e694092244795d8eda9cf37b5e7ed8edf848e0e6d6cbc008888ed29c208d9dd9

Sharing

Copy URL

Twitter E-mail

General

Target

e694092244795d8eda9cf37b5e7ed8edf848e0e6d6cbc008888ed29c208d9dd9
Size

480KB
MD5

5ff5bf41e316e4c6ea3c765fb685c861
SHA1

051291c0b71b1c63dc51af3555200eab8e34b4df
SHA256

e694092244795d8eda9cf37b5e7ed8edf848e0e6d6cbc008888ed29c208d9dd9
SHA512

2453811aa351a17b22fef582dfd20075be246eb3188984a503e950e47eecb656ae2e1fc795b47b8011aa8b1a74e50af953900af1fe5e27ab8353dd96ef410790
SSDEEP

6144:0fU2rBHrr/kqVPe5bikskGmFj1pI5TRh+XfbjDOqEPi:6U2rBHrAeW5ukskGthRhczEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e694092244795d8eda9cf37b5e7ed8edf848e0e6d6cbc008888ed29c208d9dd9

Files

e694092244795d8eda9cf37b5e7ed8edf848e0e6d6cbc008888ed29c208d9dd9
.exe windows:4 windows x86 arch:x86

a5ecd74e865e0a1eebbee6391d080274

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80d

ord2163
ord2232
ord2233
ord2591
ord6976
ord1875
ord6738
ord4663
ord8674
ord5288
ord8676
ord2075
ord3003
ord3013
ord3294
ord3276
ord3274
ord3292
ord3304
ord3281
ord3297
ord3302
ord3285
ord3287
ord3289
ord3283
ord3299
ord3279
ord1189
ord1185
ord1187
ord1183
ord1178
ord7056
ord7058
ord8200
ord2164
ord5969
ord6463
ord4783
ord1813
ord3005
ord7007
ord5864
ord8672
ord6849
ord2519
ord6952
ord5930
ord1927
ord5507
ord2187
ord2190
ord7004
ord9163
ord2111
ord2112
ord2255
ord2256
ord6646
ord2645
ord7909
ord1634
ord1649
ord7997
ord832
ord2736
ord3477
ord7668
ord4654
ord573
ord5510
ord5848
ord1999
ord1408
ord7235
ord873
ord741
ord1493
ord6875
ord421
ord645
ord310
ord926
ord7554
ord3411
ord2529
ord929
ord306
ord269
ord3412
ord1363
ord5766
ord8707
ord3191
ord7630
ord5262
ord5477
ord3828
ord5594
ord7466
ord270
ord1633
ord2034
ord1563
ord4007
ord6187
ord5949
ord2795
ord1680
ord1423
ord5641
ord1517
ord1501
ord1442
ord1565
ord1569
ord893
ord2530
ord9142
ord305
ord8472
ord4077
ord2041
ord303
ord7052
ord3091
ord316
ord1425
ord3200
ord674
ord1095
ord1499
ord5319
ord1403
ord360
ord6901
ord701
ord8233
ord888
ord908
ord5663
ord5621
ord8675
ord5287
ord8673
ord6017
ord2700
ord2655
ord7576
ord5295
ord1346
ord6881
ord8607
ord7282
ord5321
ord2533
ord4122
ord7040
ord7042
ord5511
ord6274
ord1589
ord7017
ord7559
ord3516
ord3811
ord3980
ord5998
ord3788
ord3983
ord3519
ord3692
ord3511
ord5159
ord5160
ord5150
ord3690
ord5514
ord6182
ord5948
ord2902
ord1768
ord7691
ord4646
ord662
ord6245
ord5095
ord8123
ord901

msvcr80d

_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_CrtDbgReportW
_purecall
memset
_recalloc
sprintf_s
_invalid_parameter
sprintf
memcmp
free
_cexit
_strdup
setlocale
strlen
mbstowcs
_except_handler4_common
_CRT_RTC_INITW
malloc
wcsstr
_beginthreadex
strcpy_s
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
vsprintf_s
_setmbcp
_wcsicmp
wcsncpy_s
_snwprintf_s
_vsnwprintf_s
calloc
swprintf_s
wcscpy_s
wcslen
_resetstkoflw
memmove_s
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
exit
_ismbblead
_acmdln
_CrtSetCheckCount
_initterm
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
atoi
_invoke_watson
_vsnprintf_s
wcscpy
strcpy
_CrtDbgReport
_errno
_snprintf_s
_initterm_e

kernel32

LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
RaiseException
GetLastError
InterlockedCompareExchange
GetStartupInfoA
DebugBreak
IsDebuggerPresent
GetProcAddress
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
CompareStringW
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleFileNameA
MultiByteToWideChar
Sleep
GetLocalTime
CreateDirectoryA
GetEnvironmentVariableW
GetVersion
InterlockedExchange
LoadLibraryA
GetEnvironmentVariableA
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
CloseHandle
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
MulDiv
WaitForSingleObject
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
CompareStringA
lstrlenW
GetSystemTimeAsFileTime
GetStringTypeExW
WideCharToMultiByte

user32

DispatchMessageW
DispatchMessageA
SubtractRect
UnionRect
IntersectRect
OffsetRect
InflateRect
EqualRect
SetRectEmpty
SetRect
PtInRect
TranslateMessage
CopyRect
LoadCursorA
GetSystemMetrics
CharLowerW
CharLowerA
CharUpperW
CharUpperA
UnregisterClassA
RegisterClassExW
GetClassInfoExW
LoadCursorW
GetMessageA
GetMessageW
IsWindowUnicode
IsRectEmpty
PeekMessageA
RegisterClassExA
GetClassInfoExA
MsgWaitForMultipleObjects
MessageBoxA

