3b99076c604d2b0623bfd207e499b6be

Sharing

Copy URL Twitter E-mail

General

Target

3b99076c604d2b0623bfd207e499b6be
Size

822KB
MD5

3b99076c604d2b0623bfd207e499b6be
SHA1

d0eed8fedc3733a17db9e2b7167ac096463d9beb
SHA256

47ecbf5cd2f989f315ee88c17f043052014664e13420808c770ea13d6eb9b7cc
SHA512

2e69f9b9e7eab9763363c5de755127c6a266730217cb6a6838ecfa8b6b9cf418a3ac0755f281a25158e6f4104e2d5ae5304af26f5e0b0aecafa3035be2116e5c
SSDEEP

12288:TUWdFORi4ufDIY8oJzAxp2H5zT9EemdJD5PmsOfhihJ4fYNh6doKAavBqR4Z:DvOk4Sd8oJUxo5zT0d3FAYNwdECMR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b99076c604d2b0623bfd207e499b6be

Files

3b99076c604d2b0623bfd207e499b6be
.exe windows:5 windows x86 arch:x86

65ea5b153acfed7f797878c67086c314

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

WrapStoreEntryID@24
DllGetClassObject
FtMulDw@12
BMAPIGetReadMail
ScMAPIXFromSMAPI
OpenStreamOnFile@24
UNKOBJ_ScCOReallocate@12
RTFSync@12
MAPIDetails
ScRelocNotifications@20
FBadRglpszA@8
FBadEntryList@4
FBadRglpszW@8
HrIStorageFromStream@16
FBadColumnSet@4
ScGenerateMuid@4
ScCountNotifications@12
FGetComponentPath@20
cmc_list
MAPIInitialize@4
HrValidateIPMSubtree@20
MAPILogon
UlAddRef@4
MapStorageSCode@4
LpValFindProp@12
MAPIInitialize
CreateTable@36

msvcrt20

fgetc
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
__dllonexit
??5istream@@QAEAAV0@AAF@Z
?flags@ios@@QBEJXZ
??5istream@@QAEAAV0@AAD@Z
?dec@@YAAAVios@@AAV1@@Z
_ismbcupper
_getche
?ws@@YAAAVistream@@AAV1@@Z
?clrlock@ios@@QAAXXZ
?ebuf@streambuf@@IBEPADXZ
iswalnum
_putch
gmtime
??_Efilebuf@@UAEPAXI@Z
_mbsnicmp
??4istream_withassign@@QAEAAV0@ABV0@@Z
??_7iostream@@6B@
sscanf
mbstowcs
tanh
?fail@ios@@QBEHXZ
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
_getws
??_7ifstream@@6B@
??0istream@@IAE@ABV0@@Z
?pword@ios@@QBEAAPAXH@Z
__p__iob
_swab
?cin@@3Vistream_withassign@@A

msvcp60

??0?$collate@G@std@@QAE@I@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@MAEGG@Z
_LSnan
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXPADID@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?denorm_min@?$numeric_limits@I@std@@SAIXZ
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?log10@std@@YA?AV?$complex@N@1@ABV21@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?do_in@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
_LExp
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??_F?$collate@D@std@@QAEXXZ
?pow@std@@YA?AV?$complex@N@1@ABV21@H@Z
?pbackfail@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
_FRteps
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?length@?$codecvt@GDH@std@@QBEHAAHPBG1I@Z
?signaling_NaN@?$numeric_limits@E@std@@SAEXZ
_Strcoll
?capacity@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0money_base@std@@QAE@I@Z
??_7?$collate@G@std@@6B@

user32

TrackPopupMenuEx
LoadAcceleratorsW
DialogBoxIndirectParamW
TranslateMessage
KillTimer
TileChildWindows
ShowOwnedPopups
RemovePropA
DlgDirSelectComboBoxExA
IsServerSideWindow
SetActiveWindow
GetWindowModuleFileNameW
GetClientRect
DdeUnaccessData
LoadMenuIndirectW
SetProgmanWindow
DialogBoxIndirectParamAorW
SetUserObjectInformationW
IsDialogMessageA
GetClassInfoW
RemovePropW
ChildWindowFromPoint
CreateWindowStationA
DestroyReasons
RegisterLogonProcess
CreateIconFromResourceEx
CreateWindowExW
RemoveMenu

msvcirt

?is_open@ifstream@@QBEHXZ
?read@istream@@QAEAAV1@PAEH@Z
??4strstream@@QAEAAV0@AAV0@@Z
??1streambuf@@UAE@XZ
??_Gofstream@@UAEPAXI@Z
??6ostream@@QAEAAV0@M@Z
??4iostream@@IAEAAV0@AAV0@@Z
?underflow@strstreambuf@@UAEHXZ
?fd@filebuf@@QBEHXZ
?sync@stdiobuf@@UAEHXZ
?peek@istream@@QAEHXZ
??1ostrstream@@UAE@XZ
??0fstream@@QAE@ABV0@@Z
??1stdiobuf@@UAE@XZ
??_Gistream_withassign@@UAEPAXI@Z
?pbackfail@streambuf@@UAEHH@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??_8strstream@@7Bistream@@@
??_Dstrstream@@QAEXXZ
?seekpos@streambuf@@UAEJJH@Z
?getline@istream@@QAEAAV1@PADHD@Z
?close@ofstream@@QAEXXZ
?read@istream@@QAEAAV1@PADH@Z
??_Dostream_withassign@@QAEXXZ
?cerr@@3Vostream_withassign@@A
?setf@ios@@QAEJJJ@Z
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?sh_read@filebuf@@2HB

kernel32

FileTimeToLocalFileTime
DeleteVolumeMountPointA
InvalidateConsoleDIBits
_lwrite
GetTempPathA
ReadConsoleOutputA
lstrcpyA
SetConsoleCP
SetLocalPrimaryComputerNameW
GetPrivateProfileSectionNamesA
CreateHardLinkA
SetConsoleMaximumWindowSize
VerLanguageNameW
WriteConsoleInputVDMW
GetEnvironmentStringsW
SetLastConsoleEventActive
GetProfileStringA
OpenJobObjectA
GetSystemTimeAsFileTime
GetExpandedNameA
Beep
GetDiskFreeSpaceA
FindActCtxSectionStringA
GetCurrentProcessId
DeleteFiber
LoadLibraryA
ExpungeConsoleCommandHistoryA
GetProcAddress
VirtualAlloc
GetCommState
QueryDosDeviceW

crtdll

_mbctype
_fcvt
_ismbbkana
asin
sinh
wcstoul
iswdigit
atan
_mbslen
wctomb
memchr
_mbclen
_ismbbtrail
_ismbclegal
strcpy
_fmode_dll
_CIpow
_pclose
_stat
_findfirst
scanf
_strdate
_putenv
_ismbbkalnum
_spawnve
_CIfmod
fwprintf
_XcptFilter
difftime
_mbctolower
wcsncmp
_strdec
_sopen
wcsftime
ctime
_cexit
wcschr
_mbsrev

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 612KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65ea5b153acfed7f797878c67086c314

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

msvcrt20

msvcp60

user32

msvcirt

kernel32

crtdll

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 612KB - Virtual size: 2.0MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 324B

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 612KB - Virtual size: 2.0MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 324B