d6b77ae76001edc920994

Files

8e38103492478aaa27af467f896f8511c11442b8d10d6b77ae76001edc920994
.exe windows:6 windows x64 arch:x64

8bc3a88f79cbea4a6bbd5ca90d308c01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140ud

ord6343
ord14938
ord15488
ord6989
ord15708
ord8192
ord9563
ord6044
ord16160
ord13294
ord5204
ord15392
ord8020
ord15552
ord16774
ord9216
ord16768
ord3540
ord5225
ord11172
ord6789
ord5239
ord5762
ord5701
ord5686
ord5748
ord5793
ord5716
ord5771
ord5787
ord5728
ord5734
ord5740
ord5722
ord5777
ord5710
ord2011
ord1990
ord2004
ord1978
ord1956
ord13888
ord13892
ord15915
ord3757
ord12545
ord13213
ord13253
ord8183
ord4592
ord3035
ord5227
ord4460
ord16766
ord13522
ord4350
ord13696
ord10606
ord13303
ord13302
ord6607
ord11776
ord11772
ord11774
ord11775
ord11773
ord16917
ord9555
ord11742
ord3799
ord3802
ord3652
ord3651
ord3914
ord3913
ord11965
ord12957
ord12559
ord10501
ord2874
ord4872
ord10679
ord3242
ord15769
ord7305
ord13739
ord12582
ord2499
ord3160
ord9817
ord4612
ord6573
ord530
ord1239
ord7671
ord481
ord13784
ord10705
ord2683
ord573
ord6683
ord2305
ord14942
ord15779
ord13578
ord2581
ord3876
ord3877
ord3756
ord13779
ord2834
ord1495
ord951
ord4747
ord8008
ord3881
ord531
ord269
ord9871
ord5579
ord9740
ord14696
ord1651
ord1649
ord296
ord292
ord286
ord302
ord16621
ord9895
ord9517
ord8166
ord6914
ord2813
ord1863
ord4362
ord2740
ord2736
ord1623
ord8722
ord16524
ord8541
ord1024
ord1203
ord15359
ord2536
ord2652
ord9877
ord4988
ord2970
ord1584
ord9776
ord13870
ord11926
ord14741
ord14674
ord5333
ord9284
ord9693
ord6272
ord2839
ord14256
ord14255
ord16767
ord9215
ord16773
ord10873
ord4671
ord4609
ord14760
ord9236
ord2356
ord13568
ord13567
ord16636
ord14245
ord9287
ord2558
ord13732
ord16845
ord7476
ord16847
ord7478
ord16846
ord7477
ord15965
ord1083
ord7998
ord4365
ord6962
ord13862
ord9564
ord13880
ord13830
ord1201
ord4611
ord6110
ord6501
ord6759
ord10825
ord6469
ord6762
ord6113
ord6331
ord6092
ord8978
ord8979
ord8968
ord6329
ord9568
ord11737
ord10678
ord1240
ord1163
ord1133
ord14982
ord1640
ord1630
ord1638
ord8880
ord11869
ord10424
ord1631
ord2764

kernel32

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CloseHandle
CreateEventW
MultiByteToWideChar
CreateFileA
WaitForSingleObject
CreateProcessA
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetModuleFileNameW
WideCharToMultiByte
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
SetLastError
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
SetEvent
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleExW
OutputDebugStringW
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
DecodePointer
VirtualQuery
FreeLibrary

user32

PostQuitMessage
PeekMessageW
GetSystemMetrics
UnregisterClassW

gdi32

DeleteDC

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

oleaut32

VarDateFromStr
VariantTimeToSystemTime
SysFreeString

gdiplus

GdiplusShutdown

msvcp140d

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

vcruntime140d

__CxxFrameHandler3
memchr
memcpy
memmove
__C_specific_handler
__std_type_info_destroy_list
__C_specific_handler_noexcept
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memset

ucrtbased

__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
free
malloc
_CrtDbgReportW
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
_invalid_parameter
strcpy
strlen
_mktime64
_time64
_calloc_dbg
_CrtDbgReport
_CrtSetReportMode
_findclose
_findfirst64i32
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
__stdio_common_vswprintf
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
exit
wcscpy_s
wcslen

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bc3a88f79cbea4a6bbd5ca90d308c01

Headers

DLL Characteristics

File Characteristics

Imports

mfc140ud

kernel32

user32

gdi32

shell32

comctl32

oleaut32

gdiplus

msvcp140d

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 1KB - Virtual size: 14KB

.pdata Size: 16KB - Virtual size: 16KB

.idata Size: 14KB - Virtual size: 14KB

.msvcjmc Size: 1024B - Virtual size: 673B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 149KB - Virtual size: 149KB

.reloc Size: 4KB - Virtual size: 3KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 1KB - Virtual size: 14KB

.pdata
Size: 16KB - Virtual size: 16KB

.idata
Size: 14KB - Virtual size: 14KB

.msvcjmc
Size: 1024B - Virtual size: 673B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 149KB - Virtual size: 149KB

.reloc
Size: 4KB - Virtual size: 3KB