3093ea29a8825b0c1f4771736445fd1c

Sharing

Copy URL Twitter E-mail

General

Target

3093ea29a8825b0c1f4771736445fd1c
Size

552KB
MD5

3093ea29a8825b0c1f4771736445fd1c
SHA1

3678a4c206b7897da35435138c695e0c0877c5ea
SHA256

507d919953b2a69cab59739ee281d1dcfb4dc4ff0b08eb3b06e726762707bd29
SHA512

609b0ff111d01235a8ce146da1fc9782ec084fe26a424d8ae5f9787119c5925171984e3da8b843b769258a256196fd8c54ae6233c66bc377efd512e2ffe6e894
SSDEEP

12288:eNgAxzzdTCCJ3OS4lOrwVAxM3N78F4FRcMtVb5ZA2HcpYt:mK4mFRH/VZALpYt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3093ea29a8825b0c1f4771736445fd1c

Files

3093ea29a8825b0c1f4771736445fd1c
.exe windows:4 windows x86 arch:x86

a55e7d7fcf5700d03b0e204288739221

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

libjpegdll

ord29
ord8
ord11
ord19
ord20
ord49
ord51
ord41
ord28
ord52
ord42
ord23
ord50
ord53
ord21
ord30
ord4
ord2
ord5
ord38
ord3
ord43
ord39
ord27
ord1
ord48

mfc71u

ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord2366
ord6061
ord1894
ord3678
ord3590
ord572
ord760
ord1156
ord5148
ord3204
ord1925
ord3155
ord1271
ord1058
ord1270
ord5633
ord2361
ord602
ord347
ord3635
ord3435
ord5178
ord4206
ord4729
ord4884
ord1662
ord1661
ord1542
ord5908
ord1392
ord5199
ord4256
ord605
ord587
ord6086
ord4347
ord2077
ord1536
ord4226
ord2985
ord3158
ord354
ord1785
ord4123
ord4574
ord6301
ord3644
ord3471
ord4126
ord1999
ord1293
ord4125
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4358
ord4704
ord4790
ord4957
ord4371
ord4370
ord4281
ord4788
ord4942
ord4194
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord6273
ord4553
ord4914
ord4514
ord4513
ord4908
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4383
ord4974
ord4165
ord4172
ord4581
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord1610
ord5147
ord5202
ord3338
ord1351
ord5162
ord1553
ord2711
ord4267
ord410
ord648
ord4292
ord4337
ord2413
ord2414
ord2415
ord2412
ord2411
ord5485
ord2261
ord2918
ord4668
ord4667
ord709
ord501
ord783
ord4026
ord310
ord578
ord3383
ord631
ord2742
ord2745
ord2279
ord2271
ord386
ord1431
ord1240
ord2896
ord4535
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord566
ord757
ord4320
ord2239
ord1064
ord1118
ord1110
ord5971
ord1049
ord3824
ord5712
ord4094
ord2085
ord3238
ord2365
ord1274
ord1946
ord6302
ord6063
ord442
ord807
ord4922
ord3104
ord1021
ord2121
ord4100
ord496
ord2797
ord4078
ord6167
ord6279
ord715
ord1634
ord1572
ord3286
ord620
ord3756
ord1545
ord3189
ord5803
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord777
ord6160
ord3103
ord2460
ord5398
ord2011
ord860
ord5558
ord1086
ord1079
ord5524
ord3990
ord266
ord5484
ord265
ord4074
ord3927
ord899
ord896
ord1472
ord1176
ord6002
ord283
ord1236
ord3390
ord293
ord776
ord6172
ord774
ord6166
ord557
ord2311
ord745
ord762
ord6111
ord2926
ord282
ord2895
ord870
ord1479
ord280
ord577
ord5711
ord1178
ord1182
ord764
ord5043
ord1198

msvcr71

_wcsicmp
_wtoi
memmove
wcslen
wcsftime
_wsetlocale
strncpy
realloc
malloc
_ultoa
wcsncpy
_strnicmp
_wsplitpath
_snprintf
sprintf
swprintf
fputws
fwprintf
_wstat
_time64
_localtime64
_wfindfirst64
_findclose
wcscmp
_wfindnext64
_wfopen
fscanf
fgetws
wcsncmp
swscanf
fclose
_CxxThrowException
??0exception@@QAE@ABV0@@Z
free
_mktime64
_except_handler3
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
ceil
floor
_mbscmp
mbstowcs
wcscpy
wcschr
wcsrchr
wcsstr
_vsnwprintf
wcstombs
sscanf
_purecall
_snwprintf
strncmp
calloc
_wunlink
wcscat
_errno
_wstat64
_close
_wopen
modf
_CIpow
_wcstoi64
_wtof
wcsspn
_wtoi64
_wcsnicmp
_wcsicoll
isalpha
setlocale
_control87
_beginthreadex
_endthreadex
toupper
islower
memset
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_wmkdir
_c_exit

kernel32

GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
MoveFileW
CopyFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
WideCharToMultiByte
CreateDirectoryW
RemoveDirectoryW
CloseHandle
GetLastError
CreateMutexW
LocalFree
LocalAlloc
GetSystemDefaultLCID
GetUserDefaultLCID
GetModuleFileNameW
HeapFree
HeapAlloc
GetProcessHeap
GetDateFormatW
GetTimeFormatW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTimeZoneInformation
GetProcAddress
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetFileSize
CreateFileW
SetFilePointer
SetFileTime
SetEndOfFile
ReadFile
WriteFile
MulDiv
FindClose
FindFirstFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
MoveFileExW
CopyFileExW
FreeLibrary
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathW
GetModuleHandleW
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
EnterCriticalSection
LeaveCriticalSection
ResetEvent
SetEvent
PulseEvent
GetCurrentThreadId
ReleaseMutex
Sleep
SetThreadPriority
GetThreadPriority
GetExitCodeThread
CreateEventW
FindNextFileW
GetSystemInfo
GlobalMemoryStatus
CreateFileA
GetVersion
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetErrorMode
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetTickCount
InterlockedExchange

user32

GetWindowRect
GetParent
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetActiveWindow
wsprintfA
KillTimer
SetTimer
SetForegroundWindow
GetWindowLongW
LoadIconW
TrackPopupMenuEx
GetSystemMetrics
LoadMenuW
GetSubMenu
EnableMenuItem
CheckMenuItem
AppendMenuW
DeleteMenu
RedrawWindow
RegisterWindowMessageW
SendMessageW
ReleaseDC
GetDC
LoadBitmapW
PostMessageW
LoadCursorW
ReleaseCapture
SetCapture
GetCapture
SystemParametersInfoW
EnableWindow

gdi32

DeleteDC
GetObjectW
CreateCompatibleDC
BitBlt
CreateDIBSection
DeleteObject

advapi32

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW

shell32

DragQueryFileW
DragFinish
DragAcceptFiles
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

ord17

shlwapi

StrRetToStrW
SHDeleteKeyW
SHDeleteValueW

ole32

StringFromGUID2
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid

oleaut32

SysFreeString
VariantClear
SysAllocString
SysStringByteLen

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CHONG
Size: 4KB - Virtual size: 155B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a55e7d7fcf5700d03b0e204288739221

Headers

File Characteristics

Imports

libjpegdll

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp71

version

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 12KB - Virtual size: 522KB

.rsrc Size: 112KB - Virtual size: 109KB

.CHONG Size: 4KB - Virtual size: 155B

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 12KB - Virtual size: 522KB

.rsrc
Size: 112KB - Virtual size: 109KB

.CHONG
Size: 4KB - Virtual size: 155B