04a45a8935a0f2a348d5c11cc45fa761

Sharing

Copy URL Twitter E-mail

General

Target

04a45a8935a0f2a348d5c11cc45fa761
Size

1012KB
MD5

04a45a8935a0f2a348d5c11cc45fa761
SHA1

7e636cadce4966988c9d7479eda5912fa5c4030f
SHA256

acafb95c3511ef94afde8afec3b851889ea6d210796ed485ea8542a5412fa4bb
SHA512

b1ed71056ea010be34e994087fe41d7e8a62667f4eb7260d47eadf1bd07c9ee4d7de15a124cd50ace2661ea29fa31295d2578f57c0f31682c8a1e6dbdb455be5
SSDEEP

24576:vRgEbgL/27JNfBAgwdzG+PacMmFHXarKftr742XmJffnumSRpwyCTqF2HtIoOFdT:JsGAgwdz7Bi2d74nT82Ht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04a45a8935a0f2a348d5c11cc45fa761

Files

04a45a8935a0f2a348d5c11cc45fa761
.exe windows:4 windows x86 arch:x86

198997ee6095ad7104420b8861636e51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

sensapi

IsNetworkAlive

mfc71

ord2417
ord2451
ord781
ord3934
ord310
ord6090
ord4125
ord4298
ord1482
ord3210
ord1934
ord3204
ord1280
ord3161
ord2367
ord2372
ord1545
ord5915
ord1620
ord4232
ord5152
ord928
ord930
ord2403
ord2385
ord2387
ord3345
ord1362
ord5175
ord1599
ord2714
ord4261
ord3164
ord784
ord907
ord298
ord1425
ord5731
ord1916
ord6067
ord3684
ord4353
ord1279
ord5214
ord2991
ord572
ord587
ord651
ord753
ord416
ord563
ord602
ord1929
ord5403
ord2469
ord347
ord4115
ord6255
ord1009
ord6065
ord5637
ord589
ord5613
ord330
ord1063
ord326
ord4001
ord4123
ord5641
ord502
ord2075
ord4951
ord3761
ord4035
ord3337
ord760
ord746
ord2131
ord1185
ord3163
ord558
ord1917
ord1161
ord1968
ord4108
ord4109
ord5563
ord865
ord5642
ord5640
ord5727
ord6037
ord5647
ord2264
ord1005
ord3997
ord2271
ord5438
ord6282
ord266
ord265
ord3295
ord530
ord722
ord5714
ord3650
ord1191
ord1187
ord3477
ord4287
ord1230
ord2803
ord4129
ord4674
ord5166
ord3380
ord1580
ord2566
ord2008
ord5206
ord631
ord1440
ord2748
ord2751
ord3931
ord2288
ord2280
ord386
ord911
ord2322
ord4928
ord3255
ord5331
ord262
ord6297
ord2346
ord648
ord410
ord5491
ord5490
ord4673
ord3641
ord3441
ord5182
ord4212
ord4735
ord4890
ord2020
ord1671
ord1670
ord1551
ord5912
ord1401
ord5203
ord4262
ord354
ord605
ord1793
ord2657
ord5529
ord4580
ord715
ord1123
ord1643
ord2418
ord3292
ord1794
ord745
ord557
ord2164
ord3908
ord6281
ord5969
ord1728
ord300
ord1084
ord4100
ord2094
ord3244
ord1955
ord2371
ord1283
ord1654
ord1598
ord2987
ord3328
ord754
ord2370
ord1930
ord1564
ord5320
ord6286
ord3636
ord3459
ord4972
ord4494
ord4584
ord4625
ord4465
ord4910
ord4211
ord4734
ord4719
ord385
ord630
ord2021
ord3038
ord3057
ord4464
ord3056
ord6180
ord6174
ord6006
ord5716
ord4541
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord5224
ord5226
ord3948
ord5230
ord5566
ord2838
ord4481
ord3333
ord757
ord566
ord629
ord4568
ord2248
ord1486
ord5213
ord723
ord663
ord1054
ord3830
ord6205
ord5715
ord869
ord1614
ord655
ord1439
ord6288
ord383
ord5111
ord421
ord3022
ord1740
ord3401
ord2938
ord2468
ord6283
ord3389
ord3758
ord6168
ord4044
ord548
ord4066
ord1003
ord1716
ord5430
ord6063
ord1395
ord3182
ord426
ord531
ord5446
ord5444
ord2924
ord6144
ord442
ord675
ord3596
ord658
ord2368
ord2092
ord1641
ord1571
ord4238
ord2958
ord3230
ord5866
ord3879
ord2867
ord2882
ord2866
ord6236
ord3875
ord2794
ord5873
ord3088
ord2754
ord1892
ord5089
ord384
ord5323
ord2903
ord3635
ord3595
ord5227
ord4569
ord759
ord570
ord2249
ord2475
ord3350
ord3349
ord5567
ord3605
ord1646
ord1588
ord3312
ord736
ord5420
ord5710
ord6119
ord4104
ord2421
ord2420
ord2419
ord1903
ord762
ord764
ord2933
ord299
ord6118
ord2902
ord876
ord1489
ord304
ord4081
ord297
ord2272
ord4200
ord578
ord501
ord709
ord2931
ord5833
ord4273
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2862
ord2717
ord4307
ord2835
ord2731
ord2537
ord5200
ord1562
ord1655
ord1656
ord1964
ord1360
ord4967
ord3344
ord6277
ord3802
ord6279
ord1522
ord912
ord2172
ord2178
ord2405
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord932
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord4185
ord6275
ord5073
ord1908
ord5151
ord4244
ord1402
ord3946
ord1617
ord1619
ord5914
ord3974
ord4860
ord4863
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4776
ord4587
ord4178
ord4171
ord4980
ord4389
ord4781
ord4204
ord4790
ord4443
ord4444
ord3740
ord4914
ord4519
ord4920
ord4559
ord5049
ord4439
ord4368
ord4501
ord4846
ord4970
ord4529
ord4480
ord4971
ord4516
ord4948
ord4794
ord4376
ord4377
ord4963
ord4796
ord4710
ord4805
ord5053
ord4964
ord4649
ord4946
ord4507
ord4961
ord4131
ord1302
ord4132
ord1581
ord1207

