350636dea408798e5758ddf4e76424a9

Sharing

Copy URL Twitter E-mail

General

Target

350636dea408798e5758ddf4e76424a9
Size

912KB
MD5

350636dea408798e5758ddf4e76424a9
SHA1

c0a4cae41b2c723260ed3f91d181a4cb56d31839
SHA256

4a1dd66fda918089440d0fd6cabe591f873a5db2c82122df14026c1edb5c49f6
SHA512

e253657497017ff92367f896c25982238f041af4ae8a8788847eceea5582f0806fe9eceae10d1736d7139716c4342a569995acd235a85ba1e35c0d3b89f80fee
SSDEEP

12288:crUvqktQ2E8Qp8iI8LGFvrubW9nF753eiiEJOwYfPIv119VquNQTU5uWHUMcGcAk:crUyJbYFtOiiBwWQv10YQwkWHUMcG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
350636dea408798e5758ddf4e76424a9

Files

350636dea408798e5758ddf4e76424a9
.exe windows:4 windows x86 arch:x86

00e6017fcf18616fa9ebcca6f2f8bf2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord5252
ord4427
ord3623
ord366
ord674
ord2841
ord4242
ord5572
ord2107
ord5450
ord5440
ord6383
ord6394
ord1841
ord4241
ord4589
ord4588
ord4899
ord4370
ord4892
ord4533
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord2091
ord4432
ord364
ord784
ord5037
ord2136
ord1199
ord1601
ord6467
ord2546
ord2863
ord1176
ord291
ord4235
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5082
ord1709
ord1712
ord6053
ord5234
ord6369
ord5279
ord5248
ord2444
ord3598
ord642
ord327
ord1233
ord4454
ord4497
ord4759
ord5063
ord5053
ord941
ord538
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord541
ord801
ord561
ord3521
ord6402
ord1200
ord2763
ord5683
ord2621
ord1134
ord1247
ord4204
ord6117
ord2092
ord5484
ord2725
ord5651
ord3127
ord3616
ord665
ord5710
ord6883
ord1979
ord5186
ord3178
ord4058
ord2781
ord350
ord354
ord1980
ord668
ord2770
ord356
ord6143
ord6930
ord4278
ord6283
ord5442
ord1945
ord4341
ord4349
ord4723
ord4890
ord4964
ord4961
ord1726
ord813
ord560
ord4273
ord6663
ord4464
ord6929
ord3481
ord2252
ord5308
ord4779
ord5811
ord5482
ord2032
ord4447
ord4335
ord4863
ord4975
ord967
ord3717
ord2358
ord2362
ord816
ord562
ord3797
ord3573
ord6385
ord3318
ord926
ord3701
ord772
ord6142
ord5860
ord5100
ord2450
ord4476
ord2116
ord5088
ord4362
ord1842
ord5054
ord2087
ord4457
ord6195
ord3870
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord5030
ord4413
ord2233
ord2152
ord4287
ord4499
ord4337
ord4793
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord2259
ord4836
ord4440
ord4541
ord2567
ord4732
ord3719
ord793
ord2114
ord4694
ord1105
ord5857
ord5861
ord5858
ord547
ord3811
ord6282
ord3634
ord610
ord654
ord287
ord341
ord384
ord686
ord4456
ord4508
ord6131
ord6216
ord4125
ord6139
ord6140
ord2060
ord2061
ord2065
ord3979
ord3981
ord6781
ord6008
ord2096
ord2393
ord3181
ord3059
ord2390
ord2723
ord4034
ord5600
ord1083
ord501
ord773
ord6157
ord1576
ord1949
ord289
ord613
ord2243
ord3876
ord3910
ord4243
ord693
ord3640
ord4402
ord2582
ord3370
ord6241
ord656
ord3610
ord3754
ord2405
ord5148
ord3914
ord6194
ord283
ord2862
ord3296
ord3287
ord2754
ord4277
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5873
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord810
ord3733
ord4271
ord5782
ord4275
ord3742
ord536
ord3873
ord6605
ord795
ord3721
ord4809
ord6888
ord4123
ord3996
ord3998
ord6007
ord2817
ord6907
ord6905
ord6675
ord3286
ord2298
ord616
ord609
ord3574
ord4396
ord2575
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord6880
ord3874
ord2859
ord2860
ord6453
ord4202
ord539
ord2764
ord4284
ord2688
ord567
ord1146
ord4424
ord3402
ord5290
ord4234
ord1776
ord6055
ord2614
ord940
ord2086
ord823
ord5856
ord4129
ord939
ord6403
ord4160
ord6199
ord3522
ord858
ord472
ord5788
ord4297
ord4133
ord6378
ord323
ord1640
ord5785
ord640
ord470
ord5789
ord5875
ord6172
ord755
ord3619
ord1168
ord1641
ord2414
ord3626
ord3571
ord3706
ord3663
ord2919
ord2915
ord6877
ord2864
ord6334
ord2645
ord924
ord2784
ord922
ord535
ord2642
ord6215
ord5981
ord537
ord2302
ord2301
ord2135
ord1175
ord6380
ord6197
ord1768
ord2379
ord4299
ord818
ord4710
ord3092
ord2370
ord825
ord3810
ord3880
ord3425
ord3054
ord4328
ord1929
ord1816
ord1133
ord5791
ord2714
ord6458
ord2089
ord2093
ord3692
ord6662
ord6720
ord6909
ord6654
ord682
ord3630
ord4400
ord2580
ord1844
ord6379
ord6242
ord6170
ord4267
ord324
ord540
ord860
ord2818
ord641
ord800
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136

