7afe0a68a1acc27eef5099cbe3156b0f

Sharing

Copy URL

Twitter E-mail

General

Target

7afe0a68a1acc27eef5099cbe3156b0f
Size

208KB
MD5

7afe0a68a1acc27eef5099cbe3156b0f
SHA1

e7c44f5e2e669c90d49fb77234cf3dfc0296fa29
SHA256

328d200ae92b359b071066bf4661b4f50990c3cd1ca465554913d622831f9220
SHA512

6533ac41b849a0795a3484a0d771c97cead01b99b67fa6a51469e21579f3bfe2581b8108a527cc619293a9a08a424a961bbb41ae5f1fe6acfdf10bc49cc94200
SSDEEP

6144:we0SlcxXO90xfscPhLcG1hpgbc7R3vwrO:wRSlcxXy0s0hLr1hpgbI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7afe0a68a1acc27eef5099cbe3156b0f

Files

7afe0a68a1acc27eef5099cbe3156b0f
.exe windows:4 windows x86 arch:x86

34012ac5a091c0a435fefff659a610ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses
GetModuleBaseNameA

mfc42

ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord2915
ord5710
ord2764
ord535
ord4202
ord941
ord771
ord665
ord1979
ord6385
ord352
ord1168
ord4129
ord861
ord498
ord1146
ord6195
ord4287
ord3870
ord1768
ord2818
ord926
ord6197
ord2109
ord1008
ord755
ord470
ord2379
ord6215
ord5856
ord1105
ord5951
ord2642
ord3092
ord1779
ord5953
ord6453
ord6877
ord4278
ord6662
ord5683
ord922
ord5572
ord6199
ord2763
ord6283
ord6282
ord939
ord3803
ord668
ord3181
ord3178
ord2781
ord2770
ord356
ord1980
ord3095
ord5442
ord5186
ord5199
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord6055
ord1776
ord4401
ord5290
ord3639
ord3402
ord567
ord692
ord4275
ord613
ord5789
ord289
ord3752
ord2860
ord693
ord2582
ord4402
ord3370
ord3640
ord3996
ord1783
ord4055
ord5981
ord3098
ord6905
ord3998
ord2864
ord4224
ord6907
ord3301
ord3874
ord6663
ord3721
ord795
ord3619
ord3626
ord3663
ord2414
ord5875
ord1641
ord1949
ord1176
ord3643
ord394
ord696
ord909
ord5628
ord4185
ord616
ord1576
ord2023
ord4218
ord2578
ord4398
ord3582
ord2301
ord6334
ord3319
ord1799
ord3353
ord614
ord1194
ord290
ord3815
ord4160
ord4220
ord2584
ord3654
ord2438
ord2863
ord1644
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord4234
ord2370
ord324
ord641
ord3597
ord4837
ord5280
ord4853
ord4376
ord540
ord860
ord924
ord858
ord1200
ord4710
ord4258
ord2302
ord489
ord768
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord1907
ord823
ord825
ord800
ord537
ord354
ord2411

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
__p__fmode
__getmainargs
_acmdln
_setmbcp
_strcmpi
__set_app_type
_except_handler3
_initterm
_controlfp
__CxxFrameHandler
memset
_splitpath
_mbscmp
memcpy
free
malloc
_mbsicmp
realloc
sprintf
fclose
fwrite
fopen
strcmp
_itoa
strcpy
_stricmp
localtime
strlen
atoi
_mbsnbcpy
__dllonexit
_onexit
_exit
_XcptFilter
exit

kernel32

GetLocalTime
lstrlenA
GetPrivateProfileIntA
GetProcAddress
CreateFileA
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
SetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
CopyFileA
WritePrivateProfileStringA
SetFileAttributesA
CreateMutexA
GetLastError
ReleaseMutex
CreateProcessA
CloseHandle
SetEvent
SuspendThread
GetPrivateProfileStringA
GetFileSize
SetLocalTime
GetSystemTime
RemoveDirectoryA
GetVolumeInformationA
CreateDirectoryA
GetStartupInfoA
GetModuleHandleA
OpenProcess
HeapFree
GetModuleFileNameA
HeapAlloc
TerminateProcess
WaitForSingleObject
CreateThread
ReadDirectoryChangesW
TerminateThread
WideCharToMultiByte
GetEnvironmentVariableA
LocalFree
GetFileAttributesA
FileTimeToSystemTime
SystemTimeToFileTime
FormatMessageA
GetCurrentProcess
DuplicateHandle
MoveFileExA
GetTempFileNameA
LoadLibraryA
FreeLibrary
CreateEventA
DeleteFileA
ResumeThread
ResetEvent

user32

SetCursor
LoadCursorA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
SendMessageTimeoutA
GetWindowLongA
GetWindowThreadProcessId
ShowWindow
UnregisterHotKey
LoadMenuA
GetSubMenu
CallWindowProcA
SetForegroundWindow
GetClientRect
IsIconic
DrawIcon
GetSystemMetrics
SendMessageA
SetTimer
GetWindowRect
RegisterHotKey
SetMenuDefaultItem
EnableMenuItem
GetCursorPos
TrackPopupMenu
SetWindowLongA
CheckMenuItem
LoadIconA
EnumWindows
GetWindowTextA
PostMessageA
wsprintfA
EnableWindow
PostQuitMessage
RegisterWindowMessageA

gdi32

GetObjectA
GetStockObject
GetTextExtentPoint32A
CreateFontIndirectA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegQueryValueExA
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityInfo
DeleteAce
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegDeleteValueA
RegSetValueExA
OpenSCManagerA

shell32

ShellExecuteA
Shell_NotifyIconA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

recvfrom
closesocket
inet_addr
inet_ntoa
gethostbyname
htons
socket
WSAStartup
ntohl
WSACleanup
sendto

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34012ac5a091c0a435fefff659a610ba

Headers

File Characteristics

Imports

psapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

msvcp60

wininet

version

ws2_32

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 32KB - Virtual size: 30KB