b48ddc7859b2e65ccc4d2b9daebab9d59fa2435ad65f7a28ff3d76d4e64e0e10

Sharing

Copy URL Twitter E-mail

General

Target

b48ddc7859b2e65ccc4d2b9daebab9d59fa2435ad65f7a28ff3d76d4e64e0e10
Size

312KB
MD5

90ea4f2ae8a4362ff6efd31f551b8627
SHA1

acb7364077a39cb2a9549a80e1b845d954e9ae4f
SHA256

b48ddc7859b2e65ccc4d2b9daebab9d59fa2435ad65f7a28ff3d76d4e64e0e10
SHA512

242b9a7cd3c54101db2938d171d96aa65dc7c951f8f429001d4a2ad5d7ee29f1152d2ba3c7770ca22926dcd532e2730e033bbf516c8cc9b8885105b39d7e5f20
SSDEEP

6144:pRBy5O02Zldxn4svGyn/4UUO9+43wnDrvvC:p/KO02Zldxn4Jyn/4IryDrvvC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b48ddc7859b2e65ccc4d2b9daebab9d59fa2435ad65f7a28ff3d76d4e64e0e10

Files

b48ddc7859b2e65ccc4d2b9daebab9d59fa2435ad65f7a28ff3d76d4e64e0e10
.exe windows:4 windows x86 arch:x86

77ff137db551675a82ac0ac2eea65ead

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rwcomlib

ord101
ord1

rwdicapi

ord112
ord118
ord6
ord8
ord107
ord108
ord20
ord105
ord104
ord110
ord13
ord106
ord21
ord114
ord9
ord19

rwdiccom

ord202
ord3
ord801
ord802
ord203
ord2

rwdicman

ord403
ord1
GetPron
ord302
ord31
ord127
ord34
ord406
ord405

rwlanman

ord106

rwtfview

ord22

tccomlib

ord508
ord509
ord514
ord505
ord519
ord510
ord518
ord517
ord504
ord33

tctxtlib

ord504
ord505
ord301
ord602
ord304
ord604

meddicres

ord2
ord10

rwtts

?ReadChsEngText@CTTSReader@@QAEXPAD@Z
??1CTTSReader@@UAE@XZ
?InitSapi@CTTSReader@@QAEJXZ
?StopRead@CTTSReader@@QAEXXZ
??0CTTSReader@@QAE@XZ

ppedit

ord2
ord4

mfc42

ord4465
ord3136
ord3259
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord2982
ord3147
ord4080
ord4627
ord4425
ord3597
ord800
ord715
ord3079
ord860
ord540
ord415
ord3825
ord641
ord2289
ord2370
ord2302
ord4234
ord535
ord3874
ord6197
ord4710
ord6453
ord1081
ord6242
ord2867
ord823
ord3619
ord324
ord3663
ord2414
ord6199
ord2915
ord6880
ord1641
ord537
ord2642
ord825
ord3626
ord656
ord924
ord926
ord858
ord2614
ord5981
ord6283
ord3571
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord4424
ord3574
ord640
ord809
ord609
ord323
ord556
ord567
ord5785
ord4275
ord4284
ord2379
ord2405
ord5053
ord2864
ord3092
ord4297
ord5788
ord472
ord283
ord5875
ord2859
ord1640
ord1146
ord2122
ord4160
ord6358
ord1088
ord2567
ord3398
ord3733
ord686
ord810
ord384
ord6334
ord4133
ord2862
ord2096
ord2408
ord6008
ord3297
ord3573
ord755
ord6172
ord5873
ord470
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4467
ord4303
ord3351
ord5012
ord976
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord4427
ord401
ord674
ord5254
ord3721
ord795
ord5789
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord4271
ord2713
ord3693
ord613
ord289
ord816
ord562
ord5651
ord3127
ord3616
ord665
ord5442
ord3318
ord5186
ord350
ord354
ord2452
ord2753
ord1834
ord4750
ord5016
ord4375
ord4852
ord355
ord4229
ord5232
ord1180
ord1176
ord1568
ord5268
ord4834
ord4608
ord4716
ord4607
ord4635
ord5919
ord941
ord6222
ord2764
ord2860
ord3596
ord2450
ord6157
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2080
ord3089
ord3495
ord4123
ord3317
ord4287
ord1168
ord2754
ord922
ord3732
ord4270
ord1848
ord4243
ord4220
ord2584
ord3654
ord2582
ord3370
ord3640
ord4402
ord693
ord1644
ord2446
ord5277
ord3293
ord4278
ord6648
ord2818
ord6215
ord3910
ord6007
ord3998
ord703
ord603
ord1969
ord273
ord404
ord3520
ord3996
ord6662
ord3286
ord6696
ord6270
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord5284
ord4437
ord4428
ord796
ord554
ord529
ord402
ord807
ord4457
ord5255
ord1232
ord1153
ord6378
ord6380
ord5572
ord4413
ord1829
ord1200
ord940
ord2763
ord1927
ord793
ord4083
ord3337
ord3811
ord6282
ord6905
ord3499
ord3706
ord4538
ord5781
ord6241
ord2097
ord4476
ord939
ord6877
ord2884
ord4774
ord1175
ord3303
ord6170
ord6778
ord2299
ord2455
ord2863
ord2919
ord1979
ord6385
ord3790
ord5710
ord1997
ord6407
ord798
ord5194
ord2124
ord1795
ord2841
ord2107
ord5450
ord5440
ord6383
ord6394
ord4400
ord3630
ord682
ord6605
ord2714
ord2243
ord2431
ord325
ord2086
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord1768
ord6307
ord617
ord5301
ord5214
ord296
ord986
ord411
ord6117
ord1205
ord4167
ord521
ord413
ord2621
ord1134
ord2725
ord1158
ord4299
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord4623
ord4426
ord338
ord652
ord4823
ord6175
ord4614
ord4613
ord1841
ord4241
ord4589
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord364
ord784
ord5260
ord5677
ord4720
ord2535
ord4129
ord1949
ord3643
ord394
ord696
ord909
ord5628
ord4185
ord3742
ord818
ord1270
ord2152
ord5787
ord6379
ord2784
ord1803
ord668
ord3181
ord4058
ord2781
ord2770
ord356
ord1817
ord1928
ord1842
ord1865
ord1864
ord1945
ord3903
ord2380
ord5065
ord5261
ord1727
ord2055
ord3749
ord6376
ord4837
ord2648
ord4441
ord4353
ord3798
ord5280
ord2385
ord6374
ord5163
ord1775
ord5241
ord4407
ord2514
ord4078
ord6052
ord4376
ord4998
ord4853
ord2438
ord5265
ord3797
ord3177
ord5067
ord533
ord1576

