41c6246eca3b820a749de85a32c4b232

Sharing

Copy URL Twitter E-mail

General

Target

41c6246eca3b820a749de85a32c4b232
Size

313KB
MD5

41c6246eca3b820a749de85a32c4b232
SHA1

55c3187b02c0987b8a268421055475e655a2a202
SHA256

3e8c7e73a6ecee6516ec847ced58915a952d4d4d5fda01988f825c69618540e5
SHA512

54d719bedf9f96318a79e8a5c7a95ff4c906a93e19a0d1002283011284accf4ac5c4343030be2124da0f3c2df65eaf0a2a3bbb8168fbb36e2e38162a0f88f95e
SSDEEP

3072:NgqaWSCHgXK1tnkGDL088DPT2JbfO6EtwgzacBYTVMw0dRzgTTrzD1dLVyA5TXis:ieBJPDw88bToQac+ZSmTrjVPTyS64G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41c6246eca3b820a749de85a32c4b232

Files

41c6246eca3b820a749de85a32c4b232
.exe windows:5 windows x86 arch:x86

2fb853fe688b6d5f8b391ad50d974849

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mfc42u

ord439
ord4229
ord3087
ord1771
ord2634
ord1775
ord940
ord942
ord6195
ord4704
ord4847
ord4050
ord2933
ord6330
ord5949
ord2286
ord2354
ord755
ord470
ord6153
ord5147
ord5784
ord5790
ord5783
ord4358
ord5244
ord3578
ord620
ord298
ord4225
ord2371
ord4753
ord3687
ord2066
ord1257
ord1196
ord3867
ord4470
ord5947
ord5977
ord3090
ord4532
ord4768
ord5641
ord5579
ord858
ord922
ord4124
ord5679
ord5706
ord536
ord4199
ord4315
ord816
ord562
ord6190
ord4018
ord6115
ord1941
ord4270
ord5286
ord567
ord818
ord1230
ord3747
ord6124
ord3016
ord4215
ord2576
ord3649
ord2430
ord6266
ord3490
ord2858
ord1637
ord3133
ord4357
ord5083
ord4444
ord4665
ord4679
ord1878
ord4246
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord5006
ord975
ord5472
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord747
ord2755
ord2914
ord450
ord442
ord736
ord5491
ord2096
ord4454
ord5652
ord5028
ord4407
ord5728
ord4237
ord3345
ord5468
ord4146
ord5278
ord674
ord366
ord2084
ord4451
ord5048
ord4787
ord5092
ord4614
ord4612
ord1886
ord4249
ord4010
ord4951
ord4855
ord4820
ord3182
ord4944
ord2429
ord2163
ord4511
ord4634
ord4910
ord4996
ord4485
ord5015
ord3101
ord4599
ord4994
ord4410
ord5497
ord4622
ord2986
ord3412
ord5019
ord3509
ord6340
ord5623
ord1003
ord3444
ord3782
ord3245
ord4691
ord3055
ord3061
ord6332
ord2502
ord5240
ord4417
ord2394
ord4381
ord3449
ord3193
ord6077
ord6171
ord3256
ord4617
ord4424
ord748
ord456
ord4819
ord4854
ord4950
ord5573
ord2776
ord5650
ord1740
ord5738
ord4651
ord1255
ord599
ord2721
ord1240
ord2719
ord2722
ord957
ord2007
ord962
ord750
ord603
ord1262
ord6386
ord1985
ord1961
ord273
ord2247
ord458
ord5200
ord2532
ord5014
ord6193
ord4488
ord2385
ord5734
ord4615
ord4356
ord5082
ord4442
ord4675
ord1263
ord739
ord324
ord4493
ord4589
ord5024
ord4989
ord323
ord5601
ord4504
ord5153
ord6191
ord4609
ord4269
ord4480
ord2546
ord2504
ord5727
ord3917
ord4401
ord5237
ord3341
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord3733
ord6360
ord3321
ord6361
ord4467
ord6346
ord5495
ord3273
ord3348
ord4616
ord6450
ord3676
ord3614
ord815
ord459
ord561
ord743
ord5496
ord2550
ord5712
ord5713
ord2028
ord986
ord6133
ord520
ord1202
ord6112
ord2717
ord1173
ord6371
ord4692
ord1197
ord925
ord1149
ord4604
ord3442
ord3191
ord537
ord927
ord1208
ord3998
ord1651
ord4369
ord4846
ord3379
ord482
ord5228
ord1561
ord5264
ord6238
ord1897
ord1937
ord4268
ord1922
ord5070
ord4335
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord560
ord813
ord5256
ord1891
ord2527
ord2238
ord2529
ord3512
ord4364
ord4884
ord4893
ord4458
ord4502
ord4343
ord4426
ord4294
ord4141
ord2486
ord2618
ord2619
ord4607
ord4608
ord1807
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord5788
ord2518
ord469
ord3517
ord3516
ord4154
ord6399
ord6398
ord1887
ord4952
ord3402
ord4984
ord4921
ord4711
ord5102
ord4906
ord4640
ord4974
ord4516
ord4531
ord5069
ord4033
ord3276
ord4620
ord749
ord2378
ord2379
ord457
ord2548
ord4647
ord4987
ord4851
ord5012
ord4682
ord2958
ord430
ord4931
ord4926
ord1821
ord3397
ord3605
ord656
ord5871
ord6376
ord6375
ord2081
ord3871
ord1930
ord1809
ord5878
ord3312
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord2455
ord1644
ord1259
ord4263
ord3290
ord4360
ord5080
ord1703
ord1708
ord5058
ord554
ord5879
ord4143
ord2112
ord807
ord4230
ord5076
ord1705
ord6049
ord642
ord327
ord2079
ord1795
ord1704
ord414
ord5855
ord4128
ord4292
ord713
ord6137
ord1258
ord5808
ord3570
ord610
ord6135
ord287
ord996
ord3971
ord2767
ord3974
ord860
ord2362
ord2281
ord2438
ord3592
ord4419
ord6370
ord5257
ord5276
ord5647
ord535
ord1767
ord4398
ord1768
ord4073
ord6051
ord1702
ord2753
ord1081
ord715
ord415
ord1863
ord823
ord1143
ord5035
ord3792
ord6211
ord5047
ord6065
ord3289
ord2706
ord2522
ord3480
ord1634
ord5777
ord5781
ord3701
ord1710
ord5079
ord2381
ord4116
ord5467

