069b15fb0d7729726a4460ca4b9fb3ad

Sharing

Copy URL Twitter E-mail

General

Target

069b15fb0d7729726a4460ca4b9fb3ad
Size

125KB
MD5

069b15fb0d7729726a4460ca4b9fb3ad
SHA1

e19e96cb675816d9c47e51f3ba66e1fd202b5832
SHA256

d47ee54209a54d4144ec3fdf8643a2e13a564b89f104115b32e7dbe1f7201b91
SHA512

b7ade9d1039c4671bbadb8eba092bfb48f8418290e62a4e089d405da3c3e534d4600d02c3c3e52b21d27fce277fb5dc9cfd0ea2d5d87b911ff39ca29f642a2f2
SSDEEP

3072:lg1U4rfNf/Ub04f1fui01tOMzc0FVGPt38jjBPK+TEcHwrDqXsjhBnc0iSC:lWFHUV1fu/1vz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
069b15fb0d7729726a4460ca4b9fb3ad

Files

069b15fb0d7729726a4460ca4b9fb3ad
.exe windows:1 windows x86 arch:x86

1e1f95cf434da402505443b4055e9ade

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableWindow
GetDlgItem
SetWindowLongA
SetDlgItemTextA
GetDlgItemTextA
wsprintfA
SendDlgItemMessageA
LoadStringA
SetFocus
IsDlgButtonChecked
PostMessageA
GetMenu
GetSubMenu
GetMenuItemCount
SetMenuDefaultItem
GetClientRect
MapWindowPoints
TrackPopupMenuEx
LoadImageA
DestroyIcon
UnregisterClassA
MsgWaitForMultipleObjects
PeekMessageA
CheckDlgButton
GetWindowLongA
EndDialog
SendMessageA
IsWindow
GetForegroundWindow
SetTimer
SetForegroundWindow
PostQuitMessage
DialogBoxParamA
DestroyWindow
KillTimer
LoadIconA
LoadCursorA
LoadAcceleratorsA
GetMessageA
TranslateMessage
DispatchMessageA
TranslateAcceleratorA
FindWindowA
CreateWindowExA
RegisterClassA
DefWindowProcA
MessageBeep
SetDlgItemInt

kernel32

GetFileSize
GlobalAlloc
GetStartupInfoA
GetModuleHandleA
GetExitCodeThread
CreateDirectoryA
GetFileAttributesA
InterlockedDecrement
GetTickCount
InterlockedIncrement
WriteFile
CreateFileA
OpenProcess
ReadFile
LoadLibraryA
GetProcAddress
WritePrivateProfileStringA
lstrlenA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
WaitForSingleObject
OpenEventA
ReleaseSemaphore
CreateThread
SetEvent
CreateFileMappingA
GetLastError
CreateMutexA
CloseHandle
OpenSemaphoreA
CreateSemaphoreA
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
LocalFree
Sleep
lstrcatA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
FindClose
FindNextFileA
DeleteFileA
lstrcpyA
FindFirstFileA
LocalAlloc
GlobalFree
CreateEventA
TerminateThread
lstrcmpA
lstrcmpiA
GetDiskFreeSpaceA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyExA

shell32

Shell_NotifyIconA

moscl

_OpenMOSSession@8
_InitMOS@8
_OpenMOSConnection@16
_CloseMOSSession@4
_CloseMOSConnection@4
_TerminateMOS@0

mcm

MosErrorExP
g_GuidePID
SetMosGlobalSetting
PBKSyncBackground
GetMosGlobalSetting
vhDlgCon
FGuideIsDead
FAskApps2Disconnect
FGetGoWord
MsgWaitForSingleObject
vMCMFailOpeningSession
vMCMError
FGetDeviceID
FCheckActiveSockets
HandleHelp
FIsMSNDialup
FInsureModemTAPI
IfTCPthenSecurityCheck
vMCMNeedSecurityReboot
ChangeConnectionSettings
FGetPortDetails
??0CAuthenticator@@QAE@PBD0HK@Z
?StAuthenticate@CAuthenticator@@QAE?AW4AuthStatus@@PAUIMosUniversal@@PAI@Z
vfInitMos
IfTCPthenUpdateOhare
MosErrorP
g_cOpenSessions
vfOnline
??1CAuthenticator@@QAE@XZ
LoadAndCallW
MCMCloseSession
FIsTCP

mosmisc

FRegistryKeyExists
SetRegistryRaw
FGetRegistryDword
FGetPreferenceBool
CenterDlg
PVReadRegSt
GetSz
DeleteRegistryValue
FWriteRegSt
FFindMSNFile

moscc

InitCustomControls

crtdll

_XcptFilter
_local_unwind2
_global_unwind2
strncmp
srand
memmove
exit
_exit
strcat
strchr
strcpy
strlen
memcpy
??3@YAXPAX@Z
memset
__GetMainArgs
_acmdln_dll
_initterm
_commode_dll
_fmode_dll
rand
??2@YAPAXI@Z

Exports

Exports

??4CAuthenticator@@QAEAAV0@ABV0@@Z
??_ECAuthenticator@@QAEPAXI@Z
??_FCAuthenticator@@QAEXXZ
??_GCAuthenticator@@QAEPAXI@Z
?FInitialized@CAuthenticator@@QAEHXZ
?PhContext@CAuthenticator@@QAEPAU_SecHandle@@XZ
SzExpandDataCenter

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e1f95cf434da402505443b4055e9ade

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

moscl

mcm

mosmisc

moscc

crtdll

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.bss Size: - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 12B

.edata Size: 512B - Virtual size: 346B

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 5KB - Virtual size: 7KB

.text
Size: 28KB - Virtual size: 28KB

.bss
Size: - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 12B

.edata
Size: 512B - Virtual size: 346B

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 5KB - Virtual size: 7KB