cefef8ef772a9f3b82e99bf3d9f8c3e9010e47721aa4406a5a44198dfeeaa66c

Sharing

Copy URL Twitter E-mail

General

Target

cefef8ef772a9f3b82e99bf3d9f8c3e9010e47721aa4406a5a44198dfeeaa66c
Size

116KB
MD5

e6d170b36e22f330813b6943ce7d8065
SHA1

7b28d24b53a659d45ce5d98e262bce92e38311b1
SHA256

cefef8ef772a9f3b82e99bf3d9f8c3e9010e47721aa4406a5a44198dfeeaa66c
SHA512

ac37e4b7a49fe801430abc561f83cd19b2aa94cd819aba8d9f8461bcdbadc33b870e12d3ef0238decc70e41c4993e7e832c6d49f9046ef4ab9c364a27dfd9d76
SSDEEP

1536:67A/XbW0rCRoVPrDO97Sssttr2cHwCndWm/OlQuAnr1MFCvJgZP1aF0Ib3tppN:LXBrCRMO97CHwCndWmQnOrJEPgFLN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cefef8ef772a9f3b82e99bf3d9f8c3e9010e47721aa4406a5a44198dfeeaa66c

Files

cefef8ef772a9f3b82e99bf3d9f8c3e9010e47721aa4406a5a44198dfeeaa66c
.exe windows:6 windows x86 arch:x86

ce02fad91c303b8719094ff5e7f2583d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120

ord1128
ord6669
ord6363
ord12898
ord13090
ord8652
ord8208
ord4597
ord12882
ord887
ord1384
ord6707
ord3208
ord4184
ord1438
ord8973
ord265
ord266
ord8028
ord296
ord1040
ord10083
ord5646
ord1061
ord1174
ord12037
ord12069
ord8062
ord12057
ord5797
ord3801
ord6729
ord990
ord6226
ord14441
ord6227
ord14442
ord6225
ord14440
ord7848
ord12345
ord14240
ord11802
ord11803
ord1985
ord7789
ord12759
ord4039
ord4100
ord9234
ord14366
ord7770
ord14368
ord12355
ord12356
ord2442
ord10211
ord5241
ord8167
ord7845
ord4537
ord12677
ord12740
ord10264
ord12412
ord8229
ord1463
ord7507
ord8311
ord2158
ord1645
ord1523
ord4613
ord1654
ord2199
ord4119
ord5303
ord5307
ord13914
ord7666
ord7667
ord7658
ord4425
ord13335
ord8595
ord9303
ord9536
ord10867
ord6367
ord3098
ord4167
ord8964
ord6465
ord3142
ord4172
ord8586
ord2947
ord3823
ord14346
ord2709
ord8969
ord2168
ord6104
ord6103
ord501
ord1138
ord4042
ord6193
ord6074
ord2341
ord2345
ord4969
ord306
ord1687
ord1691
ord12576
ord12399
ord14192
ord8600
ord12734
ord500
ord6426
ord2838
ord1137
ord1649
ord8349
ord554
ord4764
ord1521
ord5764
ord1502
ord1200
ord13315
ord580
ord4040
ord365
ord5841
ord8877
ord10843
ord6376
ord8966
ord1065
ord3821
ord2946
ord8585
ord4170
ord5761
ord3100
ord6374
ord6007
ord6098
ord13541
ord2717
ord12038
ord11455
ord14281
ord5306
ord14102
ord997
ord9047
ord3646
ord310
ord1656
ord7348
ord11949
ord6096
ord13537
ord2716
ord9048
ord11990
ord1106
ord8878
ord10844
ord11218
ord10302
ord4041
ord458
ord3353
ord3354
ord3117
ord6408
ord3256
ord3253
ord10088
ord8055
ord10118
ord10120
ord10119
ord10117
ord10121
ord5536
ord11546
ord11547
ord8977
ord11907
ord3787
ord11756
ord14361
ord8803
ord6844
ord10831
ord9094
ord3217
ord13658
ord12077
ord12075
ord1706
ord1718
ord1726
ord1722
ord1731
ord4863
ord4904
ord4871
ord4883
ord4879
ord4875
ord4912
ord3782
ord11725
ord6750
ord8188
ord8658
ord12899
ord4823
ord300
ord2256
ord7508
ord10567
ord4827
ord11959
ord1166
ord3136
ord540
ord1063
ord362
ord1103
ord13826
ord13094
ord12679
ord12765
ord450
ord3903
ord2476
ord6436
ord6366
ord3831
ord4900
ord4867
ord4916
ord4889
ord4851
ord4858
ord4893
ord4450
ord5672
ord9528
ord4442
ord3008
ord14369
ord7771
ord14367
ord6745
ord11538
ord13488
ord5814
ord2478
ord6443
ord1180
ord2638
ord11942
ord3890
ord3321
ord3322
ord3216
ord11986
ord5136
ord5433
ord5643
ord9186
ord11782
ord6056
ord5409
ord5139
ord5295
ord5119
ord7574
ord7575
ord7565
ord5293
ord8064
ord3765
ord1524
ord1041
ord316
ord12065
ord1504
ord2365

msvcr120

memset
fclose
sprintf
feof
__CxxFrameHandler3
fgetc
fopen
fread
atoi
_strupr
_setmbcp
fseek
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_except_handler4_common
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
sscanf
fprintf
__iob_func
_resetstkoflw
malloc
atol
free
exit
_CxxThrowException
memcpy
rand
fwrite
ftell

kernel32

DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
DecodePointer
lstrlenA
LoadLibraryA
GetProcAddress
OutputDebugStringW
WideCharToMultiByte
LocalFree
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
FreeLibrary

user32

IsIconic
SystemParametersInfoA
LoadIconW
GetWindowRect
GetWindowTextA
ShowScrollBar
ReleaseDC
GetDC
DrawIcon
EnableWindow
DrawEdge
wsprintfA
MessageBoxA
GetParent
RedrawWindow
RegisterWindowMessageA
GetClientRect
CopyRect
FillRect
DrawFocusRect
GetSysColor
GetSystemMetrics
InvalidateRect
SendMessageA

gdi32

EnumFontsA
GetBkColor
GetTextExtentPoint32A
SelectObject
GetObjectA
BitBlt
CreateCompatibleBitmap
CreateSolidBrush
CreatePen
DeleteObject
GetDeviceCaps
AddFontResourceExA
RemoveFontResourceExA
DPtoLP
CreateCompatibleDC
GetStockObject
CreateFontA

shell32

DragAcceptFiles
DragQueryFileA

comctl32

ImageList_Draw

ole32

CoCreateInstance
OleRun

oleaut32

SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantClear

msvcp120

?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce02fad91c303b8719094ff5e7f2583d

Headers

DLL Characteristics

File Characteristics

Imports

mfc120

msvcr120

kernel32

user32

gdi32

shell32

comctl32

ole32

oleaut32

msvcp120

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 13KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 13KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 8KB - Virtual size: 8KB