e040236b902ff66871cb28c79b89d26956976b6f5cb48cb01ea926ada20459d0

Sharing

Copy URL Twitter E-mail

General

Target

e040236b902ff66871cb28c79b89d26956976b6f5cb48cb01ea926ada20459d0
Size

1.4MB
MD5

69d20610445c1e01f6e2428164cca90a
SHA1

09a0e05089bb6a66415f8396207db27b66ffc401
SHA256

e040236b902ff66871cb28c79b89d26956976b6f5cb48cb01ea926ada20459d0
SHA512

1ae08905ed8508ebe6269f11611f0144d4e7f4407a8b39bdc9e98404f9da3e5f5db37fdd6c5b4c7279b4b2859b9fdaba682151b92acabfc6168d43c67e66eaaf
SSDEEP

24576:4RwLS4k1JscxoXJAHSW3IEb5u2MLm6vxoxrw5w9:4Rn4kcZqHSWJb5mLmuxopw54

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e040236b902ff66871cb28c79b89d26956976b6f5cb48cb01ea926ada20459d0

Files

e040236b902ff66871cb28c79b89d26956976b6f5cb48cb01ea926ada20459d0
.exe windows:4 windows x86 arch:x86

7848ed3ef92f90acf001ccf84a50560a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

uilogic

CreateUiOptions
GetRecordObj

ws2_32

send
WSAGetLastError
closesocket
socket
connect
inet_addr
WSACleanup
WSAStartup
inet_ntoa
gethostbyname
accept
recv
bind
listen
htons

encrypt

HexToStr
StrToHex
BRCrc32
CreateEncryptObject

shlwapi

PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
PathIsNetworkPathW
PathAppendW
StrStrIW

enumfolder

CreateEnumRemoteFolder

comn

GetObjectLog
GetObjectSys

mpr

WNetGetUniversalNameW

brlog

GetBrLogMgr

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

GetProcAddress
GetModuleFileNameW
CreateFileW
SetUnhandledExceptionFilter
GetCurrentThreadId
WaitForSingleObject
GetVersionExW
OpenProcess
Process32FirstW
Process32NextW
HeapAlloc
TerminateProcess
GetLastError
GetProcessHeap
Sleep
HeapFree
CreateToolhelp32Snapshot
CreateMutexW
GetFileAttributesW
LocalAlloc
MultiByteToWideChar
LocalFree
SetFileAttributesW
GetTickCount
SetFileTime
WriteFile
GetFileSizeEx
DeleteFileW
ReadFile
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
lstrcpyW
EnterCriticalSection
CreateEventW
LeaveCriticalSection
GetModuleHandleW
SetFilePointer
GetFileTime
FlushFileBuffers
GetDriveTypeW
WinExec
OutputDebugStringW
OutputDebugStringA
CreateDirectoryA
CreateDirectoryW
GetModuleFileNameA
GetExitCodeProcess
CreateIoCompletionPort
RemoveDirectoryW
GetFileAttributesExW
GetFileInformationByHandle
GetCurrentThread
GetQueuedCompletionStatus
MoveFileExW
PostQueuedCompletionStatus
SetEvent
GetVolumeInformationW
CreateThread
MoveFileW
GetPrivateProfileIntW
WideCharToMultiByte
LoadLibraryW
GetDiskFreeSpaceExW
SystemTimeToFileTime
GetFileSize
UnlockFile
LoadLibraryA
LockFile
HeapValidate
HeapCompact
CreateFileMappingA
WaitForSingleObjectEx
GetTempPathA
GetSystemTime
CreateFileMappingW
AreFileApisANSI
TryEnterCriticalSection
UnlockFileEx
DeleteFileA
MapViewOfFile
GetDiskFreeSpaceA
GetSystemTimeAsFileTime
UnmapViewOfFile
FormatMessageA
SetEndOfFile
GetTempPathW
GetSystemInfo
HeapSize
GetFullPathNameW
QueryPerformanceCounter
GetFullPathNameA
LockFileEx
FormatMessageW
GetDiskFreeSpaceW
GetVersionExA
HeapDestroy
HeapReAlloc
CreateFileA
InterlockedCompareExchange
GetFileAttributesA
HeapCreate
DeviceIoControl
IsBadReadPtr
IsBadWritePtr
lstrlenW
GetWindowsDirectoryW
SetFilePointerEx
GetSystemDirectoryW
GetStartupInfoW
PeekNamedPipe
CreateProcessW
CreatePipe
WriteConsoleW
SetLastError
WriteConsoleA
GetPrivateProfileStringA
GetCurrentProcess
GetCurrentProcessId
CloseHandle
InterlockedExchange
UnhandledExceptionFilter
IsDebuggerPresent
FindFirstFileW
FindClose
FindNextFileW
FreeLibrary
RaiseException
ReadDirectoryChangesW

