2d97371241043f05581bd9ebde4741ab

Sharing

Copy URL Twitter E-mail

General

Target

2d97371241043f05581bd9ebde4741ab
Size

604KB
MD5

2d97371241043f05581bd9ebde4741ab
SHA1

e48e3c588c7687f31f2674487741c20efb882d50
SHA256

53b3c6b1268f6ec4c45151b955a9c77f2512e5000f9644e443ad0c1402d08d13
SHA512

51ff83e1c1768b7646ef7bc9979d332836e31d865789fec6f69a4fd053b3762e15270cd545de0437eec901e27bd939cf23d6fe8fbcdc56cfac620cf25b9af03a
SSDEEP

12288:eKtPOgbiSYiTjbx7eI2LQkDD3LP13D0FisTiJmn6P:eQreFLQIJiis

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d97371241043f05581bd9ebde4741ab

Files

2d97371241043f05581bd9ebde4741ab
.exe windows:4 windows x86 arch:x86

a2e7c0986fc0e5d40a17c424c79e37a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathA

comctl32

ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
_TrackMouseEvent
ImageList_GetIconSize
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_Draw
ord17

wsock32

WSAStartup
ntohs

asmngr

?StopSpeaking@assistant@@YAHXZ
?UnLoadAssistant@assistant@@YAXH@Z
?LoadAssistant@assistant@@YAHH@Z
?ShowAssistant@assistant@@YAH_N@Z
?HideAssistant@assistant@@YAHH@Z
?ShowToolTip@assistant@@YAHH@Z

mfc71

ord2991
ord3317
ord572
ord354
ord1794
ord6119
ord4580
ord3761
ord4118
ord908
ord305
ord3997
ord6168
ord709
ord501
ord2468
ord2367
ord5563
ord744
ord5491
ord6174
ord5346
ord5097
ord556
ord2164
ord1486
ord2272
ord6020
ord4125
ord5613
ord326
ord4081
ord5710
ord2451
ord1917
ord5154
ord1916
ord4353
ord1279
ord5637
ord602
ord1966
ord347
ord758
ord1929
ord567
ord4648
ord4394
ord4692
ord3401
ord2719
ord3204
ord356
ord4115
ord3989
ord1425
ord3684
ord3423
ord1545
ord6120
ord1377
ord4232
ord587
ord5833
ord6172
ord6178
ord3596
ord760
ord4078
ord6037
ord3835
ord1395
ord2264
ord3287
ord3163
ord4100
ord2094
ord3244
ord1955
ord3255
ord2346
ord5640
ord5641
ord2075
ord2234
ord1580
ord2233
ord5727
ord5331
ord6297
ord5320
ord6286
ord1031
ord6236
ord1647
ord1589
ord739
ord6040
ord6041
ord2306
ord2263
ord259
ord1283
ord2371
ord6017
ord1971
ord2938
ord1092
ord3233
ord423
ord660
ord4063
ord866
ord5466
ord3574
ord3454
ord1554
ord3195
ord620
ord3348
ord2074
ord3437
ord1550
ord599
ord3430
ord3488
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord657
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord591
ord4001
ord4123
ord502
ord5647
ord5059
ord4761
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord783
ord300
ord5402
ord2466
ord577
ord293
ord776
ord5182
ord4890
ord2020
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord6275
ord4185
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4262
ord578
ord651
ord2168
ord764
ord762
ord3210
ord1934
ord3161
ord1280
ord5214
ord4240
ord1402
ord5915
ord1591
ord2095
ord4320
ord5731
ord741
ord605
ord5203
ord5073
ord3441
ord3641
ord1248
ord5403
ord1740
ord759
ord330
ord5642
ord266
ord589
ord1930
ord559
ord747
ord3174
ord2368
ord570
ord3336
ord4261
ord4481
ord2942
ord2838
ord5567
ord5213
ord5230
ord4569
ord3948
ord2249
ord5227
ord5224
ord2931
ord1920
ord1187
ord1191
ord1903
ord1091
ord2657
ord265
ord757
ord566
ord2131
ord3934
ord1024
ord304
ord865
ord2271
ord4109
ord2469
ord4036
ord1084
ord1482
ord2933
ord299
ord6118
ord2902
ord1489
ord297
ord784
ord907
ord911
ord557
ord1185
ord745
ord4735
ord4212
ord4035
ord876
ord6067
ord5529
ord4108
ord781
ord2322
ord1564
ord6065
ord563
ord3397
ord1009
ord2160
ord6283
ord6090
ord310
ord416
ord2372
ord1063

msvcr71

_chdir
_mkdir
_stricmp
_strcmpi
_get_osfhandle
fflush
_chsize
rewind
fread
ftell
fwrite
fseek
_fsopen
_strtime
_strdate
_fileno
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
__CxxFrameHandler
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
strchr
sprintf
_mbsnbcpy
_vsnprintf
strrchr
memset
_snprintf
_beginthreadex
strtoul
realloc
atol
isdigit
strtol
_strlwr
_strnicmp
_mbsnbcmp
_mbsicmp
_itoa
_mbslwr
_mbsstr
_mbsrchr
mbstowcs
_purecall
toupper
_mbscmp
fopen
fgets
fclose
rand
_controlfp
malloc
strncmp
isprint
_time64
_mktime64
free
_except_handler3
strstr
strncpy

