2dc801d1035adff952544d2c34e14a3dcfdcc8847b9176464f877f988652da66

Sharing

Copy URL Twitter E-mail

General

Target

2dc801d1035adff952544d2c34e14a3dcfdcc8847b9176464f877f988652da66
Size

440KB
MD5

090cd6f18368cde936657d55c1069cfa
SHA1

14d7afa6dea1ec333bf13c8e4b41cd1952cce4dd
SHA256

2dc801d1035adff952544d2c34e14a3dcfdcc8847b9176464f877f988652da66
SHA512

c581bf9cf723f37cb7f78e144f1bae7e128d1cbc494602b4b91a9e221ebc972dd2296d4aab24197e52b74de1b38031627328a6ce4ebf9454d79c389578b23ee2
SSDEEP

6144:jx2LSTWhIYVTEOfOA4vnxiKV4wIX0aK5dPo2OsEPR:F2LSa+SB4vH43X01pEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dc801d1035adff952544d2c34e14a3dcfdcc8847b9176464f877f988652da66

Files

2dc801d1035adff952544d2c34e14a3dcfdcc8847b9176464f877f988652da66
.exe windows:4 windows x86 arch:x86

0a1ab64e118a11d5238d645cfa93c02b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80d

ord2163
ord2232
ord2233
ord2591
ord6976
ord1875
ord6738
ord4663
ord8674
ord5288
ord8676
ord2075
ord3003
ord3013
ord3294
ord3276
ord3274
ord3292
ord3304
ord3281
ord3297
ord3302
ord3285
ord3287
ord3289
ord3283
ord3299
ord3279
ord1189
ord1185
ord1187
ord1183
ord1178
ord7056
ord7058
ord8200
ord2164
ord5969
ord6463
ord4783
ord1813
ord3005
ord7007
ord5864
ord8672
ord6849
ord2519
ord6952
ord5930
ord1927
ord7004
ord2187
ord2190
ord8123
ord9163
ord2111
ord2112
ord2255
ord2256
ord6646
ord2645
ord7909
ord1634
ord1649
ord7997
ord832
ord2736
ord3477
ord7668
ord4654
ord573
ord5510
ord5848
ord310
ord926
ord3411
ord2529
ord929
ord306
ord3412
ord1363
ord5766
ord873
ord8707
ord6875
ord645
ord3191
ord7630
ord5262
ord1999
ord5477
ord3828
ord5594
ord7466
ord270
ord1633
ord269
ord2034
ord1563
ord4007
ord6187
ord5949
ord2795
ord1680
ord1423
ord5641
ord1517
ord1501
ord1442
ord1565
ord1569
ord893
ord2530
ord9142
ord305
ord8472
ord4077
ord2041
ord303
ord7052
ord3091
ord316
ord1425
ord3200
ord674
ord1095
ord1499
ord5319
ord1403
ord360
ord6901
ord701
ord8233
ord888
ord908
ord5663
ord5621
ord8675
ord5287
ord8673
ord6017
ord2700
ord2655
ord7576
ord5295
ord1346
ord6881
ord8607
ord7282
ord5321
ord2533
ord4122
ord7040
ord7042
ord901
ord5511
ord6274
ord7017
ord7559
ord3516
ord3811
ord3980
ord5998
ord3788
ord3983
ord3519
ord3692
ord3511
ord5159
ord5160
ord5150
ord3690
ord5514
ord6182
ord5948
ord2902
ord1768
ord7691
ord4646
ord662
ord6245
ord5095
ord5507
ord1589

msvcr80d

_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
__CxxFrameHandler3
_CrtDbgReportW
_purecall
memset
_recalloc
sprintf_s
_invalid_parameter
memcmp
_beginthread
strcpy_s
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_cexit
?terminate@@YAXXZ
_decode_pointer
??0exception@std@@QAE@XZ
free
memmove_s
_resetstkoflw
wcslen
wcscpy_s
_setmbcp
_wcsicmp
wcsncpy_s
_snwprintf_s
_vsnwprintf_s
_vsnprintf_s
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
_CRT_RTC_INITW
calloc
swprintf_s
malloc
exit
_ismbblead
_acmdln
_CrtSetCheckCount
_initterm
_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
??1exception@std@@UAE@XZ
wcscpy
strcpy
_CrtDbgReport
_errno
_snprintf_s
_invoke_watson

kernel32

MultiByteToWideChar
CreateDirectoryA
GetLocalTime
WaitForSingleObject
GetModuleFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
GetStartupInfoA
DebugBreak
IsDebuggerPresent
GetEnvironmentVariableW
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
lstrlenA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
InterlockedExchange
GetVersion
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenW
WideCharToMultiByte
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
GetProcAddress
lstrcmpiA
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
CloseHandle
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
MulDiv
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
RaiseException
GetLastError
GetCurrentProcessId
InitializeCriticalSection
Sleep

user32

SetRect
PtInRect
IsRectEmpty
CopyRect
LoadCursorA
GetSystemMetrics
CharLowerW
SetRectEmpty
SubtractRect
CharUpperA
UnregisterClassA
RegisterClassExW
GetClassInfoExW
LoadCursorW
EqualRect
InflateRect
UnionRect
CharLowerA
IntersectRect
GetClassInfoExA
MsgWaitForMultipleObjects
RegisterClassExA
PeekMessageA
MessageBoxA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
CharUpperW
OffsetRect

