4394dc5e57f76ffa236ce885177075b3

Sharing

Copy URL

Twitter E-mail

General

Target

4394dc5e57f76ffa236ce885177075b3
Size

179KB
MD5

4394dc5e57f76ffa236ce885177075b3
SHA1

06c5a9ab30e0e204b8ce6542c01d5465d4dd08de
SHA256

5b20cc96d093ba3d0b3f1bfb17a7fed56c5c13bd529e85980ef819f81ce635a6
SHA512

967b13eba69f33302f0c85582b3863d05fceddef8b9a852fc537a611e71c4826fa9a7f8d4cc40e658733dec1fc20af6d29a2bab928fdea4193434c17fffd0cc2
SSDEEP

1536:NsohpzUaW4HCaOEF7q/Atr3r0u47/YTfy2MV7xDLdKxI70OZnmO59tjSf5IBh:moXe4HMvYqgOZmOvNSfgh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4394dc5e57f76ffa236ce885177075b3

Files

4394dc5e57f76ffa236ce885177075b3
.exe windows:5 windows x86 arch:x86

ed45be04e45289c69fe3b681c72c60f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId
GetCurrentThreadId
GlobalFree
GlobalHandle
GlobalLock
GlobalAlloc
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalUnlock
GlobalGetAtomNameA
GetTickCount
GetSystemTimeAsFileTime

user32

CreateWindowExA
GetClientRect
PostMessageA
SendMessageA
GetKeyState
GetWindowLongA
GetParent
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
UpdateWindow
ShowWindow
RegisterClassA
LoadIconA
LoadCursorA
EnableMenuItem
SetFocus
DefWindowProcA
PostQuitMessage
DestroyMenu
KillTimer
SetMenu
SetTimer
SetWindowTextA
SetWindowLongA
DestroyWindow
LoadStringA
CharUpperA
ModifyMenuA
GetMenuStringA
GetSubMenu
IsIconic
MoveWindow
CheckMenuItem
LoadMenuA

gdi32

DeleteObject
GetObjectA

dicovisu

?DefaultInit@@YAHPAUTDemandeDico@@@Z
?GetDictionary@@YAHPAUHWND__@@PAUTDemandeDico@@PAPAX@Z

dictionarymgr

??0CDictionaryMgr@DictionaryMgr@@QAE@PAUHINSTANCE__@@PAVGLLog@GLNetLog@@PAUHWND__@@@Z
?SearchOneSymbol@CDictionaryMgr@DictionaryMgr@@QAE_NW4SearchKey@2@AAVCSymbol@ISymbolDB@@ABUSEltGLID@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CDictionaryMgr@DictionaryMgr@@QAE@XZ

glassert

?doGLAssert@GLAssert@@YAXPBD0H00_N@Z

glcc

LWFixerStyle
GLCCLancerSelectionPilotage
LWImprimer
LWFixerFonte
LWDemanderRafraichZonesEx
LWLireStyle
LWLireTableCouleur
LWEcrireTableCouleur
LWEntamerSaisieTC
LWDemanderDessinItemsChamps
LWDessinItem
LWDemanderDessinItems
GLCCSelectTrueColor
LWFixerNombreItems

glidmgr

?GetInstance@CGlidManager@GlidManager@@SAPAV12@XZ
?GlidInstrumentToString@CGlidManager@GlidManager@@QBE_NABUSEltGLID@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV45@@Z
?PlaceToString@CGlidManager@GlidManager@@QBE_NHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?MarketToString@CGlidManager@GlidManager@@QBE_NHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ExtractGlidInstrument@CGlidManager@GlidManager@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAUSEltGLID@@AAV34@@Z

glordre

GLO_GetNegotiableSLEListByGlid
GLO_PasCotationExSLCCACHE

gloutil

OutilGetRCLangue
OutilGetRCSousLangue
LocaleLoadString
OutilAjoutFenTableInstanceBis
OutilGetNomFichierIni
OutilEnvoiInitBgl
OutilLireValFenLiee
OutilStandardGLProc
OutilDefWindowProc
OutilVerifierRessource
OutilUseDoubleClic
OutilGetRectEcran
OutilDuplicateFont
OutilDefInitThemeCouleur
OutilColorrefToString
OutilAbonnerAppli
OutilInitWindowPos
OutilGetCouleurTheme
OutilGetDefautSurcharge
OutilResetInit
OutilStringToColorref
OutilColor32
strntrim
OutilWriteWindowPos
OutilLancerExecutable
OutilCloseWindow
OutilAPropos
OutilHideShowCaption
OutilIsAppliPilotageValide
OutilCreerFonte
OutilSelectFonte
OutilSauverGLIDAppli
OutilLancerMenuPopup
OutilCreateMenuPopup
strtrim
OutilQteToStrSepEspace
OutilFormatPrice
FormaterCapSur5
FormaterDate
FormaterHeure
FormaterHeureHHMMSS
OutilFormatNumber
OutilTickSizeFormat
FormaterMonnaie
LongToStr
LocaleLoadMenu
OutilGetFontHelv
OutilTrueColorFoncee
LocaleLoadStringFromLabel