kernel32

HeapReAlloc
InterlockedExchange
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
DebugBreak
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
RaiseException
lstrcatA
GetTempPathA
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentThreadId
MulDiv
lstrcpyA
lstrcpynA
SetUnhandledExceptionFilter
SetErrorMode
GetSystemTime
FlushFileBuffers
SetFileAttributesA
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
LockResource
GetPrivateProfileSectionNamesA
GetFileTime
TerminateThread
FindNextFileA
DeleteFileA
GetFileAttributesA
GetExitCodeThread
GetWindowsDirectoryA
FindFirstFileA
FindClose
GetTickCount
GetDateFormatA
GetTimeFormatA
GetModuleFileNameA
LocalFree
lstrlenA
lstrlenW
lstrcmpiA
WideCharToMultiByte
OutputDebugStringA
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetPrivateProfileStringA
MultiByteToWideChar
GetLocalTime
CreateFileA
GetShortPathNameA
GetFileSize
ReadFile
SetFilePointer
WriteFile
LoadLibraryA
GetProcAddress
SetLastError
FreeLibrary
GetCurrentProcess
CreateThread
GetExitCodeProcess
WaitForMultipleObjects
GetLastError
CreateProcessA
SetEvent
Sleep
ResetEvent
InterlockedIncrement
InterlockedDecrement
OpenEventA
CreateEventA
CreateMutexA
OpenFileMappingA
CreateFileMappingA
OpenMutexA
CloseHandle
WaitForSingleObject
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
GetVersion
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize

user32

FindWindowExA
EnableWindow
SendMessageA
GetDlgItem
ReleaseDC
FindWindowA
GetDesktopWindow
InvalidateRect
GetWindowRect
LoadBitmapA
GetComboBoxInfo
GetCapture
SetScrollPos
EnableScrollBar
IsWindowEnabled
GetWindowDC
SetParent
IsWindowVisible
GetAsyncKeyState
SetWindowLongA
MapWindowPoints
CallWindowProcA
GetSystemMetrics
IsRectEmpty
IsZoomed
IsIconic
GetMenuItemID
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
SetRect
WindowFromPoint
UnhookWindowsHookEx
SystemParametersInfoA
UpdateWindow
SetRectEmpty
GetMenuItemRect
UnionRect
TrackPopupMenuEx
FrameRect
GetMenuItemInfoA
GetMenuDefaultItem
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
keybd_event
GetFocus
SetWindowsHookExA
CallNextHookEx
ValidateRect
GetSysColor
OffsetRect
ReleaseCapture
GetWindowLongA
GetDlgCtrlID
SetCapture
CopyRect
GetParent
RedrawWindow
ShowWindow
GetClassNameA
ScreenToClient
GetSystemMenu
BeginPaint
EndPaint
UnregisterClassA
FillRect
DrawStateA
GetWindow
ChildWindowFromPoint
GetDC
GetClientRect
MsgWaitForMultipleObjects
PtInRect
SetCursor
SetWindowPos
ClientToScreen
SetWindowRgn
TrackMouseEvent
PostThreadMessageA
DrawTextA
GetActiveWindow
SetActiveWindow
RegisterWindowMessageA
SetFocus
ExitWindowsEx
LoadCursorA
RegisterClassA
CreateWindowExA
LoadStringA
PeekMessageA
TranslateMessage
IsWindow
DispatchMessageA
LoadIconA
PostMessageA
PostQuitMessage
DestroyMenu
LoadMenuA
GetSubMenu
SetMenuItemInfoA
InsertMenuItemA
SetMenuItemBitmaps
EnableMenuItem
SetForegroundWindow
GetCursorPos
EndDialog
KillTimer
SetTimer
GetDoubleClickTime
DefWindowProcA
TrackPopupMenu

gdi32

SetPixel
SetStretchBltMode
DeleteDC
CreateFontA
DeleteObject
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
CreateSolidBrush
SetBitmapBits
Rectangle
CreateBrushIndirect
MoveToEx
CreatePen
LineTo
TextOutA
GetBkColor
GetBkMode
SetBkColor
GetTextColor
SetBkMode
SetTextColor
GetDeviceCaps
GetTextExtentPoint32A
CreateFontIndirectA
Ellipse
CreateEllipticRgn
SetGraphicsMode
CombineTransform
SetWorldTransform
GetDIBits
CreateRectRgn
CombineRgn
CreateRoundRectRgn
GetStockObject
GetBitmapBits
CreateBitmapIndirect
GetObjectA
GetPixel
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
StretchBlt

msimg32

AlphaBlend

advapi32

SetEntriesInAclA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitiateSystemShutdownA
RegDeleteValueA
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
FreeSid
SetFileSecurityA
RegDeleteKeyA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
SHAppBarMessage

shlwapi

PathFileExistsA
PathCompactPathA

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
OleRun

oleaut32

SystemTimeToVariantTime
SysStringByteLen
VarBstrCat
SysStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VarBstrCmp
VariantInit
VariantCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SysAllocString

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

iphlpapi

GetUdpTable
GetTcpTable

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2e7c0986fc0e5d40a17c424c79e37a5

Headers

File Characteristics

Imports

shfolder

comctl32

wsock32

asmngr

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp71

iphlpapi

Sections

.text Size: 288KB - Virtual size: 287KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 240KB - Virtual size: 237KB

.text
Size: 288KB - Virtual size: 287KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 240KB - Virtual size: 237KB