msvcrt

_stricmp
_mkdir
_mbsnbcpy
calloc
__dllonexit
_onexit
_splitpath
isxdigit
isalpha
_filelength
fread
strncpy
_snprintf
rename
_mbscmp
isdigit
atol
_tell
_chsize
_write
_open
_close
_read
_lseek
time
sscanf
memmove
rand
srand
_purecall
__CxxFrameHandler
strtoul
_except_handler3
?terminate@@YAXXZ
fclose
fwrite
fopen
strstr
strchr
??1type_info@@UAE@XZ
_exit
_XcptFilter
free
malloc
_mbsicmp
strrchr
atoi
exit
_acmdln
sprintf
_CxxThrowException
_strdup
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_setmbcp
_mbspbrk
wcslen
wcscpy
realloc
isprint
_mbsnbcmp
__p___argv
_strlwr
_itoa
_strupr
_strcmpi
_strnicmp
_ftol
_mbschr

kernel32

LeaveCriticalSection
SetEvent
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
GetCurrentProcess
TerminateProcess
GetProfileIntA
GetVersionExA
GlobalMemoryStatus
GetSystemInfo
_lopen
_llseek
_lread
_lcreat
_lwrite
_lclose
FindResourceA
LoadResource
LockResource
DeleteFileA
IsDBCSLeadByte
ExpandEnvironmentStringsA
lstrcpynA
FindFirstFileA
FindClose
OpenFileMappingA
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
lstrlenA
MultiByteToWideChar
ExitProcess
UnmapViewOfFile
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
CopyFileA
CreateThread
CreateMutexA
GetLastError
CloseHandle
CreateProcessA
WaitForSingleObject
GetTickCount
GetCurrentThreadId
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
EnterCriticalSection
CreateFileA
Sleep
lstrcatA
GetCurrentDirectoryA
ReadFile
SetFilePointer
MoveFileA
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
SetFileAttributesA
GetTempPathA
GetStartupInfoA
lstrcmpiA
GetCPInfo
lstrlenW
lstrcmpA
VirtualQuery
IsBadReadPtr
IsBadWritePtr
lstrcpyA
GetVersion
FindResourceExA
GlobalSize
SizeofResource
GetFileSize
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
ResetEvent
FindNextFileA

