1f295a70950adc498456d65ae6cf7a73

Sharing

Copy URL

Twitter E-mail

General

Target

1f295a70950adc498456d65ae6cf7a73
Size

1.1MB
MD5

1f295a70950adc498456d65ae6cf7a73
SHA1

cfff5429b3644462636be34e631748e5e1274b57
SHA256

77e803e84cc16d8d6012e06a9108bc2d9bd4125b4d1ba2cb869759bd2f1a4533
SHA512

46acb563ccd9b709edacf09ce0f4e5ec9288e6cab35c034d5f7809a93c7987f5a58faccce76685d846d1ca7e0f0095a6e3bfdf3a23fbc97a1cac15dded9219a1
SSDEEP

24576:SCAH0DThn3BxInAvFYtSkjVXu7Cg2XxefhGlx4xY:x7hnRxKkTkjFuCg20fha4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f295a70950adc498456d65ae6cf7a73

Files

1f295a70950adc498456d65ae6cf7a73
.exe windows:5 windows x86 arch:x86

b9548f728ed27de14f2444a1769a40b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3867
ord5798
ord1761
ord3093
ord2729
ord5268
ord5267
ord602
ord3562
ord2281
ord927
ord4273
ord2574
ord4396
ord3365
ord3635
ord693
ord686
ord802
ord384
ord542
ord6896
ord2857
ord6898
ord2088
ord5647
ord3122
ord3611
ord350
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord1739
ord5573
ord3167
ord5649
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord4414
ord2391
ord4211
ord665
ord1971
ord3178
ord6381
ord5180
ord354
ord941
ord501
ord773
ord5736
ord4947
ord4852
ord6004
ord1817
ord338
ord4817
ord4233
ord652
ord2078
ord2855
ord1560
ord268
ord4078
ord1936
ord1826
ord4224
ord4583
ord4582
ord4893
ord4364
ord4886
ord4527
ord4334
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord3743
ord1718
ord5256
ord4426
ord5906
ord2970
ord4282
ord4279
ord3792
ord1833
ord784
ord5070
ord4341
ord5277
ord2083
ord804
ord4236
ord3701
ord2579
ord4400
ord3389
ord3724
ord364
ord4714
ord5848
ord4502
ord4780
ord6139
ord6874
ord801
ord4988
ord834
ord541
ord3753
ord935
ord939
ord2070
ord5031
ord2236
ord5854
ord6298
ord4163
ord5603
ord6136
ord2754
ord1083
ord5617
ord654
ord341
ord413
ord711
ord2400
ord2858
ord2090
ord539
ord537
ord1808
ord4215
ord2576
ord3649
ord2430
ord1637
ord3084
ord6266
ord5155
ord5156
ord5154
ord4899
ord4736
ord4213
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord489
ord4253
ord768
ord4709
ord1683
ord4433
ord2046
ord4425
ord3695
ord496
ord4254
ord5050
ord2520
ord5845
ord2876
ord3470
ord5605
ord5790
ord6168
ord5785
ord4238
ord3288
ord3281
ord4442
ord4665
ord4670
ord4975
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord4148
ord2375
ord5280
ord4431
ord4422
ord796
ord807
ord4584
ord4407
ord5251
ord4495
ord3865
ord4356
ord4143
ord554
ord529
ord402
ord6063
ord6205
ord5048
ord4901
ord6065
ord3479
ord4462
ord2250
ord5867
ord2486
ord2619
ord2618
ord5996
ord2109
ord5879
ord2112
ord4451
ord4718
ord5677
ord3739
ord3693
ord765
ord4199
ord4269
ord4605
ord4603
ord4479
ord3466
ord1994
ord5725
ord5190
ord5498
ord3441
ord3190
ord985
ord3597
ord648
ord334
ord5727
ord6399
ord2504
ord5124
ord6371
ord692
ord6193
ord5047
ord815
ord4480
ord2546
ord3917
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord2717
ord5746
ord4604
ord3282
ord5846
ord4606
ord6191
ord986
ord411
ord1229
ord4154
ord2613
ord6113
ord6024
ord1264
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord832
ord5446
ord6390
ord5436
ord6379
ord860
ord3728
ord810
ord4266
ord3291
ord4118
ord1561
ord1177
ord1127
ord643
ord2443
ord5978
ord329
ord3197
ord1169
ord5856
ord1941
ord772
ord500
ord5274
ord5714
ord2621
ord1134
ord1258
ord5602
ord5597
ord6565
ord4272
ord536
ord3312
ord2776
ord6655
ord3092
ord6867
ord2859
ord2756
ord6278
ord6237
ord470
ord6115
ord755
ord472
ord5783
ord5784
ord4292
ord4128
ord836
ord3050
ord323
ord920
ord837
ord6017
ord5869
ord2397
ord640
ord2746
ord5871
ord6166
ord283
ord818
ord3737
ord919
ord929
ord2854
ord5781
ord1633
ord1143
ord2015
ord2403
ord2294
ord2293
ord1172
ord1165
ord2362
ord825
ord2637
ord4847
ord4704
ord4155
ord2810
ord6330
ord4229
ord324
ord540
ord861
ord2606
ord538
ord858
ord800
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord3566
ord1634
ord3614
ord3568
ord2406
ord4270
ord3621
ord3658
ord6770
ord922
ord2291
ord6279
ord2755
ord3805
ord933
ord3875
ord3420
ord3049
ord3222
ord3403
ord2910
ord5568
ord5929
ord3605
ord6451
ord656
ord2290
ord2244
ord4280
ord4283
ord6211
ord3476
ord5977
ord3133
ord4294
ord527
ord794
ord5679
ord5706
ord4124
ord2809
ord2371
ord2914
ord942
ord3871
ord940
ord535
ord609
ord3569
ord4390
ord2567
ord3716
ord6195
ord795
ord5279
ord401
ord4494
ord976
ord4461
ord5250
ord4421
ord2437
ord4430
ord1658
ord2641
ord2374

