7138116c334cf6c746f502db5defccbe

Sharing

Copy URL Twitter E-mail

General

Target

7138116c334cf6c746f502db5defccbe
Size

696KB
MD5

7138116c334cf6c746f502db5defccbe
SHA1

ac56b8050aba290033b3db3dd9f1d5e0d747d12b
SHA256

dcf3417176258aa7bbb74102e183dba99411407f1551014a9aa2af42dbbb1425
SHA512

633dcdd84637e1ce8a6f56b40b6f72d6188134a4162bbeb59fb423791512c471e0e9a0c281da76c437e28c0e0578160261e175a0b85b8de0e0df3fda13e70abb
SSDEEP

12288:4y7E4rgzkg42vxRyxfhRtPjz5JwZz2w5EEhxplD:bgOMkg4KxRgRtLVJwh2w5EE/pB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7138116c334cf6c746f502db5defccbe

Files

7138116c334cf6c746f502db5defccbe
.exe windows:4 windows x86 arch:x86

e6824a400818ba984d8b7fd874704973

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushConsoleInputBuffer
MultiByteToWideChar
SetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
WideCharToMultiByte
GlobalUnlock
GetProcAddress
GetComputerNameA
GetStdHandle
CreatePipe
GetCurrentThreadId
GlobalMemoryStatus
GetModuleHandleA
GetLastError
CloseHandle
GetCurrentProcess
FreeLibrary
LoadLibraryA
VirtualFreeEx
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
lstrcpynA
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
AllocConsole
GlobalLock
GlobalAlloc
GlobalFree
FormatMessageA
LocalFree
SetConsoleCtrlHandler
OpenEventA
FreeConsole
CreateEventA
CopyFileA
SetEvent
DuplicateHandle
GetModuleFileNameA
GetVersionExA
GetSystemInfo
VirtualQueryEx
GetEnvironmentVariableW
ReadFile
SetStdHandle
WriteFile
DeleteFileA
CreateProcessA
TerminateProcess
Sleep

user32

GetWindowTextLengthA
GetDesktopWindow
GetCursorPos
WindowFromPoint
DestroyWindow
GetClientRect
GetDC
SendMessageA
CreateWindowExA
CloseDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
SetUserObjectSecurity
GetUserObjectSecurity
SetRect
DefWindowProcA
IsWindow
SetPropA
GetUserObjectInformationA
OpenInputDesktop
PostMessageA
SetThreadDesktop
GetThreadDesktop
VkKeyScanA
keybd_event
mouse_event
GetWindowRect
GetClassNameA
GetForegroundWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ExitWindowsEx
RegisterClassA
SetCursorPos
CloseWindowStation
GetWindowThreadProcessId
AttachThreadInput
GetCursor
GetIconInfo
DrawIconEx
ReleaseDC

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDIBits
DeleteDC
SelectObject
DeleteObject

advapi32

DeleteService
GetTokenInformation
AddAccessAllowedAce
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
LogonUserA
ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
RegDeleteKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
ControlService
QueryServiceStatus
AdjustTokenPrivileges
RegCreateKeyA
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
GetUserNameA
LookupAccountNameA
IsValidSid
GetLengthSid
CopySid
RegSetValueExA
RegDeleteValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

oleaut32

VariantClear

msvcrt

free
??3@YAXPAX@Z
_stricmp
??2@YAPAXI@Z
strstr
_strlwr
atoi
strchr
_strnicmp
__CxxFrameHandler
??1type_info@@UAE@XZ
malloc
_access
strtok
atol
strncmp
sprintf
swprintf
_wcsicmp
_ftol
fclose
ftell
fread
fseek
fopen
fwrite
fflush
fgets
strrchr
memmove
_purecall
printf
_mbslen
_mbscmp
_fdopen
_open_osfhandle
setvbuf
_iob
_vsnprintf
_except_handler3
__dllonexit
_onexit
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
getenv
strerror
bsearch
strncpy
localtime
memchr
time
_getch
_stat
signal
fputs
_fileno
sscanf
_setmode
_errno
gmtime
strcmp
fprintf
abort
_CxxThrowException
clock
tolower
qsort
realloc
_isctype
__mb_cur_max
_pctype
_endthreadex
_beginthreadex
srand
rand

msvcp60

??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

ws2_32

htons
WSAGetLastError
listen
accept
inet_ntoa
connect
recv
closesocket
gethostbyname
inet_addr
__WSAFDIsSet
select
ntohs
getsockname
bind
send
setsockopt
ioctlsocket
socket
sendto
recvfrom
WSAStartup
WSACleanup
htonl
shutdown
WSASetLastError

Sections

.text
Size: 496KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6824a400818ba984d8b7fd874704973

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

msvcrt

msvcp60

avicap32

ws2_32

Sections

.text Size: 496KB - Virtual size: 493KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 140KB - Virtual size: 149KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 496KB - Virtual size: 493KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 140KB - Virtual size: 149KB

.rsrc
Size: 4KB - Virtual size: 16B