f79e772becd0098baac6589c0b4f6a0af7fcaf4c825511ca131cf73b22b1b3b8

Sharing

Copy URL Twitter E-mail

General

Target

f79e772becd0098baac6589c0b4f6a0af7fcaf4c825511ca131cf73b22b1b3b8
Size

205KB
MD5

cb51edc367d85584f963d740286829e3
SHA1

a7f79140dc0091a800d52ff77f1217617e6e6dc2
SHA256

f79e772becd0098baac6589c0b4f6a0af7fcaf4c825511ca131cf73b22b1b3b8
SHA512

0eaaa3150af2587eeb85f8a846cde675855c5727e8d51253dc66ecf4737b678ad214f7f0d5f93884ba305ddaf774027a639b4dea1b7b17be9a482f9af802f5fd
SSDEEP

6144:UIXwqwrwglH8ltfJDS/2Pa188h+74fkNq8x:V4c3QQa1+4fkNdx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f79e772becd0098baac6589c0b4f6a0af7fcaf4c825511ca131cf73b22b1b3b8

Files

f79e772becd0098baac6589c0b4f6a0af7fcaf4c825511ca131cf73b22b1b3b8
.exe windows:5 windows x86 arch:x86

fa5e8ee6f0f4e96e819bdfd81e7f76ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
GetLongPathNameW
GetLastError
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
OutputDebugStringW
GetProcAddress
VerifyVersionInfoW
GetFullPathNameW
VerSetConditionMask
GetFileAttributesW
Sleep
InterlockedCompareExchange
InterlockedIncrement
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleW
SetLastError

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

CommandLineToArgvW
ShellExecuteExW
SHFileOperationW

msvcp120

??Bid@locale@std@@QAEIXZ
?_Syserror_map@std@@YAPBDH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z

msvcr120

_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
__CxxFrameHandler3
wcscpy_s
_wfullpath
fclose
_vsnwprintf_s
fwrite
memcpy_s
fgetwc
_lock_file
setvbuf
fsetpos
vswprintf_s
fgetc
fflush
_fseeki64
fgetpos
ungetc
ungetwc
_unlock_file
free
fputwc
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memmove
memset
_CxxThrowException
_purecall
memcpy

shlwapi

PathCanonicalizeW
PathRemoveFileSpecW
PathAddBackslashW
PathCombineW
PathIsPrefixW
PathAppendW
PathRemoveBackslashW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa5e8ee6f0f4e96e819bdfd81e7f76ec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcp120

msvcr120

shlwapi

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 1024B - Virtual size: 2KB

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 70KB - Virtual size: 72KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 1024B - Virtual size: 2KB

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 70KB - Virtual size: 72KB