msvcrt

malloc
free
_ftol
wcscpy
wcsrchr
realloc
wcsncpy
localtime
_tzset
mktime
wcslen
_putenv
_errno
fseek
_fdopen
_open_osfhandle
_wcsrev
_wcsdup
fflush
fread
_filelength
_getpid
_mbscpy
_mbslen
_wfopen
wcscmp
_wcsicmp
__CxxFrameHandler
_controlfp
_except_handler3
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
swscanf
isspace
_snwprintf
fclose
ftell
time
clearerr
fwrite
wcstok
isalpha
_wtoi
_purecall
_wcsnicmp
_local_unwind2
wcsncmp
wcspbrk
wcsncat
wprintf
_CxxThrowException
memmove
_wcsupr
wcscat
calloc
wcschr
swprintf
_wcslwr
wcsstr
_vsnwprintf

advapi32

LookupAccountSidW
RegQueryValueExA
ReadEncryptedFileRaw
WriteEncryptedFileRaw
EnumDependentServicesW
ControlService
OpenEncryptedFileRawW
CloseEncryptedFileRaw
EncryptFileW
DecryptFileW
RegRestoreKeyW
RegLoadKeyW
AddAccessAllowedAce
DeleteAce
EqualSid
GetAce
QueryServiceStatus
OpenServiceW
StartServiceW
GetUserNameW
RegisterEventSourceW
ReportEventW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
RegDeleteValueW
SetFileSecurityW
RegSaveKeyW
OpenThreadToken
GetTokenInformation
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegOpenKeyW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
InitializeAcl
RegConnectRegistryW
RegReplaceKeyW
RegUnLoadKeyW
RegFlushKey

kernel32

GetModuleHandleA
FindResourceW
LoadResource
LockResource
GlobalAlloc
GlobalFree
CreateProcessW
FormatMessageW
FindNextFileW
VerSetConditionMask
VerifyVersionInfoW
LocalFree
CreateSemaphoreW
ReleaseSemaphore
GetSystemDirectoryW
GetVersionExW
GetCurrentThreadId
CreateMutexW
ReleaseMutex
GetTapeParameters
GetSystemTime
SetFilePointer
GetProcessHeap
HeapAlloc
HeapFree
CreateEventW
SetEvent
MultiByteToWideChar
GetUserDefaultLCID
GetVolumePathNameW
FlushFileBuffers
DeviceIoControl
ReadFile
WriteFile
GetEnvironmentVariableW
GetExitCodeThread
GetFileInformationByHandle
SetFileAttributesW
GetCurrentThread
GetCurrentProcess
GetWindowsDirectoryW
GetTickCount
Sleep
GetComputerNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
DeleteCriticalSection
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
ExpandEnvironmentStringsW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetCurrentDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
CreateThread
FindFirstFileW
FindClose
GetLocaleInfoW
SetLastError
GetLastError
DeleteFileW
CreateDirectoryW
CreateFileW
CloseHandle
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetCurrentDirectoryA
GetCurrentDirectoryW
CompareStringW
GetNumberFormatW
SetErrorMode
SetEndOfFile
SetTapePosition
GetTapePosition
EraseTape
WriteTapemark
GetTapeStatus
SetTapeParameters
PrepareTape
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
ExitThread
MoveFileExW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
BackupRead
BackupWrite
CreateHardLinkW
BackupSeek
GetFileSize
LockFile
SetFileShortNameW
SetFileTime
LocalFileTimeToFileTime
GetCompressedFileSizeW
RemoveDirectoryW
WideCharToMultiByte
LoadLibraryA
GetStartupInfoW

gdi32

GetObjectW
Polygon
CombineRgn
CreateRectRgn
DeleteObject
GetTextExtentPoint32W
BitBlt
PatBlt
Rectangle
GetMapMode
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
CreateFontIndirectW