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__getmainargs
__p__commode
__p__fmode
__set_app_type
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
strtol
strncmp
_purecall
_mbsicmp
_ismbcspace
strchr
sprintf
wcslen
_makepath
fopen
fprintf
fclose
_splitpath
calloc
sscanf
strrchr
atoi
_mbscmp
_mbsnbcpy
_ftol
malloc
free
__CxxFrameHandler
_strcmpi
_setmbcp
_acmdln

kernel32

GlobalUnlock
GetStartupInfoA
DeleteFileA
RemoveDirectoryA
GetWindowsDirectoryA
GetVersion
FreeLibrary
lstrcatA
GetModuleHandleA
GetSystemDefaultLangID
GetLastError
GetCurrentThreadId
SizeofResource
LockResource
GlobalAlloc
FindResourceA
MulDiv
LoadResource
GetVersionExA
GetPrivateProfileStringA
lstrlenA
lstrcpyA
GetModuleFileNameA
lstrcmpA
GetExitCodeThread
Sleep
CloseHandle
IsDBCSLeadByteEx
LocalFree
GetFileAttributesA
MultiByteToWideChar
CreateThread
LocalAlloc
CreateProcessA
GetProcAddress
ExitThread
GetTempPathA
lstrcmpiA
LoadLibraryA
IsDBCSLeadByte
GlobalLock
GetPrivateProfileIntA

user32

GetNextDlgGroupItem
AppendMenuA
CreatePopupMenu
GetMessageA
LoadIconA
GetClassInfoA
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
PeekMessageA
MessageBoxA
wsprintfA
SystemParametersInfoA
DialogBoxParamA
EndDialog
SetRect
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
DispatchMessageA
IsMenu
SetRectEmpty
GetSystemMenu
SetTimer
PtInRect
IsZoomed
IsIconic
GetWindowRgn
GetSysColorBrush
LoadBitmapA
UnionRect
GetMenuItemRect
GetMenuState
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SetWindowLongA
SetWindowPos
DrawIconEx
GetForegroundWindow
GetWindowDC
MoveWindow
FindWindowA
GetCapture
ScreenToClient
EnumChildWindows
RemoveMenu
CallWindowProcA
DefWindowProcA
TrackMouseEvent
SetWindowRgn
DrawEdge
CreateWindowExA
UpdateWindow
ShowWindow
ValidateRect
GetKeyState
GetSystemMetrics
GetWindow
GetFocus
IsWindowEnabled
IsWindow
SetFocus
GetDesktopWindow
GetCursorPos
EnableMenuItem
SetMenuDefaultItem
SetCapture
ReleaseCapture
KillTimer
GetDlgCtrlID
DrawFrameControl
GrayStringA
DrawTextA
TabbedTextOutA
IsRectEmpty
LoadMenuA
LoadImageA
GetIconInfo
GetDC
CreateIconIndirect
ReleaseDC
FillRect
DrawStateA
GetClientRect
CopyRect
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawFocusRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyCursor
DestroyMenu
SendMessageA
GetWindowRect
GetDlgItem
GetClassNameA
DrawIcon
EnableWindow
DeleteMenu
LoadCursorA
LockWindowUpdate
SetMenu

gdi32

SelectPalette
RemoveFontResourceA
AddFontResourceA
CreateEllipticRgn
PtInRegion
EnumFontFamiliesExA
SetPixelV
GetRgnBox
EnumFontFamiliesA
GetTextExtentPoint32W
GetCharWidth32A
CreateRectRgnIndirect
GetTextFaceA
CreateRectRgn
CombineRgn
SelectClipRgn
GetTextExtentPoint32A
CreateICA
GetDIBits
ExtCreateRegion
StretchBlt
CreateFontA
RealizePalette
GetDeviceCaps
Rectangle
GetCurrentObject
CreateFontIndirectA
CreateSolidBrush
CreatePen
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
CreatePatternBrush
GetObjectA
GetPixel
SetPixel
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject
GetTextMetricsA
GetStockObject
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent
ImageList_AddMasked

ole32

CreateStreamOnHGlobal

olepro32

ord251

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77ff137db551675a82ac0ac2eea65ead

Headers

File Characteristics

Imports

rwcomlib

rwdicapi

rwdiccom

rwdicman

rwlanman

rwtfview

tccomlib

tctxtlib

meddicres

rwtts

ppedit

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

olepro32

Sections

.text Size: 192KB - Virtual size: 192KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 60KB - Virtual size: 60KB

.text
Size: 192KB - Virtual size: 192KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 60KB - Virtual size: 60KB