4fb5d1a0c6f056872fd13f1e36d99fd1

Sharing

Copy URL Twitter E-mail

General

Target

4fb5d1a0c6f056872fd13f1e36d99fd1
Size

1.4MB
MD5

4fb5d1a0c6f056872fd13f1e36d99fd1
SHA1

90419f39c9b3b24fa7113e46c1eacd0aefa75289
SHA256

dc2be930ea4a030f22ef47177c7c3131753305d187011876d3f14cd192da9b4b
SHA512

a54cd75bf082c5e7a3b1a9c9fa0e6d941ad07bec529d62cf6af2ffe51412ab12c616a9644b6429e6d5c56d0bc4ab98a8ed0b7b99a2c64e84f2ad6aae0e57acdf
SSDEEP

24576:qn46w41jcLYE3B8E0UEIY4ae2ca2lKTXLwmKDw4BA/Nu6aGQwOYbq:Becc20kQ/v2oNNs7Ybq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fb5d1a0c6f056872fd13f1e36d99fd1

Files

4fb5d1a0c6f056872fd13f1e36d99fd1
.exe windows:4 windows x86 arch:x86

aa48cc9694cb96e22db943daf829ee3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestA
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetCloseHandle
InternetAttemptConnect
HttpQueryInfoA
InternetReadFile
InternetOpenA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA

dplayx

ord4

ws2_32

gethostname
bind
recvfrom
WSARecv
getsockname
ntohs
WSAWaitForMultipleEvents
htons
WSASendDisconnect
inet_ntoa
inet_addr
gethostbyname
WSASend
htonl
socket
WSAGetLastError
WSAEventSelect
WSASocketA
select
connect
sendto
send
recv
setsockopt
__WSAFDIsSet
WSAStartup
WSACleanup
ioctlsocket
WSASetLastError
listen
accept
WSACreateEvent
WSAConnect
WSAEnumNetworkEvents
closesocket
WSAAsyncGetHostByAddr
shutdown
getsockopt
gethostbyaddr
WSAAsyncSelect
WSAAsyncGetHostByName

winmm

PlaySoundA
timeGetTime

basesvc2

?ConstructCommandLine@CAphexService@@QAEHAAVCString@@@Z
CreateService

mfc42

ord3402
ord5290
ord567
ord324
ord2302
ord1776
ord3721
ord4476
ord3061
ord1146
ord5953
ord3097
ord6136
ord941
ord2645
ord3876
ord1200
ord6134
ord2764
ord3438
ord4275
ord2614
ord4278
ord4277
ord6662
ord4202
ord4129
ord6222
ord3742
ord4220
ord2584
ord2512
ord818
ord414
ord2438
ord713
ord3654
ord5859
ord2864
ord5604
ord5875
ord2754
ord755
ord470
ord2379
ord1644
ord6270
ord542
ord3693
ord1001
ord2243
ord5937
ord2567
ord922
ord926
ord6172
ord5873
ord5789
ord2860
ord4133
ord4297
ord5788
ord283
ord940
ord6141
ord4130
ord6453
ord6283
ord5643
ord715
ord996
ord415
ord5597
ord3976
ord6877
ord3993
ord5605
ord2859
ord2152
ord6605
ord859
ord2086
ord1997
ord6407
ord5466
ord798
ord5194
ord533
ord4204
ord4448
ord4671
ord4676
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord807
ord796
ord801
ord674
ord327
ord6491
ord554
ord529
ord541
ord366
ord620
ord642
ord4457
ord1232
ord5252
ord5981
ord4427
ord1081
ord793
ord656
ord4499
ord5805
ord6929
ord6883
ord4413
ord5030
ord6282
ord6153
ord3790
ord5849
ord4981
ord6199
ord5103
ord5054
ord4337
ord6876
ord1140
ord1175
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord2370
ord4234
ord2642
ord3092
ord3803
ord6143
ord4710
ord1622
ord3089
ord2546
ord1949
ord6128
ord4881
ord6197
ord6458
ord2827
ord698
ord396
ord3437
ord911
ord5630
ord4187
ord4243
ord2582
ord4402
ord3640
ord693
ord3692
ord282
ord2753
ord640
ord1640
ord323
ord2393
ord1270
ord5785
ord5773
ord5442
ord3507
ord665
ord5186
ord354
ord6385
ord2405
ord1919
ord3711
ord783
ord3752
ord1815
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord6194
ord4023
ord4083
ord2841
ord2448
ord2784
ord538
ord6779
ord4480
ord5223
ord2455
ord2044
ord2107
ord5450
ord5834
ord5440
ord6383
ord6394
ord802
ord6567
ord4203
ord6927
ord6070
ord2116
ord5829
ord3726
ord3763
ord6874
ord5856
ord3771
ord291
ord3797
ord773
ord700
ord501
ord398
ord5710
ord6781
ord913
ord5594
ord5621
ord1771
ord4189
ord5608
ord2513
ord293
ord1188
ord472
ord5787
ord6119
ord5622
ord6569
ord5609
ord2765
ord3873
ord6928
ord6930
ord5768
ord551
ord6223
ord536
ord2454
ord1105
ord1768
ord1589
ord668
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord5861
ord1187
ord699
ord397
ord5593
ord4188
ord1138
ord912
ord3567
ord6055
ord3646
ord3701
ord500
ord772
ord6142
ord5860
ord1228
ord609
ord702
ord5601
ord3439
ord697
ord395
ord3436
ord910
ord5592
ord3584
ord543
ord803
ord5600
ord5607
ord1871
ord3811
ord2820
ord547
ord3984
ord809
ord400
ord556
ord5596
ord3441
ord2122
ord5634
ord1088
ord915
ord2431
ord6358
ord6178
ord4191
ord6880
ord4396
ord3874
ord3920
ord6334
ord1779
ord4055
ord686
ord384
ord2289
ord6696
ord2862
ord2097
ord3996
ord6007
ord3998
ord3095
ord3286
ord2813
ord5933
ord6195
ord4287
ord2452
ord3870
ord6377
ord1265
ord6402
ord3521
ord6379
ord1908
ord4259
ord3475
ord2882
ord4715
ord4284
ord1008
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord491
ord4976
ord1907
ord4258
ord4644
ord4217
ord4397
ord3577
ord5890
ord2937
ord4060
ord1780
ord1719
ord4123
ord4747
ord4752
ord826
ord1929
ord3573
ord6663
ord1002
ord3301
ord2301
ord3610
ord2737
ord2411
ord2023
ord4398
ord3582
ord616
ord3370
ord6905
ord6907
ord399
ord914
ord5595
ord3440
ord4190
ord701
ord2575
ord3574
ord5802
ord1690
ord5288
ord4465
ord2054
ord771
ord496
ord4479
ord2646
ord4431
ord2881
ord2528
ord489
ord6028
ord4478
ord3716
ord790
ord6111
ord4694
ord3719
ord2299
ord3398
ord3733
ord810
ord3499
ord2515
ord355
ord4218
ord2578
ord3317
ord1742
ord3880
ord3810
ord5951
ord497
ord3054
ord3425
ord2358
ord1654
ord1266
ord5271
ord5821
ord3662
ord812
ord1176
ord559
ord1567
ord6144
ord268
ord6242
ord5053
ord1706
ord430
ord786
ord2461
ord3318
ord6389
ord519
ord6311
ord4171
ord5445
ord703
ord404
ord3216
ord4042
ord2504