isymboldb

?GetFormattedName@CSymbol@ISymbolDB@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0CSymbol@ISymbolDB@@QAE@XZ
?GetSymbol@CSymbol@ISymbolDB@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1CSymbol@ISymbolDB@@QAE@XZ

slcgetdat

?GetCharField@CSLCCaracvalData@@QAEDW4Fields@CBaseCaracvalData@@@Z
?GetCharField@CSLCMarketData@@QAEDW4Fields@CBaseMarketData@@@Z
?GetFloatField@CSLCCaracvalData@@QAEMW4Fields@CBaseCaracvalData@@@Z
?GetFloatField@CSLCMarketData@@QAEMW4Fields@CBaseMarketData@@@Z
?GetShortField@CSLCCaracvalData@@QAEGW4Fields@CBaseCaracvalData@@@Z
?GetShortField@CSLCMarketData@@QAEGW4Fields@CBaseMarketData@@@Z
?GetIntField@CSLCCaracvalData@@QAEHW4Fields@CBaseCaracvalData@@@Z
?GetIntField@CSLCMarketData@@QAEHW4Fields@CBaseMarketData@@@Z
?GetLongField@CSLCCaracvalData@@QAEJW4Fields@CBaseCaracvalData@@@Z
?GetDoubleField@CSLCCaracvalData@@QAENW4Fields@CBaseCaracvalData@@@Z
?IsFieldSet@CSLCCaracvalData@@QAEHW4Fields@CBaseCaracvalData@@@Z
?GetStringField@CSLCCaracvalData@@QAEPBDW4Fields@CBaseCaracvalData@@@Z
??0CSLCConnection@@QAE@XZ
?AddReplyHandler@CSLCConnection@@QAE?AW4ReturnCode@Constants@@PAVCReplyHandler@@@Z
??1CSLCConnection@@QAE@XZ
??1CSLCMarketData@@QAE@XZ
??1CSLCCaracvalData@@QAE@XZ
??0CSLCMarketRequest@@QAE@PAVCSLCConnection@@@Z
?Init@CSLCMarketRequest@@QAEXXZ
?SetCancel@CSLCMarketRequest@@UAEXH@Z
?SelectAll@CSLCMarketRequest@@QAEXXZ
?AddGLIDValue@CSLCMarketRequest@@QAE?AW4ReturnCode@Constants@@HHHHPBD@Z
?SendRequest@CSLCConnection@@QAE?AW4ReturnCode@Constants@@PAVCRequest@@@Z
??0CSLCCaracvalRequest@@QAE@PAVCSLCConnection@@@Z
?Init@CSLCCaracvalRequest@@QAEXXZ
?SetCancel@CSLCCaracvalRequest@@UAEXH@Z
?SetRefresh@CSLCCaracvalRequest@@UAEXH@Z
?SelectAll@CSLCCaracvalRequest@@QAEXXZ
?AddGLIDValue@CSLCCaracvalRequest@@QAE?AW4ReturnCode@Constants@@HHHHPBD@Z
??1CSLCCaracvalRequest@@QAE@XZ
??1CSLCMarketRequest@@QAE@XZ
??0CSLCMarketData@@QAE@PAVCSLCMarketReply@@@Z
?GetLongField@CSLCMarketData@@QAEJW4Fields@CBaseMarketData@@@Z
?IsFieldSet@CSLCMarketData@@QAEHW4Fields@CBaseMarketData@@@Z
?GetStringField@CSLCMarketData@@QAEPBDW4Fields@CBaseMarketData@@@Z
?GetGLID@CSLCMarketData@@QAE?AW4ReturnCode@Constants@@PAH000@Z
?GetDoubleField@CSLCMarketData@@QAENW4Fields@CBaseMarketData@@@Z
?GetGlidMnemo@CSLCMarketData@@QAE?AW4ReturnCode@Constants@@AAUSEltGLID@@PAD@Z
??0CSLCCaracvalData@@QAE@PAVCSLCCaracvalReply@@@Z
?SetRefresh@CSLCMarketRequest@@UAEXH@Z

msvcp90

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?eof@?$char_traits@D@std@@SAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

msvcr90

__dllonexit
_unlock
atol
sprintf
strchr
atoi
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
memset
strncpy
??2@YAPAXI@Z
_decode_pointer
??3@YAXPAX@Z
__CxxFrameHandler3
_encode_pointer
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_itoa

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed45be04e45289c69fe3b681c72c60f1

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

dicovisu

dictionarymgr

glassert

glcc

glidmgr

glordre

gloutil

isymboldb

slcgetdat

msvcp90

msvcr90

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 70KB - Virtual size: 71KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 70KB - Virtual size: 71KB

.rsrc
Size: 15KB - Virtual size: 15KB