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathRemoveBackslashA
PathAppendA

ole32

CoUninitialize
CoInitializeEx
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen

atl80

ord64
ord32
ord20
ord17
ord61
ord23
ord22
ord18
ord30

msvcp80d

?_Orphan_all@_Container_base@std@@QBEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0_Container_base@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Container_base@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z

quickgem

QuickGEM_EnableComm
QuickGEM_DisableComm
QuickGEM_OnLineRequest
QuickGEM_OnLineLocal
QuickGEM_GetSV
QuickGEM_OnLineRemote
QuickGEM_OffLine
QuickGEM_Close
QuickGEM_GetCurrentCommState
QuickGEM_GetCurrentControlState
QuickGEM_ProcessMsg
QuickGEM_InstallProcessPgmCallback
QuickGEM_InstallSpoolStateReport
QuickGEM_Init
QuickGEM_UpdateSV
QuickGEM_InstallSECSSendMsgCallback
QuickGEM_SendTerminalMessage
QuickGEM_InstallControlStateReport
QuickGEM_InstallRemoteCmdCallback
QuickGEM_InstallTerminalMsgCallback

quicksecs

_QS_GetDataItemType@4
_QS_Initialize@16
_QS_GetDataItemBytes@4
_QS_Start@4
_QS_Stop@4
_QS_SendSECSIIMessage@28
_QS_DataItemOut@16
_QS_DataItemInSkip@8
_QS_Destroy@4
_QS_DataItemIn@16

ycmfcexd

?ReadSectionNames@CYCBaseIniFile@@QBEXAAV?$vector@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V?$allocator@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@std@@@std@@@Z
?ReadString@CYCBaseIniFile@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD00_N@Z
?YCStrToGUID@@YA?AU_GUID@@PBD@Z
?YCForceDirFromFileName@@YAXPBD@Z
?WriteInt@CYCBaseIniFile@@QAEXPBDH@Z
?WriteString@CYCBaseIniFile@@QAEXPBD0@Z
?WriteFloat@CYCBaseIniFile@@QAEXPBDN@Z
??0CYCMemIniFile@@QAE@XZ
?Open@CYCBaseIniFile@@QAE_NPBD@Z
?SetSectionName@CYCBaseIniFile@@QAEXPBD@Z
?ReadBool@CYCBaseIniFile@@QAE_NPBD_N1@Z
?ReadString@CYCBaseIniFile@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD0_N@Z
?YCRelativeFileNameToAbs@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?IsSectionNameExists@CYCBaseIniFile@@QBE_NPBD@Z
?WriteSectionComment@CYCMemIniFile@@QAEXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?ReadValueNames@CYCBaseIniFile@@QBEXAAV?$vector@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V?$allocator@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@std@@@std@@@Z
?YCStrToIntDef@@YAHPBDH@Z
?ReadInt@CYCBaseIniFile@@QAEHPBDH_N@Z
?ReadFloat@CYCBaseIniFile@@QAENPBDN_N@Z
??1CYCMemIniFile@@UAE@XZ
?OnPaint@CYCDialog@@IAEXXZ
?OnInitDialog@CYCDialog@@UAEHXZ
??0CYCFileVersion@@QAE@XZ
?ProductName@CYCFileVersion@@QBEPBDXZ
?FileVersion@CYCFileVersion@@QBEPBDXZ
?FileDescription@CYCFileVersion@@QBEPBDXZ
??1CYCFileVersion@@UAE@XZ
?GetThisMessageMap@CYCDialog@@KGPBUAFX_MSGMAP@@XZ
?OnKickIdle@CYCDialog@@MAEJIJ@Z
?OnUpdateCommandUI@CYCDialog@@MAEXPAVCCmdUI@@@Z
?SetOwner@CYCDialog@@UAEXPAVCWnd@@@Z
?PreInitDialog@CYCDialog@@MAEXXZ
?OnCancel@CYCDialog@@MAEXXZ
?OnOK@CYCDialog@@MAEXXZ
?GetRuntimeClass@CYCDialog@@UBEPAUCRuntimeClass@@XZ
??0CYCDialog@@QAE@IPAVCWnd@@@Z
??1CYCDialog@@UAE@XZ
?DoModal@CYCDialog@@UAEHXZ
?WriteBool@CYCBaseIniFile@@QAEXPBD_N@Z
?YCApplicationDir@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ

ycautocontrolfwd

?WriteLogFmt@@YAXHPBDZZ
?WriteLog@@YAXHPBD@Z
??1CACDefaultEventLogger@@UAE@XZ
??0CACDefaultEventLogger@@QAE@XZ
?WriteLogDir@@YAXHHPBD@Z
?Close@CACDefaultEventLogger@@QAEXXZ
?Open@CACDefaultEventLogger@@QAE_NPBDW4enmYCLogPeriod@@KH@Z
?WriteLogFmtDir@@YAXHHPBDZZ

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Sections

.textbss
Size: - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a1ab64e118a11d5238d645cfa93c02b

Headers

File Characteristics

Imports

mfc80d

msvcr80d

kernel32

user32

comctl32

shlwapi

ole32

oleaut32

atl80

msvcp80d

quickgem

quicksecs

ycmfcexd

ycautocontrolfwd

advapi32

Sections

.textbss Size: - Virtual size: 118KB

.text Size: 268KB - Virtual size: 266KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 16KB - Virtual size: 13KB

.rsrc Size: 72KB - Virtual size: 68KB

.textbss
Size: - Virtual size: 118KB

.text
Size: 268KB - Virtual size: 266KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 72KB - Virtual size: 68KB