2b3879d2accba8172394c06bec22d306

Sharing

Copy URL Twitter E-mail

General

Target

2b3879d2accba8172394c06bec22d306
Size

4.1MB
MD5

2b3879d2accba8172394c06bec22d306
SHA1

96ba8838b1af47c1c1f71bb25eabf0ca130fabc1
SHA256

38e62585f58cd81265aef74db1ace7324f38eada4350371995e5bf0426921a52
SHA512

bdc6ef67e1e01bdcdbea4c246a25ab3a6df04b45b297efdfcf61ff78f617eb2c55d22cacb2fd42cbc529f12bf3e156a143271d24136d4039cff50e53c399b628
SSDEEP

98304:zCyF+go/fU8W2RS5Lb3qMwtJdx46viE1ntP768yHJ:z4XrW2RS5Lb3qMwT06viEdtD6X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b3879d2accba8172394c06bec22d306

Files

2b3879d2accba8172394c06bec22d306
.exe windows:4 windows x86 arch:x86

c6d37af7e4a9aa396bb3ead4bcb04da0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2575
ord4396
ord3402
ord3574
ord3610
ord2135
ord818
ord2370
ord2688
ord665
ord6241
ord1979
ord6385
ord2915
ord5186
ord354
ord6334
ord6880
ord2642
ord6215
ord3797
ord5981
ord4224
ord6007
ord3584
ord543
ord803
ord3742
ord4275
ord1949
ord4034
ord1175
ord5572
ord5651
ord3127
ord3616
ord3126
ord3613
ord2614
ord5442
ord3318
ord5683
ord4710
ord2452
ord2714
ord5873
ord6157
ord289
ord613
ord4476
ord6282
ord6605
ord6453
ord3092
ord6172
ord6438
ord3873
ord1576
ord6378
ord6197
ord5875
ord6379
ord1146
ord3571
ord2414
ord825
ord3663
ord3626
ord3619
ord1168
ord324
ord323
ord641
ord640
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3361
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord656
ord609
ord2379
ord5220
ord296
ord617
ord2725
ord5289
ord6143
ord5583
ord941
ord860
ord2864
ord858
ord5608
ord535
ord924
ord922
ord4202
ord4129
ord2818
ord6662
ord4204
ord2764
ord1134
ord2621
ord5214
ord823
ord5710
ord6877
ord926
ord939
ord561
ord541
ord533
ord815
ord801
ord798
ord3738
ord4622
ord5714
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord3259
ord3147
ord5265
ord2982
ord5277
ord2124
ord4486
ord4274
ord4673
ord3998
ord567
ord3640
ord4424
ord3370
ord5290
ord4402
ord1776
ord6055
ord2582
ord470
ord537
ord755
ord6883
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord6675
ord3301
ord1200
ord2645
ord6663
ord4278
ord6907
ord6888
ord4299
ord6199
ord4234
ord2302
ord800
ord540
ord693
ord2405
ord2446
ord2859
ord2860
ord5785
ord1640
ord3706
ord5789
ord4160
ord2754
ord4022
ord1792
ord1795
ord4376
ord1641
ord3874

msvcrt

_purecall
__getmainargs
_mbscmp
_strdup
strncmp
strlen
vsprintf
memmove
realloc
_strcmpi
_ftol
__CxxFrameHandler
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
free
strcpy
_acmdln
exit
_XcptFilter
wcslen
_CxxThrowException
_strlwr
isdigit
isxdigit
strchr
_setmbcp
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
_itoa
_controlfp
rename
atol
_mbsicmp
_wtoi
_stricmp
_strnicmp
memset
sprintf
wcscmp
fopen
fclose
strcmp
memcpy
memcmp
malloc
atoi
_mbschr
_mbsnbcpy
_snprintf
printf
strncpy
strrchr
strstr
strcat

kernel32

MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetPrivateProfileStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
ReadFile
GetFileSize
_lclose
_lread
_llseek
_lopen
lstrcpynA
GetPrivateProfileIntA
IsDBCSLeadByte
GetStartupInfoA
GetLastError
MoveFileExA
WritePrivateProfileStringA
MoveFileA
DeleteFileA
CopyFileA
RemoveDirectoryA
OpenProcess
GetShortPathNameA
InterlockedIncrement
LoadLibraryExA
GetFileTime
CompareFileTime
GetVersion
GetWindowsDirectoryA
GetSystemDirectoryA
ResumeThread
SuspendThread
CreateThread
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualQuery
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetDriveTypeA
GetCurrentProcess
GetTempPathA
GetTempFileNameA
CreateProcessA
WaitForSingleObject
FindFirstFileA
FindClose
FindNextFileA
InterlockedDecrement
CreateDirectoryA
SetCurrentDirectoryA
Sleep
GetModuleHandleA
GetModuleFileNameA
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle

user32

SetRectEmpty
IntersectRect
IsRectEmpty
GetWindowDC
SetWindowRgn
SendMessageA
LoadIconA
EnableWindow
GetSystemMetrics
OffsetRect
SetRect
CopyRect
InflateRect
GetClientRect
GetDC
ReleaseDC
GetFocus
SetCapture
ReleaseCapture
SetFocus
ChildWindowFromPointEx
GetParent
DrawIconEx
PtInRect
ScreenToClient
PostQuitMessage
GetDesktopWindow
InvalidateRect
PostMessageA
SetForegroundWindow
GetWindowRect
ExitWindowsEx
FindWindowExA
SetTimer
KillTimer
SendMessageTimeoutA
FindWindowA
wsprintfA
CreateCursor
SetCursor
GetCapture
IsZoomed
SystemParametersInfoA
SetActiveWindow
SetWindowLongA
GetActiveWindow
GetKeyState
GetCursorPos
LoadBitmapA

gdi32

SelectObject
DeleteObject
CombineRgn
OffsetRgn
CreateRectRgn
CreatePalette
CreateFontIndirectA
DeleteDC
CreateDIBitmap
RealizePalette
SelectPalette
StretchBlt
CreateDIBSection
GetStockObject
SetStretchBltMode
ExtCreateRegion
GetTextExtentPoint32A
CreateBitmap
SetDIBitsToDevice
CreateFontA
GetObjectA
CreateCompatibleBitmap
CreateRoundRectRgn
CreateCompatibleDC
BitBlt
GetDeviceCaps
TextOutA
CreateSolidBrush

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
SHGetSpecialFolderPathA
SHChangeNotify
SHBrowseForFolderA

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
SysStringLen
VariantCopy
VariantChangeType
VariantInit
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysStringByteLen
SysFreeString
SysAllocStringByteLen
SafeArrayDestroy

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

winmm

PlaySoundA

shlwapi

SHDeleteEmptyKeyA
SHDeleteKeyA
PathCombineA
PathAddExtensionA
PathAppendA
PathFileExistsA
PathIsDirectoryA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

olepro32

ord251

Exports

Exports

GL_ZIPCompress
GL_ZIPUncompress

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6d37af7e4a9aa396bb3ead4bcb04da0

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp60

winmm

shlwapi

version

olepro32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 230KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 392KB - Virtual size: 390KB

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 392KB - Virtual size: 390KB