16a9d0336e881e73399647d89adb9483

Sharing

Copy URL

Twitter E-mail

General

Target

16a9d0336e881e73399647d89adb9483
Size

740KB
MD5

16a9d0336e881e73399647d89adb9483
SHA1

971f07d096c0093326524b244e2759db7e004833
SHA256

e17607a5d7b9c0a05d5ed39ff1024e9f9e51133afb7bc56857820873c176262f
SHA512

dd34dff2d79396e2c6b4766429d12d93ed6814e352532ae0acdc4b2efd99e9c29d7559bd0d5825a7b60db853d4cd7248f76d2c9e35f73c1ff72146e87ce38697
SSDEEP

12288:yFrDtImTvD88JHfwHx7tAdZPavbBJEvpS4DQR4Oib/9i1:GrD/TvD881w43agpFm4O2i1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16a9d0336e881e73399647d89adb9483

Files

16a9d0336e881e73399647d89adb9483
.dll windows:4 windows x86 arch:x86

78db0fd689f346091c1775cb35034502

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

gdiplus

GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipNewPrivateFontCollection
GdipPrivateAddFontFile
GdipGetFontCollectionFamilyCount
GdipDeletePrivateFontCollection
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipCreateFromHDC
GdipGetFamilyName
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipBitmapSetResolution
GdipCreateBitmapFromGdiDib
GdipDeleteFontFamily
GdipAlloc
GdipCloneImage
GdipFree
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipCreateFont
GdipGetLogFontA
GdipDeleteFont

ft

FT_Set_Pixel_Sizes
FT_New_Size
FT_Render_Glyph
FT_New_Face
FT_Get_Name_Index
FT_Done_FreeType
FT_Init_FreeType
FT_Load_Glyph
FT_Get_Glyph
FT_Outline_Decompose
FT_Done_Glyph
FT_Done_Face
FT_Library_Version
FT_Set_Transform

shlwapi

PathFileExistsA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
realloc
exit
srand
rand
vfprintf
wcscmp
_access
??1type_info@@UAE@XZ
malloc
free
tolower
islower
toupper
memmove
ungetc
time
strrchr
getenv
strchr
fwrite
strcspn
sprintf
fputc
strstr
strncmp
qsort
isalpha
isxdigit
fseek
ftell
fread
_CIasin
_CIacos
printf
ceil
isspace
isalnum
isdigit
_ftol
_CIpow
_purecall
_iob
fprintf
fflush
atoi
strncpy
fgetc
strtok
fopen
sscanf
fclose
atof
floor
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_CxxThrowException
_unlink
_setmode
_fileno
isupper

mfc42

ord5683
ord4129
ord858
ord2818
ord2915
ord5572
ord533
ord5194
ord798
ord860
ord6407
ord1997
ord540
ord537
ord924
ord356
ord941
ord323
ord2770
ord668
ord1640
ord2781
ord3181
ord2405
ord640
ord1641
ord2414
ord3626
ord3619
ord3663
ord800

kernel32

GetLastError
MultiByteToWideChar
GetShortPathNameA
SetEndOfFile
CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
DisableThreadLibraryCalls
LocalFree
lstrlenA
lstrcatA
GetTickCount
DeleteFileA
GetTempPathA
GetTempFileNameA
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcessId
GetFullPathNameA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetVersionExA

user32

ReleaseDC
UnionRect
SetRect
SetRectEmpty
GetDC
wsprintfA

gdi32

CreateCompatibleDC
CreateFontIndirectA
SelectObject
GetTextCharsetInfo
EnumFontsA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

oleaut32

SysFreeString
SysAllocString
VariantClear

nsexport

ord2
ord6
ord4
ord1
ord3
ord20
ord22
ord12
ord11
ord10
ord8
ord23

Exports

Exports

ExportFile

Sections

.text
Size: 500KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78db0fd689f346091c1775cb35034502

Headers

File Characteristics

Imports

shell32

gdiplus

ft

shlwapi

msvcrt

mfc42

kernel32

user32

gdi32

advapi32

oleaut32

nsexport

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 498KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 164KB - Virtual size: 163KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 40KB - Virtual size: 37KB

.text
Size: 500KB - Virtual size: 498KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 164KB - Virtual size: 163KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 40KB - Virtual size: 37KB