user32

PostThreadMessageW
PostMessageW
LoadIconW
DispatchMessageW
KillTimer
TranslateAcceleratorW
SendMessageW
DefWindowProcW
CharUpperW
GetMessageW
LoadCursorW
EndPaint
UpdateWindow
TranslateMessage
PostQuitMessage
LoadAcceleratorsW
DestroyWindow
LoadStringW
CreateWindowExW
BeginPaint
SetTimer
ShowWindow
RegisterClassExW
UnregisterClassA
wsprintfW
FindWindowW

advapi32

RegQueryInfoKeyW
RegEnumKeyW
RegFlushKey
RegOpenKeyW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegSetValueExA
BuildExplicitAccessWithNameW
SetThreadToken
OpenThreadToken
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueA
RegOpenKeyA
RegCloseKey
CreateProcessAsUserW
DuplicateTokenEx
GetLengthSid
SetSecurityDescriptorDacl
GetTokenInformation
AddAccessAllowedAce
InitializeSecurityDescriptor
InitializeAcl
OpenProcessToken
LookupAccountNameW
SetEntriesInAclW
GetNamedSecurityInfoW
GetSecurityDescriptorLength
FreeSid
EqualSid
AdjustTokenPrivileges
AllocateAndInitializeSid
SetNamedSecurityInfoW
GetAclInformation
SetFileSecurityW
LookupPrivilegeValueW
GetAce

shell32

SHGetFolderPathA
SHGetFolderPathW

ole32

CoInitializeSecurity
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

msvcp80

?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

msvcr80

_localtime64_s
_msize
strcpy_s
strncpy
_vsnwprintf
_vsnprintf
strtol
calloc
rand
strftime
strchr
isspace
_CxxThrowException
isalpha
tolower
isalnum
ferror
fputc
_vsnprintf_s
_fsopen
_itoa
_strnicmp
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
toupper
_vscprintf
_vscwprintf
vsprintf
srand
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
memcpy
wcscmp
swprintf_s
_wcsicmp
_invalid_parameter_noinfo
wcsstr
??2@YAPAXI@Z
memset
wcslen
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
wcscat_s
??0exception@std@@QAE@ABQBD@Z
wcscpy_s
??0exception@std@@QAE@ABV01@@Z
strcat
wcscat
wcsrchr
wcscpy
wcschr
strncpy_s
_beginthread
sprintf
strrchr
strncat_s
_wcsnicmp
malloc
printf
vswprintf_s
wcstombs
memcpy_s
_purecall
strlen
??_V@YAXPAX@Z
_beginthreadex
memmove_s
iswalpha
_localtime64
sprintf_s
fwprintf
_wfopen_s
fprintf
fclose
fopen_s
vsprintf_s
_time64
fseek
ftell
fread
fwrite
memcmp
_vswprintf
atoi
strcmp
fprintf_s
strstr
fgets
wcsncpy
_mktime64
mbstowcs
memmove
strncmp
realloc
_endthreadex
free

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winhttp

WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpAddRequestHeaders

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7848ed3ef92f90acf001ccf84a50560a

Headers

File Characteristics

Imports

uilogic

ws2_32

encrypt

shlwapi

enumfolder

comn

mpr

brlog

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

wtsapi32

version

winhttp

Exports

Exports

Sections

.text Size: 876KB - Virtual size: 875KB

.rdata Size: 104KB - Virtual size: 100KB

.data Size: 32KB - Virtual size: 116KB

.rsrc Size: 392KB - Virtual size: 392KB

.text
Size: 876KB - Virtual size: 875KB

.rdata
Size: 104KB - Virtual size: 100KB

.data
Size: 32KB - Virtual size: 116KB

.rsrc
Size: 392KB - Virtual size: 392KB