46da530cf5513d0a211caeb642e1f37599e67e6620a6db0fc6475612d63c4576

Sharing

Copy URL Twitter E-mail

General

Target

46da530cf5513d0a211caeb642e1f37599e67e6620a6db0fc6475612d63c4576
Size

144KB
MD5

d6b477665e24ad26d24f4b6afa3076fd
SHA1

11ce2f838fe18b4d6c37a65042bbc3710054cd6a
SHA256

46da530cf5513d0a211caeb642e1f37599e67e6620a6db0fc6475612d63c4576
SHA512

e798ead47b190a86798aa4919e7f0c8bc0ca2e0f797f13df8822aa5653b6fb4c4149c81bbcb200ced54a424b91d97cc0d60660f5e4874e957011b1a06e2593ef
SSDEEP

1536:ZKsVkP/lD7DrnH85sbch57DeOZc4JaynlCIxJ:ZwP/Z7nc5hh57DeOZJagCw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46da530cf5513d0a211caeb642e1f37599e67e6620a6db0fc6475612d63c4576

Files

46da530cf5513d0a211caeb642e1f37599e67e6620a6db0fc6475612d63c4576
.exe windows:5 windows x86 arch:x86

7c43f7bdc1077642783d64ae9c35f989

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipCloneBrush
GdipDrawImageI
GdipDrawString
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipDeleteFont
GdipGetGenericFontFamilySansSerif
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipCreateFont
GdipFree

mfc100

ord7349
ord2878
ord2881
ord12535
ord5534
ord7437
ord10253
ord10256
ord8595
ord8610
ord8600
ord9030
ord9034
ord8612
ord10109
ord9512
ord8031
ord8021
ord10113
ord8109
ord10134
ord9093
ord9094
ord1284
ord1294
ord3390
ord6831
ord6344
ord925
ord985
ord1264
ord1276
ord1261
ord8308
ord2338
ord5252
ord12479
ord6128
ord8332
ord2215
ord3985
ord11112
ord11017
ord7348
ord2762
ord7520
ord4429
ord4430
ord5445
ord11348
ord1524
ord12488
ord5257
ord12486
ord5256
ord10395
ord5273
ord7945
ord10751
ord10746
ord4736
ord3400
ord4076
ord10459
ord9422
ord11038
ord7590
ord863
ord828
ord877
ord865
ord433
ord901
ord12154
ord2574
ord1448
ord3404
ord4143
ord7581
ord316
ord4511
ord12415
ord1544
ord12724
ord8392
ord8441
ord6690
ord1982
ord888
ord6112
ord9281
ord5098
ord11787
ord11153
ord11184
ord9449
ord7355
ord4078
ord11180
ord11172
ord5238
ord3409
ord13481
ord13484
ord13482
ord13485
ord13480
ord13483
ord7144
ord11413
ord13181
ord10922
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord8486
ord13299
ord7073
ord13301
ord11421
ord2417
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord1288
ord381
ord5803
ord8305
ord11060
ord11107
ord11025
ord2416
ord12531
ord5532
ord2752
ord2973
ord2974
ord3620
ord10360
ord10007
ord8137
ord11067
ord946
ord6678
ord8304
ord9475
ord6835
ord9185
ord9188
ord9192
ord12962
ord921
ord11179
ord10967
ord345
ord1586
ord850
ord7576
ord12672
ord1890
ord6328
ord6686
ord404
ord9282
ord12805
ord12608
ord2502
ord4961
ord5514
ord8178
ord10244
ord8292
ord11648
ord4930
ord11453
ord14124
ord14042
ord14129
ord13656
ord13875
ord13651
ord13852
ord13863
ord13717
ord8570
ord2374
ord11822
ord11029
ord3662
ord3616
ord13223
ord4744
ord4735
ord9447
ord14043
ord13803
ord13804
ord13783
ord13814
ord13784
ord963
ord9968
ord3414
ord310
ord979
ord1316
ord4188
ord423
ord3406
ord13203
ord10016
ord8307
ord6618
ord11058
ord3655
ord6207
ord2061
ord1929
ord5837
ord4283
ord3439
ord5774
ord2184
ord1900
ord7216
ord4343
ord12432
ord355
ord6107
ord5438
ord10697
ord8613
ord927
ord457
ord1004
ord2769
ord6830
ord9190
ord9191
ord1313
ord4317
ord2067
ord2063
ord6010
ord2056
ord11274
ord2818
ord13310
ord11297
ord13329
ord2626
ord5207
ord305
ord5242
ord13045
ord977
ord909
ord2524
ord2514
ord325
ord420
ord1483
ord7876
ord11744
ord306
ord14059
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord8235
ord11024
ord3395
ord10883
ord13294
ord8070
ord11154
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6127
ord10672
ord12482
ord5253
ord2337
ord11059
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8321
ord884
ord6622
ord1296
ord11420
ord2088

msvcr100

_setmbcp
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
__CxxFrameHandler3
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_CxxThrowException
free
_purecall
_controlfp_s

kernel32

GetCurrentProcess
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalAlloc
MultiByteToWideChar
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
GetTempPathA
CreateDirectoryA

user32

LoadBitmapW
UpdateWindow
wsprintfA
SendMessageA
SetWindowLongA
EnableWindow
InvalidateRect
GetWindowLongA
GetClientRect

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

ole32

StgCreateDocfileOnILockBytes
StgCreateDocfile
StgOpenStorageEx
CoUninitialize
CoInitialize
CreateILockBytesOnHGlobal

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c43f7bdc1077642783d64ae9c35f989

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

mfc100

msvcr100

kernel32

user32

shell32

ole32

oleaut32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 5KB - Virtual size: 4KB