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_CxxThrowException
free
_getdcwd
rand
_purecall
_wcsdup
wcscat
_wcsicmp
_strcmpi
strncmp
strstr
atol
strrchr
_itow
wcsncpy
wcstok
_except_handler3
_exit
_XcptFilter
exit
_wcmdln
_wtol
_ltow
_wtoi
_wsplitpath
_EH_prolog
__CxxFrameHandler
wcscmp

advapi32

RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExA
RegSetValueW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

kernel32

GetStartupInfoW
WideCharToMultiByte
GlobalAlloc
lstrcmpW
IsDBCSLeadByte
lstrcpyW
GetACP
GetThreadLocale
GetModuleHandleA
GetTickCount
FindFirstFileW
FindClose
GetModuleFileNameW
lstrcpynW
GetShortPathNameW
GetLastError
GetCommandLineW
GetModuleHandleW
GetProcAddress
lstrcmpiW
DeleteFileW
SetEndOfFile
SetErrorMode
MulDiv
lstrlenA
MultiByteToWideChar
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GetTempFileNameW
GlobalLock
GlobalUnlock
GlobalFree
CreateFileW
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CloseHandle
GetNumberFormatW
GetLocaleInfoW
lstrcatW
lstrlenW
HeapAlloc
GetProcessHeap
LoadLibraryA
FreeLibrary
ReadFile
HeapFree
FindFirstFileA
lstrcpyA
CreateFileA
lstrcatA
lstrcmpA