user32

CopyRect
GetSystemMetrics
OffsetRect
UnregisterHotKey
RegisterHotKey
AppendMenuA
GetSystemMenu
SetWindowLongA
wsprintfA
IsZoomed
CreatePopupMenu
SystemParametersInfoA
IsIconic
WindowFromPoint
FindWindowA
DrawEdge
DrawIconEx
ClientToScreen
DispatchMessageA
TranslateMessage
GetKeyboardState
ToAscii
CallNextHookEx
GrayStringA
TabbedTextOutA
FrameRect
DrawTextA
DrawFocusRect
GetSysColor
SetCursor
GetCursorPos
ScreenToClient
PtInRect
DestroyCursor
InvalidateRect
LoadCursorA
LoadBitmapA
IsWindowVisible
UpdateWindow
GetDC
ReleaseDC
RedrawWindow
KillTimer
PostMessageA
LoadIconA
IsWindow
GetActiveWindow
SetActiveWindow
WindowFromDC
InflateRect
GetWindowDC
CloseClipboard
OpenClipboard
SetClipboardData
EmptyClipboard
GetCapture
EndDeferWindowPos
BeginDeferWindowPos
EqualRect
CreateCursor
GetAsyncKeyState
DefWindowProcA
GetClassInfoA
SetRectEmpty
GetDlgCtrlID
SetPropA
GetWindowRgn
IsRectEmpty
FillRect
InvertRect
DrawFrameControl
GetClassNameA
IsMenu
GetNextDlgTabItem
GetNextDlgGroupItem
DrawStateA
GetIconInfo
DrawIcon
AdjustWindowRectEx
ShowScrollBar
ChildWindowFromPointEx
GetMenuItemInfoA
ModifyMenuA
GetMenuState
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadCursorFromFileA
GetWindow
ClipCursor
GetClipCursor
IntersectRect
SetFocus
IsChild
GetKeyState
GetCursor
MessageBeep
GetWindowRect
SetWindowRgn
GetFocus
GetClientRect
SetForegroundWindow
BringWindowToTop
SetTimer
EnableWindow
SendMessageA
DestroyIcon
LoadImageA
GetMessageA
PeekMessageA
ValidateRect
GetMessagePos
RegisterWindowMessageA
GetDesktopWindow
SetRect
GetMenu
GetParent
GetWindowLongA
GetMenuItemCount
GetSubMenu
GetMenuItemID
EnumChildWindows
GetWindowTextA
UnhookWindowsHookEx
SetWindowsHookExA
VkKeyScanA
keybd_event
SetWindowPos
CreateWindowExA
ReleaseCapture
UnionRect
EnumWindows
SetCapture
ShowWindow
MessageBoxA

gdi32

TextOutA
PtVisible
SelectObject
RectVisible
GetTextColor
SetPixel
DeleteObject
CreateRectRgnIndirect
CreateCompatibleBitmap
GetTextExtentPoint32A
CreateCompatibleDC
BitBlt
CreateFontA
CreateRectRgn
GetObjectA
CombineRgn
GetRgnBox
OffsetRgn
BeginPath
EndPath
PathToRegion
Escape
LineDDA
CreateBitmap
GetPixel
CreateSolidBrush
GetDeviceCaps
GetBkColor
CreateFontIndirectA
CreateRoundRectRgn
GetNearestColor
ExtTextOutA
SetDIBitsToDevice
GetDIBColorTable
CreateHalftonePalette
GetCurrentObject
GetTextAlign
GetRegionData
PatBlt
GetTextExtentPoint32W
CreatePalette
DeleteDC
CreateDIBitmap
RealizePalette
SelectPalette
StretchBlt
CreateDIBSection
GetStockObject
SetStretchBltMode
ExtCreateRegion
CreatePolygonRgn
LPtoDP
GetROP2
GetTextMetricsA
FrameRgn
FillRgn
GetBkMode
CreatePatternBrush
Ellipse
Arc
CreatePen
Rectangle
GetSystemPaletteEntries
GetPaletteEntries
SetBkColor
SetTextColor
SetMapMode

advapi32

QueryServiceStatus
GetUserNameA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegDeleteKeyA
RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
RegEnumKeyA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHAppBarMessage
ExtractIconExA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_GetImageInfo
ImageList_AddMasked
_TrackMouseEvent
ImageList_GetIcon

ole32

StringFromGUID2
CLSIDFromProgID
CreateStreamOnHGlobal

oleaut32

SysFreeString
SystemTimeToVariantTime

wsock32

setsockopt
htonl
bind
htons
connect
WSASetLastError
socket
getsockname
inet_ntoa
closesocket
WSAGetLastError
ioctlsocket
gethostbyname
inet_addr

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

shlwapi

PathCanonicalizeA
PathCombineA
PathRemoveFileSpecA
UrlEscapeA
PathAppendA
PathIsDirectoryA
PathFindFileNameA

iphlpapi

GetAdaptersInfo

winmm

PlaySoundA

olepro32

ord251

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00e6017fcf18616fa9ebcca6f2f8bf2a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

wsock32

version

msvcp60

shlwapi

iphlpapi

winmm

olepro32

Sections

.text Size: 748KB - Virtual size: 747KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 24KB - Virtual size: 55KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 748KB - Virtual size: 747KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 24KB - Virtual size: 55KB

.rsrc
Size: 32KB - Virtual size: 30KB