msvcr71

_stricmp
_strnicmp
_itoa
puts
_purecall
_iob
exit
fprintf
fread
fgetpos
fsetpos
_filelengthi64
_strupr
memcpy
memset
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
gmtime
_mbsicmp
fgets
realloc
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
strtok
strncmp
fopen
fwrite
fclose
_time64
_strdup
strrchr
memmove
_localtime64
_mktime64
_mbsstr
time
srand
__p___argc
__p___argv
strchr
rand
localtime
strftime
_except_handler3
sprintf
tolower
_snprintf
_mbstok
_ismbblead
_cexit
_splitpath
_access
strncpy
strstr
vsprintf
free
malloc
atol
atoi
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__CxxFrameHandler
_ultoa
_setmbcp
__set_app_type
_controlfp

kernel32

CreateFileMappingA
CreateProcessA
GetModuleHandleA
GetCurrentProcess
GetCurrentThreadId
UnmapViewOfFile
CreateDirectoryA
lstrlenA
MoveFileA
lstrcatA
lstrcpyA
MapViewOfFile
OpenFileMappingA
ExitThread
Sleep
GetCurrentThread
SetThreadPriority
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateToolhelp32Snapshot
GetWindowsDirectoryA
Process32First
Process32Next
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
GetLastError
lstrcpyW
lstrlenW
FormatMessageA
DeleteFileA
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
GlobalUnlock
GlobalLock
GlobalAlloc
CreateFileA
LoadResource
SizeofResource
FindResourceA
GlobalFree
GetDiskFreeSpaceA
GlobalReAlloc
WritePrivateProfileStringA
InitializeCriticalSection
DeleteCriticalSection
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
GetExitCodeThread
OpenProcess
CopyFileA

user32

EnableWindow
LoadBitmapA
GetCursorPos
RegisterWindowMessageA
GetClientRect
EndPaint
GetDC
GetWindowDC
ReleaseDC
BringWindowToTop
BeginPaint
GetWindowRect
GetActiveWindow
ClientToScreen
GetParent
PtInRect
AppendMenuA
InvalidateRect
SetTimer
FindWindowExA
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
IsChild
GetDoubleClickTime
GetDesktopWindow
ScreenToClient
RemoveMenu
ModifyMenuA
EnableMenuItem
MoveWindow
RegisterClassExA
CreateWindowExA
ShowWindow
SystemParametersInfoA
GetClipboardData
CloseClipboard
DestroyWindow
RegisterHotKey
EnumDisplaySettingsA
GetKeyState
DefWindowProcA
UnregisterHotKey
PostThreadMessageA
OpenClipboard
IsZoomed
GetSystemMenu
GetMenuState
CheckMenuItem
GetCapture
CreatePopupMenu
DrawIcon
IsRectEmpty
SetForegroundWindow
GetClassNameA
UnregisterClassA
IsWindowVisible
SetRect
GetMenuStringA
GetMenuItemID
GetMenuItemCount
LoadIconA
SetWindowLongA
LoadCursorA
SetWindowRgn
IsIconic
RedrawWindow
DrawTextExA
FindWindowA
GetSystemMetrics
UpdateWindow
SetRectEmpty
LoadMenuA
LoadImageA
GetSysColor
GetSubMenu
TrackPopupMenuEx
PostMessageA
SetCursor
DestroyCursor
DestroyMenu
GetNextDlgTabItem
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
DrawStateA
DestroyIcon
IsWindow
ReleaseCapture
DrawTextA
SendMessageA
GetWindowLongA
WindowFromPoint
SetCapture
KillTimer

gdi32

CreateDIBSection
ExtCreateRegion
CreateRectRgn
CombineRgn
GetDIBits
CreatePolygonRgn
PtInRegion
StretchBlt
CreateRectRgnIndirect
SetBkMode
CreateFontA
GetTextMetricsA
PatBlt
CreatePatternBrush
CreateSolidBrush
UnrealizeObject
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
SetBkColor
DeleteDC
GetStockObject
DeleteObject
SetTextColor
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
SelectObject
CreateFontIndirectA
GetObjectA

comdlg32

CommDlgExtendedError

advapi32

RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

DragQueryFileA
DragFinish
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA
ShellExecuteA

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Draw
_TrackMouseEvent

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoCreateInstance

oleaut32

SafeArrayCreateVector
SystemTimeToVariantTime
SafeArrayDestroy
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SysStringLen
VariantClear
VariantInit

ws2_32

closesocket
ioctlsocket
setsockopt
socket
htons
inet_addr
gethostbyname
sendto
recvfrom
WSAStartup
bind

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

winmm

PlaySoundA

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

198997ee6095ad7104420b8861636e51

Headers

File Characteristics

Imports

version

sensapi

mfc71

msvcr71

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

msvcp71

winmm

Sections

.text Size: 380KB - Virtual size: 378KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 296KB - Virtual size: 292KB

.tc Size: 244KB - Virtual size: 244KB

.text
Size: 380KB - Virtual size: 378KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 296KB - Virtual size: 292KB

.tc
Size: 244KB - Virtual size: 244KB