user32

SetCursor
GetSysColor
LoadCursorW
KillTimer
SetTimer
IsWindowVisible
InvalidateRect
ReleaseDC
GetSystemMetrics
GetParent
InvalidateRgn
MapDialogRect
SetParent
GetIconInfo
CreateIconIndirect
DestroyIcon
GetActiveWindow
CopyRect
LockSetForegroundWindow
PeekMessageW
GetCapture
SetActiveWindow
GetAsyncKeyState
InflateRect
DrawFocusRect
EnableWindow
SendMessageW
GetDlgItem
wvsprintfW
LoadStringW
DefWindowProcW
PostQuitMessage
CreateDialogParamW
ShowWindow
DestroyWindow
UnregisterClassW
MonitorFromWindow
PostMessageW
GetKeyState
GetWindowRect
ScreenToClient
LoadIconW
CreateIconFromResource
UpdateWindow
SetWindowLongW
ClientToScreen
IsWindow
GetWindowTextLengthW
SetWindowTextW
wsprintfW
GetNextDlgGroupItem
GetWindowTextW
GetWindow
GetWindowLongW
GetMonitorInfoW
SetWindowPos
ExitWindowsEx
SendDlgItemMessageW
MessageBoxW
BringWindowToTop
SystemParametersInfoW
FlashWindow
GetDesktopWindow
IsIconic
GetMenuItemID
GetMenuItemCount
AppendMenuW
EnableMenuItem
DeleteMenu
SetClassLongW
IsCharAlphaW
IsCharAlphaNumericW
GetCursorPos
WindowFromPoint
ChildWindowFromPoint
GetFocus
LoadMenuW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadImageW
GetMenu
RemoveMenu
GetSubMenu
GetDC
GetClientRect
LoadBitmapW

ntdll

towupper
_aulldvrm
iswctype
NtSetQuotaInformationFile
NtQueryQuotaInformationFile
wcstoul
isdigit
wcscspn

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
InitCommonControlsEx
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
PropertySheetW
ImageList_ReplaceIcon

shell32

SHGetFileInfoW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
ExtractIconExW
SHGetFolderPathW
SHGetSpecialFolderLocation

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW
WNetAddConnection2W
WNetCancelConnection2W
WNetCloseEnum

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW

netapi32

NetApiBufferFree
NetApiBufferSize
NetShareEnum
NetServerEnum
NetShareGetInfo
NetWkstaGetInfo

rpcrt4

RpcStringBindingComposeW
RpcNetworkIsProtseqValidW
RpcBindingFree
RpcEpResolveBinding
RpcBindingFromStringBindingW
NdrPointerBufferSize
RpcBindingSetAuthInfoW
NdrFreeBuffer
RpcRaiseException
UuidFromStringW
RpcStringFreeW
NdrConvert
NdrSendReceive
NdrGetBuffer
NdrClientInitializeNew
NdrPointerUnmarshall
NdrPointerMarshall
UuidToStringW

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoInitializeSecurity
StringFromGUID2
CLSIDFromString
CoCreateGuid

setupapi

SetupFindFirstLineW
SetupOpenInfFileW
SetupGetIntField
SetupCloseInfFile
SetupFindNextLine
SetupGetLineTextW
SetupGetStringFieldW

userenv

GetProfilesDirectoryW

ntmsapi

SetNtmsObjectSecurity
GetNtmsObjectSecurity
CloseNtmsSession
SetNtmsObjectInformationW
GetNtmsObjectAttributeW
SetNtmsObjectAttributeW
EnumerateNtmsObject
CreateNtmsMediaPoolW
MountNtmsMedia
DismountNtmsMedia
AllocateNtmsMedia
BeginNtmsDeviceChangeDetection
SetNtmsUIOptionsW
IdentifyNtmsSlot
OpenNtmsSessionW
SetNtmsDeviceChangeDetection
EndNtmsDeviceChangeDetection
DeleteNtmsMediaPool
EjectNtmsMedia
AccessNtmsLibraryDoor
InjectNtmsMedia
ImportNtmsDatabase
MoveToNtmsMediaPool
UpdateNtmsOmidInfo
WaitForNtmsNotification
CloseNtmsNotification
OpenNtmsNotification
DeleteNtmsMedia
DeallocateNtmsMedia
GetNtmsObjectInformationW

clusapi

RestoreClusterDatabase
GetNodeClusterState

query

SetCatalogState

sfc_os

SfcGetNextProtectedFile

syssetup

AsrFreeContext
AsrRestorePlugPlayRegistryData
AsrAddSifEntryW
AsrCreateStateFileW

oleaut32

SysFreeString

vssapi

ord3
ord4
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
ord6

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9548f728ed27de14f2444a1769a40b8

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

ntdll

comctl32

shell32

mpr

comdlg32

netapi32

rpcrt4

ole32

setupapi

userenv

ntmsapi

clusapi

query

sfc_os

syssetup

oleaut32

vssapi

Sections

.text Size: 812KB - Virtual size: 812KB

.data Size: 15KB - Virtual size: 73KB

.rsrc Size: 288KB - Virtual size: 308KB

.text
Size: 812KB - Virtual size: 812KB

.data
Size: 15KB - Virtual size: 73KB

.rsrc
Size: 288KB - Virtual size: 308KB