8c65b0ac0d072733ce5f4ed9f8cb8a63c62e2190010b72f8663a3ad119e47250

Sharing

Copy URL Twitter E-mail

General

Target

8c65b0ac0d072733ce5f4ed9f8cb8a63c62e2190010b72f8663a3ad119e47250
Size

2.2MB
MD5

c06bfcb6079577fee0021cbf1fe9f1c9
SHA1

42a8dd0c552d5ac0b92e094499d9ea076b5c048e
SHA256

8c65b0ac0d072733ce5f4ed9f8cb8a63c62e2190010b72f8663a3ad119e47250
SHA512

710671be43a419975574f37a8f8714bbce0c3ed43a9debd77e94a92012b589e084450645c85eae73d66b11ae4055748b4033d2529768ed1752a28a0f0c8ff92a
SSDEEP

12288:BQ4vARpnTq9pGHNu4B2Uu/WFqDLPiHfh9jJB+B:aI4ru/WFqDLPAfdB+B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c65b0ac0d072733ce5f4ed9f8cb8a63c62e2190010b72f8663a3ad119e47250

Files

8c65b0ac0d072733ce5f4ed9f8cb8a63c62e2190010b72f8663a3ad119e47250
.exe windows:6 windows x64 arch:x64

d492a487d0f1d0f62d0742f087216f63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140ud

ord1203
ord1024
ord8541
ord16524
ord1631
ord8722
ord1865
ord312
ord1134
ord1863
ord6914
ord302
ord286
ord292
ord296
ord1649
ord1651
ord1652
ord3475
ord5408
ord10198
ord5579
ord1875
ord4401
ord962
ord4118
ord1503
ord377
ord4145
ord531
ord4121
ord1240
ord370
ord9781
ord8008
ord469
ord3782
ord14909
ord14907
ord14911
ord16059
ord10256
ord9753
ord4747
ord5033
ord14200
ord16462
ord16503
ord16128
ord14910
ord951
ord1495
ord384
ord1166
ord4329
ord4228
ord4231
ord13779
ord3756
ord3877
ord3876
ord4460
ord13732
ord3160
ord14938
ord6989
ord15708
ord9563
ord6044
ord16160
ord13294
ord8020
ord10195
ord15552
ord16680
ord16774
ord9216
ord16768
ord3540
ord5225
ord11172
ord6789
ord5239
ord5762
ord6272
ord5686
ord5748
ord5793
ord5716
ord5771
ord5787
ord5728
ord5734
ord5740
ord5722
ord5777
ord5710
ord2011
ord1990
ord2004
ord1978
ord1956
ord13888
ord13892
ord15915
ord3757
ord12545
ord12124
ord13253
ord8183
ord4592
ord3035
ord5227
ord4988
ord15359
ord13522
ord4350
ord13696
ord10606
ord13303
ord13302
ord6607
ord11776
ord11772
ord11774
ord11775
ord11773
ord16917
ord9555
ord11742
ord3799
ord3802
ord3652
ord3651
ord3914
ord3913
ord11965
ord12957
ord12559
ord10501
ord2874
ord4872
ord10679
ord3242
ord15769
ord7305
ord13739
ord12582
ord388
ord2314
ord14625
ord2558
ord9817
ord523
ord1234
ord4612
ord7424
ord7671
ord481
ord13784
ord10705
ord3496
ord1038
ord3744
ord1550
ord3379
ord14192
ord14926
ord2581
ord2839
ord14256
ord14255
ord16767
ord9215
ord16773
ord10873
ord4671
ord4609
ord14760
ord9236
ord2356
ord13568
ord13567
ord16636
ord14245
ord9287
ord16845
ord7476
ord16847
ord7478
ord16846
ord7477
ord15965
ord1083
ord7998
ord4365
ord6962
ord13862
ord9564
ord13880
ord13830
ord1168
ord1201
ord4611
ord6110
ord6501
ord6759
ord10825
ord6469
ord6762
ord6113
ord6331
ord6092
ord8978
ord8979
ord8968
ord6329
ord9568
ord11737
ord10678
ord1198
ord1162
ord2970
ord1163
ord1133
ord14982
ord1640
ord1630
ord1638
ord2651
ord2536
ord16766
ord9877
ord1584
ord9776
ord13870
ord11926
ord14741
ord14674
ord5333
ord9284
ord10424
ord9693
ord8880
ord5701
ord11869
ord1935
ord2764
ord6965
ord299

kernel32

DecodePointer
MultiByteToWideChar
SetLastError
OutputDebugStringW
RaiseException
HeapDestroy
HeapAlloc
FreeLibrary
VirtualQuery
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
WideCharToMultiByte
IsDebuggerPresent
GetCurrentThreadId
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
GetLastError

user32

PostQuitMessage
UnregisterClassW
GetSystemMetrics
PeekMessageW

gdi32

DeleteDC

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

ws2_32

WSAStartup

vcruntime140d

__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
__C_specific_handler_noexcept
__C_specific_handler
memset
__CxxFrameHandler3
memmove

ucrtbased

malloc
_CrtDbgReportW
fclose
feof
fopen
__stdio_common_vfscanf
atoi
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_cexit
free
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_CrtDbgReport
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
_c_exit
__stdio_common_vsprintf
__stdio_common_vswprintf_s
wcslen
wcscpy_s
__stdio_common_vsnprintf_s

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 625B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d492a487d0f1d0f62d0742f087216f63

Headers

DLL Characteristics

File Characteristics

Imports

mfc140ud

kernel32

user32

gdi32

comctl32

oleaut32

gdiplus

ws2_32

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 1KB - Virtual size: 14KB

.pdata Size: 14KB - Virtual size: 14KB

.idata Size: 12KB - Virtual size: 11KB

.msvcjmc Size: 1024B - Virtual size: 625B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 8KB - Virtual size: 8KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 1KB - Virtual size: 14KB

.pdata
Size: 14KB - Virtual size: 14KB

.idata
Size: 12KB - Virtual size: 11KB

.msvcjmc
Size: 1024B - Virtual size: 625B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 8KB - Virtual size: 8KB