gdi32

PtVisible
CreatePolygonRgn
ExtFloodFill
CreateFontIndirectW
UnrealizeObject
RoundRect
SetBrushOrgEx
StretchBlt
GetPixel
SetStretchBltMode
Polygon
OffsetRgn
Ellipse
MoveToEx
LineTo
CreatePen
SetDIBitsToDevice
GetNearestColor
SetPixel
GetDIBits
CreateHalftonePalette
CreateDIBitmap
SetViewportExtEx
PlayMetaFile
CreateDIBSection
SetMapMode
LPtoDP
SaveDC
CreatePalette
Rectangle
RestoreDC
SetDIBColorTable
GetStockObject
GetDIBColorTable
CreateSolidBrush
CreatePatternBrush
FillRgn
GetNearestPaletteIndex
ResizePalette
GetPaletteEntries
GetDeviceCaps
CreateBitmap
SetPaletteEntries
DeleteObject
DeleteDC
SetDIBits
SelectPalette
RealizePalette
CreateCompatibleBitmap
SetTextColor
SetBkColor
SetBkMode
SelectObject
SetTextAlign
PatBlt
CreateCompatibleDC
CreateRectRgnIndirect
ExtTextOutW
CreateICW
GetTextMetricsW
BitBlt
GetObjectW
Polyline
TextOutW
Escape
StretchDIBits
TranslateCharsetInfo
GetTextColor
GetBkMode
EnumFontFamiliesExW
EnumFontFamiliesW
PolyBezier
SetROP2
CreateDCW
RectVisible
GetTextExtentPointW

user32

WindowFromPoint
ScreenToClient
GetCursorPos
UnionRect
GetKeyState
IsRectEmpty
IntersectRect
SetTimer
KillTimer
EqualRect
SetCursor
LoadCursorW
BringWindowToTop
SetActiveWindow
GetFocus
ReleaseCapture
SetCapture
ClientToScreen
GetSubMenu
LoadMenuW
GetDesktopWindow
RemoveMenu
GetSystemMenu
PostMessageW
OpenClipboard
GetClassInfoW
IsWindowVisible
SystemParametersInfoW
DestroyIcon
LoadStringW
GetDC
DrawFocusRect
GetMenu
SetWindowLongW
CopyRect
CharNextW
GrayStringW
GetWindowDC
EndPaint
BeginPaint
GetUpdateRect
ValidateRect
ShowCaret
HideCaret
GetKeyboardLayout
SetCaretPos
GetCaretPos
CreateCaret
DestroyCaret
SetClassLongW
ShowCursor
GetWindow
RedrawWindow
CheckMenuItem
DestroyWindow
DefWindowProcW
ShowWindow
CreateWindowExW
RegisterClassW
EnableScrollBar
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
FrameRect
GetCapture
GetClientRect
WinHelpW
RegisterClipboardFormatW
TabbedTextOutW
DrawTextW
ReleaseDC
OffsetRect
PtInRect
SetWindowTextW
wvsprintfW
MessageBoxW
GetParent
FillRect
SetRect
SetRectEmpty
MessageBeep
GetSystemMetrics
EnableWindow
SendMessageW
LoadBitmapW
IsWindow
GetWindowRect
UpdateWindow
InvalidateRect
wsprintfW
GetSysColor
InflateRect
IsMenu
LoadIconW
EnableMenuItem
LoadStringA

comdlg32

GetFileTitleW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

StringFromCLSID
CoTaskMemFree
WriteFmtUserTypeStg
WriteClassStg

shell32

ExtractIconW
ShellAboutW
CommandLineToArgvW

imm32

ImmNotifyIME
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmGetCompositionWindow

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fb853fe688b6d5f8b391ad50d974849

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

ole32

shell32

imm32

Sections

.text Size: 233KB - Virtual size: 233KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 71KB - Virtual size: 72KB

.text
Size: 233KB - Virtual size: 233KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 71KB - Virtual size: 72KB