11d65426af8bb6c47da6dc7dcb138db8

Sharing

Copy URL Twitter E-mail

General

Target

11d65426af8bb6c47da6dc7dcb138db8
Size

237KB
MD5

11d65426af8bb6c47da6dc7dcb138db8
SHA1

0df8a65ed555cfbeace5c3ad8ec7fc5f1d10ee6e
SHA256

300b40f306ae614e5e2a60057624319fc7f51fd78a9712e05bb3f621ded75990
SHA512

ffbac52921973a727124cf1da012a91820f8a2cfa6655678f73acdb4b5004a5e303933e8060a8be9c190dccdfb6609db6e4c25b2aa4d6f2150f98593ea544f3a
SSDEEP

3072:t1JBkvDfa2j5/9FJ02DHdHPWIOO6lOf38modl54dykZBZf2F2IbqLst:fJ65jJ0uOIOO2Ov9u54dyQzy2IbqLst

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11d65426af8bb6c47da6dc7dcb138db8

Files

11d65426af8bb6c47da6dc7dcb138db8
.exe windows:5 windows x86 arch:x86

868589c366aaaf2de93d4d027c928fb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
gethostbyname

msvcp90

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?max_size@?$allocator@_W@std@@QBEIXZ

msvcr90

_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
_except_handler4_common
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_crt_debugger_hook
__p__commode
??3@YAXPAX@Z
memmove_s
_vscwprintf
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
free
calloc
strlen
wcsnlen
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
?terminate@@YAXXZ
strcmp
strncpy
memcpy
wcsstr
wcsncpy_s
memset
_ultoa_s
malloc
_strlwr_s
strncmp
fclose
vswprintf_s
fwrite
_wtoi
_wfopen_s
memcmp
wcscmp
wcscat_s
_purecall
??2@YAPAXI@Z
_mbscmp
_vscprintf
memcpy_s
??_V@YAXPAX@Z
_recalloc
_invalid_parameter_noinfo
vsprintf_s
wcslen
strnlen
_CxxThrowException

shlwapi

PathAddBackslashW
UrlEscapeA

ccl100u

ord160
ord161
ord1084
ord2102
ord2505
ord2514
ord2499
ord1168
ord1241
ord1118
ord3680
ord3676
ord3677
ord3670
ord3671
ord3672
ord3665
ord3666
ord3257
ord3256
ord2648
ord2014
ord3263
ord2565
ord2587
ord2588
ord2888
ord1167
ord1986
ord1984
ord2847
ord2880
ord2579
ord2898
ord2848
ord2901
ord2855
ord2643
ord2642
ord2195
ord2193
ord2187
ord2188
ord2644
ord2189
ord2198
ord2196
ord2883
ord3057
ord2703
ord1711
ord1712
ord1717
ord1705
ord3280
ord3295
ord3305
ord2622
ord3264
ord2199
ord2219
ord2221
ord2206
ord2208
ord1240
ord2496
ord2504
ord3303
ord3821
ord3819
ord3823
ord2615
ord2602
ord3806
ord3262

winhttp

WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpWriteData
WinHttpSendRequest
WinHttpReceiveResponse

kernel32

GetLocaleInfoW
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
GetSystemDefaultLangID
FreeResource
GetDiskFreeSpaceExW
DeleteFileW
lstrlenA
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
RaiseException
GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
SetEndOfFile
CreateFileA
SizeofResource
ReadFile
GetFileSize
SetFilePointer
Sleep
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetFileAttributesW
MultiByteToWideChar
lstrlenW
GetTempPathW
GetLastError
LockResource
FreeLibrary
WaitForSingleObject
GetTempFileNameW
LoadLibraryW
GetExitCodeProcess
InterlockedExchange
CloseHandle
InterlockedIncrement
InterlockedDecrement
GetFileAttributesA

user32

SetForegroundWindow
FindWindowW
GetWindowPlacement
IsIconic
SetActiveWindow
DestroyWindow
CharNextW
LoadImageW
PostMessageW
SetWindowPlacement
DestroyIcon
SendMessageW
GetSystemMetrics
SetWindowPos

advapi32

RegDeleteKeyW
RegSetValueExW
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
RegDeleteValueW
GetTraceLoggerHandle
RegQueryInfoKeyW
GetTraceEnableFlags
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
TraceMessage

shell32

ShellExecuteExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

868589c366aaaf2de93d4d027c928fb1

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

msvcp90

msvcr90

shlwapi

ccl100u

winhttp

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 27KB - Virtual size: 26KB

.prdata Size: 68KB - Virtual size: 68KB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 27KB - Virtual size: 26KB

.prdata
Size: 68KB - Virtual size: 68KB