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathRemoveBackslashA
PathAppendA

ole32

CoUninitialize
CoInitializeEx
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen

atl80

ord64
ord32
ord20
ord17
ord61
ord23
ord22
ord18
ord30

msvcp80d

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0_Container_base@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Container_base@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Orphan_all@_Container_base@std@@QBEXXZ

quickgem

QuickGEM_DisableComm
QuickGEM_OnLineRequest
QuickGEM_OnLineLocal
QuickGEM_GetSV
QuickGEM_OnLineRemote
QuickGEM_OffLine
QuickGEM_SendTerminalMessage
QuickGEM_GetCurrentCommState
QuickGEM_EnableComm
QuickGEM_ProcessMsg
QuickGEM_InstallRemoteCmdCallback
QuickGEM_InstallProcessPgmCallback
QuickGEM_InstallSpoolStateReport
QuickGEM_InstallTerminalMsgCallback
QuickGEM_Init
QuickGEM_UpdateSV
QuickGEM_Close
QuickGEM_GetCurrentControlState
QuickGEM_InstallSECSSendMsgCallback
QuickGEM_InstallControlStateReport

quicksecs

_QS_GetDataItemType@4
_QS_GetDataItemBytes@4
_QS_DataItemIn@16
_QS_DataItemInSkip@8
_QS_DataItemOut@16
_QS_SendSECSIIMessage@28
_QS_Start@4
_QS_Initialize@16
_QS_Destroy@4
_QS_Stop@4

ycmfcexd

??1CYCDialog@@UAE@XZ
?YCApplicationDir@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?DoModal@CYCDialog@@UAEHXZ
??0CYCDialog@@QAE@IPAVCWnd@@@Z
?GetRuntimeClass@CYCDialog@@UBEPAUCRuntimeClass@@XZ
?OnCancel@CYCDialog@@MAEXXZ
?PreInitDialog@CYCDialog@@MAEXXZ
?SetOwner@CYCDialog@@UAEXPAVCWnd@@@Z
?OnUpdateCommandUI@CYCDialog@@MAEXPAVCCmdUI@@@Z
?ReadSectionNames@CYCBaseIniFile@@QBEXAAV?$vector@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V?$allocator@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@std@@@std@@@Z
?ReadString@CYCBaseIniFile@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD00_N@Z
?YCStrToGUID@@YA?AU_GUID@@PBD@Z
?YCForceDirFromFileName@@YAXPBD@Z
?YCPumpMessageAndWaitFor@@YA_NPAXK@Z
?WriteBool@CYCBaseIniFile@@QAEXPBD_N@Z
?WriteInt@CYCBaseIniFile@@QAEXPBDH@Z
?WriteString@CYCBaseIniFile@@QAEXPBD0@Z
?WriteFloat@CYCBaseIniFile@@QAEXPBDN@Z
??0CYCMemIniFile@@QAE@XZ
?Open@CYCBaseIniFile@@QAE_NPBD@Z
?SetSectionName@CYCBaseIniFile@@QAEXPBD@Z
?ReadBool@CYCBaseIniFile@@QAE_NPBD_N1@Z
?ReadString@CYCBaseIniFile@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD0_N@Z
?YCRelativeFileNameToAbs@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?IsSectionNameExists@CYCBaseIniFile@@QBE_NPBD@Z
?WriteSectionComment@CYCMemIniFile@@QAEXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?ReadValueNames@CYCBaseIniFile@@QBEXAAV?$vector@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V?$allocator@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@std@@@std@@@Z
?YCStrToIntDef@@YAHPBDH@Z
?ReadInt@CYCBaseIniFile@@QAEHPBDH_N@Z
?ReadFloat@CYCBaseIniFile@@QAENPBDN_N@Z
??1CYCMemIniFile@@UAE@XZ
?OnPaint@CYCDialog@@IAEXXZ
?OnInitDialog@CYCDialog@@UAEHXZ
??0CYCFileVersion@@QAE@XZ
?ProductName@CYCFileVersion@@QBEPBDXZ
?FileVersion@CYCFileVersion@@QBEPBDXZ
?FileDescription@CYCFileVersion@@QBEPBDXZ
??1CYCFileVersion@@UAE@XZ
?GetThisMessageMap@CYCDialog@@KGPBUAFX_MSGMAP@@XZ
?OnOK@CYCDialog@@MAEXXZ
?OnKickIdle@CYCDialog@@MAEJIJ@Z

ycautocontrolfwd

?WriteLogFmt@@YAXHPBDZZ
?WriteLog@@YAXHPBD@Z
??0CACDefaultEventLogger@@QAE@XZ
?WriteLogDir@@YAXHHPBD@Z
?Close@CACDefaultEventLogger@@QAEXXZ
?WriteLogFmtDir@@YAXHHPBDZZ
?Open@CACDefaultEventLogger@@QAE_NPBDW4enmYCLogPeriod@@KH@Z
??1CACDefaultEventLogger@@UAE@XZ

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Sections

.textbss
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5ecd74e865e0a1eebbee6391d080274

Headers

File Characteristics

Imports

mfc80d

msvcr80d

kernel32

user32

comctl32

shlwapi

ole32

oleaut32

atl80

msvcp80d

quickgem

quicksecs

ycmfcexd

ycautocontrolfwd

advapi32

Sections

.textbss Size: - Virtual size: 135KB

.text Size: 304KB - Virtual size: 301KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 16KB - Virtual size: 14KB

.rsrc Size: 72KB - Virtual size: 68KB

.textbss
Size: - Virtual size: 135KB

.text
Size: 304KB - Virtual size: 301KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 72KB - Virtual size: 68KB