59e6d5c579d9cfc24a7d4edb0fcc84241e08d19bee56cece40e963d20851a00f

Sharing

Copy URL

Twitter E-mail

General

Target

59e6d5c579d9cfc24a7d4edb0fcc84241e08d19bee56cece40e963d20851a00f
Size

504KB
MD5

a94f8ced347fc9c10ae5c5cd08ba5368
SHA1

406745e8685e9dd516ac439fd7e3a866b929c009
SHA256

59e6d5c579d9cfc24a7d4edb0fcc84241e08d19bee56cece40e963d20851a00f
SHA512

91fd4beec06fd5d82836fcb384ea8a1dd2e9f89fbc511e8ebbf4bbf5ab324ca9417921a3bfff07eadbaff4adcafd0616fe00d716db6a131b1001b9f941a4038e
SSDEEP

6144:Kl1iY881xNyKNHryJu/tWgOTuaxqtiLn6wB9a3O/EP:KqY88pPNLyoFQMtiDZndEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59e6d5c579d9cfc24a7d4edb0fcc84241e08d19bee56cece40e963d20851a00f

Files

59e6d5c579d9cfc24a7d4edb0fcc84241e08d19bee56cece40e963d20851a00f
.exe windows:4 windows x86 arch:x86

c549b2fe781943b5afd9fb7860c202de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80d

ord4663
ord8674
ord5288
ord8676
ord2075
ord3003
ord3013
ord3294
ord3276
ord3274
ord3292
ord3304
ord3281
ord3297
ord3302
ord3285
ord3287
ord3289
ord3283
ord3299
ord3279
ord1189
ord1185
ord1187
ord1183
ord1178
ord7056
ord7058
ord8200
ord2164
ord5969
ord6463
ord4783
ord1813
ord3005
ord7007
ord5864
ord8672
ord6849
ord2519
ord6952
ord5930
ord1927
ord5507
ord2187
ord2190
ord8123
ord9163
ord2111
ord2112
ord2255
ord2256
ord6646
ord6476
ord5892
ord6983
ord2645
ord6941
ord2971
ord5390
ord4785
ord5775
ord8430
ord6286
ord1438
ord6738
ord6490
ord832
ord2736
ord3477
ord7668
ord4654
ord573
ord5510
ord674
ord8397
ord3704
ord1095
ord929
ord316
ord303
ord2041
ord8472
ord4077
ord305
ord9142
ord737
ord413
ord1365
ord893
ord7497
ord926
ord310
ord742
ord3834
ord5461
ord3142
ord3132
ord422
ord7927
ord3200
ord928
ord3418
ord1986
ord3838
ord2034
ord5765
ord7520
ord3830
ord5473
ord7466
ord1633
ord7554
ord3124
ord1634
ord3411
ord1999
ord3191
ord8707
ord7630
ord7629
ord4085
ord3207
ord873
ord1103
ord6875
ord645
ord5594
ord1363
ord1589
ord1875
ord6976
ord2591
ord2233
ord2232
ord2163
ord7004
ord4007
ord6187
ord5949
ord2795
ord1680
ord4495
ord386
ord1423
ord5641
ord5053
ord714
ord5319
ord8233
ord2657
ord888
ord908
ord5663
ord5621
ord8675
ord1442
ord5287
ord8673
ord6017
ord2700
ord2655
ord7576
ord5295
ord1346
ord6881
ord8607
ord7282
ord5321
ord2533
ord4122
ord7040
ord7042
ord3091
ord5511
ord6274
ord7052
ord7017
ord7559
ord3516
ord3811
ord3980
ord5998
ord3788
ord3983
ord3519
ord3692
ord3511
ord5159
ord5160
ord5150
ord3690
ord5514
ord6182
ord5948
ord2902
ord1768
ord7691
ord4646
ord662
ord1563
ord1565
ord1569
ord6245
ord5095
ord6720
ord901

msvcr80d

??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
strcpy_s
fwrite
fopen
_recalloc
calloc
memset
free
malloc
wcscpy_s
wcslen
_CrtDbgReportW
_resetstkoflw
__CxxFrameHandler3
fclose
strchr
strstr
??0exception@std@@QAE@ABQBDH@Z
_isnan
_finite
_ecvt_s
floor
ceil
fmod
vsprintf_s
_invoke_watson
strftime
_localtime64_s
_invalid_parameter
memmove_s
??_V@YAXPAX@Z
_CRT_RTC_INITW
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
exit
_ismbblead
_acmdln
_CrtSetCheckCount
_initterm
_initterm_e
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
??0exception@std@@QAE@XZ
_snprintf_s
_errno
_CrtDbgReport
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcsncpy_s
_time64
_mktime64
_gmtime64_s
memcmp
_wcsicmp
_setmbcp
ferror
_wfopen
fread
_fseeki64
_ftelli64
strtod
memmove
memcpy
strcmp
_wassert
strlen
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_purecall

kernel32

lstrlenW
WideCharToMultiByte
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
GetLastError
Sleep
GetModuleFileNameA
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
DeleteFileA
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileStringA
InterlockedCompareExchange
GetStartupInfoA
CompareStringA
DebugBreak
IsDebuggerPresent
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetEnvironmentVariableA
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
RaiseException
CompareStringW
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
CloseHandle
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
MulDiv
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
InterlockedExchange
GetCurrentThreadId
GetEnvironmentVariableW
GetVersion

user32

CopyRect
IsRectEmpty
PtInRect
SetRect
RegisterWindowMessageA
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
SubtractRect
GetSystemMetrics
LoadIconA
CharUpperA
CharUpperW
CharLowerA
CharLowerW
SetRectEmpty

shell32

Shell_NotifyIconA

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathFileExistsA

oleaut32

SysFreeString

msvcp80d

?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@JH@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_WH@Z
?gcount@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QBEHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?eof@ios_base@std@@QBE_NXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?bad@ios_base@std@@QBE_NXZ
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@H@2@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?fail@ios_base@std@@QBE_NXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_WH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@U_Has_debug_it@01@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@U_Has_debug_it@01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Container_base@std@@QAE@XZ
?_Orphan_all@_Container_base@std@@QBEXXZ
??1_Container_base@std@@QAE@XZ

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Sections

.textbss
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c549b2fe781943b5afd9fb7860c202de

Headers

File Characteristics

Imports

mfc80d

msvcr80d

kernel32

user32

shell32

comctl32

shlwapi

oleaut32

msvcp80d

advapi32

Sections

.textbss Size: - Virtual size: 180KB

.text Size: 392KB - Virtual size: 390KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 16KB - Virtual size: 13KB

.rsrc Size: 32KB - Virtual size: 31KB

.textbss
Size: - Virtual size: 180KB

.text
Size: 392KB - Virtual size: 390KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 32KB - Virtual size: 31KB