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_strlwr
_mbsspn
_mbsnbcmp
_mbsnbicmp
_mbsnbcpy
_mbscspn
toupper
strtod
_strupr
strtok
_mbschr
_mbstok
strspn
_splitpath
_makepath
ctime
fscanf
_stricmp
tolower
atof
qsort
isspace
strtol
strncat
putc
fwrite
fgetc
fgetpos
fsetpos
tmpnam
rename
fseek
ftell
strcspn
_isctype
__mb_cur_max
_pctype
_mbsupr
_mbsstr
_ismbcdigit
_strdup
_purecall
islower
isprint
isdigit
_controlfp
memmove
atol
strftime
strchr
strrchr
sscanf
remove
fgets
fprintf
strncpy
_CxxThrowException
strtoul
fread
strncmp
_ftol
_vsnprintf
fputs
fflush
fopen
strstr
fclose
atoi
_strnicmp
sprintf
_ftime
_mbsicmp
rand
realloc
free
malloc
_mbscmp
_strtime
__p___argv
localtime
clock
wcslen
_itoa
_strcmpi
_unlink
_setmbcp
__CxxFrameHandler
time
_strdate
srand
__p___argc

kernel32

InitializeCriticalSection
InterlockedDecrement
GetPrivateProfileStringA
GetSystemInfo
LoadLibraryA
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
CloseHandle
CreateFileA
GetSystemTime
GetTempPathA
SetFileAttributesA
ReleaseMutex
GetLastError
CreateMutexA
GetModuleHandleA
HeapDestroy
lstrcpyA
Sleep
CreateDirectoryA
GetFileAttributesA
Beep
GlobalUnlock
GlobalLock
GlobalAlloc
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
MultiByteToWideChar
GlobalFree
GlobalHandle
lstrlenA
GetVersion
WideCharToMultiByte
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
QueryPerformanceFrequency
CreateProcessA
CreateThread
lstrcmpiA
OutputDebugStringA
GetFileInformationByHandle
CopyFileA
GetDriveTypeA
GetLogicalDriveStringsA
lstrcmpA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetFileSize
SetCurrentDirectoryA
GetCurrentDirectoryA
ReadFile
GlobalReAlloc
GlobalSize
MulDiv
GetWindowsDirectoryA
LocalFree
FormatMessageA
WinExec
lstrcatA
lstrlenW
FlushInstructionCache
GetCurrentProcess
TerminateThread
ResumeThread
ExpandEnvironmentStringsA
GetTempFileNameA
PulseEvent
SetLastError
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersionExA
lstrcpynA
MapViewOfFile
CreateFileMappingA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
FlushViewOfFile
WriteFile
GetStartupInfoA
InterlockedIncrement

