7bcfb28cf12c3ebdc13034fb94747791

Sharing

Copy URL

Twitter E-mail

General

Target

7bcfb28cf12c3ebdc13034fb94747791
Size

858KB
MD5

7bcfb28cf12c3ebdc13034fb94747791
SHA1

1ebbd3e48f76bcc935131da85468991fb69a869a
SHA256

647c47004dae2ed66d2f482423c1ac4a333104c064234147b13ecd9fa94db6bd
SHA512

e4e45a8c1d311c5f6398258c805dc140bf5e32e51dfd119ab712e0b31f604712eb7f0933440dff0691a2eb2ba62bd7ce2581192acf920bfb55c232979bf3a6ce
SSDEEP

12288:7UXYc3bCyKYycEYM3RFb+YEDsx6qQWh9ds6D6VDBTJV3MOMNerMSBpz3IMohzA:w7ZiRFSYgsx61R6D6VDVLcOMNf+TIMo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bcfb28cf12c3ebdc13034fb94747791

Files

7bcfb28cf12c3ebdc13034fb94747791
.exe windows:5 windows x86 arch:x86

03d0cdcecec0ce35efb0aff580877560

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfcsubs

?Mid@CString@@QBE?AV1@H@Z
?GetUpperBound@CStringArray@@QBEHXZ
?AfxA2WHelper@@YGPAGPAGPBDH@Z
??BCString@@QBEPBGXZ
?FreeExtra@CString@@QAEXXZ
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
??BCSyncObject@@QBEPAXXZ
??0CString@@QAE@PBE@Z
??9@YG_NPBGABVCString@@@Z
??4CString@@QAEABV0@PBD@Z
??0CStringArray@@QAE@XZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??ACMapStringToPtr@@QAEAAPAXPBG@Z
?Lock@CCriticalSection@@QAEHXZ
??4CString@@QAEABV0@PBE@Z
?Format@CString@@QAAXIZZ
??M@YG_NABVCString@@0@Z
?Release@CString@@KGXPAUCStringData@@@Z
??1CStringArray@@UAE@XZ
??ACStringArray@@QAEAAVCString@@H@Z
??N@YG_NABVCString@@PBG@Z
?Collate@CString@@QBEHPBG@Z
?GetLength@CString@@QBEHXZ
?LockBuffer@CString@@QAEPAGXZ
??0CCriticalSection@@QAE@XZ
??YCString@@QAEABV0@G@Z
??8@YG_NABVCString@@0@Z
?ConcatInPlace@CString@@IAEXHPBG@Z
??H@YG?AVCString@@ABV0@0@Z
??4CPlex@@QAEAAU0@ABU0@@Z
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
??0CString@@QAE@PBGH@Z
??N@YG_NPBGABVCString@@@Z

sqlunirl

_SendMessageTimeout_@28
_GetLogColorSpace_@12
_SHGetPathFromIDList_@8
_GetPrivateProfileSectionNames_@12
_DeleteFile@4
_OpenWindowStation_@12
_GetNamedPipeHandleState_@28
_ReadEventLog_@28
_MAKEINTRESOURCE@4
_GetCharABCWidths_@16
_CopyMetaFile_@8
_GetFileSecurity_@20
_RegQueryValue_@16
_lstrcpyn_@12
_BeginUpdateResource_@8
_ChangeServiceConfig_@44
_GetEnhMetaFileDescription_@12
_DlgDirSelectEx_@16
_NDdeShareEnum_@24
_DrawTextEx_@24
_SetFileSecurity_@12
_FatalAppExit_@8
_NDdeIsValidAppTopicList_@4
_StartService_@12
_OpenEventLog_@8
newMultiByteFromWideCharEx
_GetCharABCWidthsFloat_@16
_PrintDlg_@4
_FreeEnvironmentStrings@4
_CallMsgFilter_@8
_DefFrameProc_@20
_ReadConsoleInput_@16

msdart

?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
MpHeapCreate
?_SubTable@CLKRHashTable@@ABEPAVCLKRLinearHashTable@@K@Z
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?IsWin2k@CMdVersionInfo@@SAHXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?_DeleteKey@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@KK@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?Size@CLKRLinearHashTable@@QBEKXZ
?Size@CLKRHashTable@@QBEKXZ
?FindKey@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?First@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
mpMalloc
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock@@1NA
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?RemoveEntry@CDoubleList@@SGXQAVCListEntry@@@Z
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
?BucketSize@CLKRHashTableStats@@SGJJ@Z
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?IsWriteLocked@CCritSec@@QBE_NXZ
?GetStatistics@CLKRLinearHashTable@@QBE?AVCLKRHashTableStats@@XZ
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA
?IsWriteUnlocked@CCritSec@@QBE_NXZ
??0CSpinLock@@QAE@XZ

kernel32

PeekNamedPipe
GetCompressedFileSizeW
RemoveLocalAlternateComputerNameW
GlobalLock
LocalReAlloc
GetTapeParameters
SetFileShortNameA
SetSystemTime
EnumDateFormatsExA
PulseEvent
lstrcpyn
MapUserPhysicalPages
GetStartupInfoW
GetTempPathW
LoadLibraryA
GlobalUnWire
GetLocaleInfoA
VirtualAlloc
WritePrivateProfileStructA
GetConsoleOutputCP
GetModuleHandleW
NlsGetCacheUpdateCount
GetLocaleInfoW
GetConsoleDisplayMode
GetProcessPriorityBoost
GetACP
OutputDebugStringA
EnumSystemLanguageGroupsW
DeleteTimerQueue
PrivCopyFileExW
MulDiv
LockFileEx
HeapCreate
SetFileApisToANSI
VerSetConditionMask
QueryDepthSList
GetEnvironmentStringsA
OpenEventA

iccvid

DriverProc

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03d0cdcecec0ce35efb0aff580877560

Headers

DLL Characteristics

File Characteristics

Imports

mfcsubs

sqlunirl

msdart

kernel32

iccvid

Sections

.text Size: 355KB - Virtual size: 355KB

.rdata Size: 359KB - Virtual size: 359KB

.data Size: 140KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 355KB - Virtual size: 355KB

.rdata
Size: 359KB - Virtual size: 359KB

.data
Size: 140KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B