user32

ShowWindow
GetSystemMetrics
SystemParametersInfoA
ReleaseCapture
FrameRect
DefWindowProcA
GetClassInfoA
GetDC
ValidateRect
KillTimer
AppendMenuA
GetMenuItemCount
MessageBeep
SetForegroundWindow
BringWindowToTop
FindWindowExA
FillRect
SetScrollRange
GetScrollPos
GetScrollRange
SetScrollPos
EnumChildWindows
SetRect
LoadBitmapA
TabbedTextOutA
DrawTextA
GrayStringA
DeleteMenu
GetMessagePos
IsClipboardFormatAvailable
GetUpdateRect
InsertMenuA
GetMenuStringA
IntersectRect
ModifyMenuA
RemoveMenu
DrawIconEx
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetDesktopWindow
IsIconic
IsCharAlphaNumericA
MessageBoxA
EqualRect
MapWindowPoints
MapDialogRect
DrawFocusRect
SetDlgItemTextA
SetWindowPos
GetDlgItem
SetWindowLongA
GetWindowLongA
DispatchMessageA
PeekMessageA
GetAsyncKeyState
TranslateMessage
EndDialog
DestroyIcon
DrawIcon
IsDialogMessageA
IsZoomed
InflateRect
InvertRect
GetCapture
DestroyCursor
CopyIcon
CallWindowProcA
SetParent
GetMenuItemID
ScrollDC
GetIconInfo
UnionRect
DrawFrameControl
DrawStateA
CreateIconFromResource
CreateIconIndirect
GetSysColorBrush
RegisterWindowMessageA
GetMessageA
GetDCEx
LockWindowUpdate
DestroyWindow
CreateWindowExA
RegisterClassA
SetCursor
SetCapture
PtInRect
LoadMenuA
GetSubMenu
SetMenuDefaultItem
OffsetRect
SetRectEmpty
GetParent
LoadIconA
GetSysColor
GetClientRect
InvalidateRect
GetMenu
IsMenu
GetMenuItemInfoA
EnableMenuItem
DrawMenuBar
IsWindow
IsChild
TranslateAcceleratorA
IsWindowVisible
GetFocus
GetClassNameA
GetCursorPos
WindowFromPoint
SetFocus
PostMessageA
ScreenToClient
ChildWindowFromPointEx
GetActiveWindow
EnableWindow
LoadAcceleratorsA
SendMessageA
LoadCursorA
GetWindowDC
ReleaseDC
LoadImageA
UpdateWindow
wsprintfA
RedrawWindow
GetWindowRect
SetTimer
ClientToScreen
CheckMenuRadioItem
CheckMenuItem
GetKeyState
ClipCursor
CopyRect
IsRectEmpty
GetMenuState

gdi32

EnumFontsA
GetCharWidthA
Ellipse
RealizePalette
CreateDCA
GetSystemPaletteEntries
CreateDIBitmap
EndPage
EndDoc
AbortDoc
StartDocA
SetROP2
Polyline
Rectangle
SetBkColor
CreateDIBSection
SetTextColor
GetTextExtentPoint32A
GetROP2
Polygon
GetTextColor
GetTextMetricsA
CreateSolidBrush
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
SetPixelV
SetDIBColorTable
GetPaletteEntries
DeleteDC
BitBlt
GdiFlush
StartPage
SetBkMode
CreateFontIndirectA
GetObjectA
CreateFontA
GetDeviceCaps
AddFontResourceA
RemoveFontResourceA
SelectObject
CreatePen
GetCurrentObject
GetCurrentPositionEx
GetPixel
SetPixel
CreatePalette
DeleteObject
StretchDIBits
GetBkColor
CreateCompatibleDC

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
ExtractIconA
SHFileOperationA
SHGetFileInfoA
ShellExecuteA
SHGetPathFromIDListA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount

ole32

OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
GetErrorInfo
SysAllocString
VariantClear
LoadRegTypeLi
SysStringLen
DispCallFunc
VariantChangeType
VariantCopy
SysFreeString
SetErrorInfo
CreateErrorInfo

msvfw32

DrawDibDraw
DrawDibRealize
DrawDibOpen
DrawDibClose

dsound

ord1

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa48cc9694cb96e22db943daf829ee3f

Headers

File Characteristics

Imports

wininet

dplayx

ws2_32

winmm

basesvc2

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvfw32

dsound

version

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 100KB - Virtual size: 246KB

.rsrc Size: 148KB - Virtual size: 146KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 100KB - Virtual size: 246KB

.rsrc
Size: 148KB - Virtual size: 146KB