fdd60d53829effc53cb8afeeeaa4b49341df6c9b0c5ad2bdbecaa28f5e0c67db

Sharing

Copy URL Twitter E-mail

General

Target

fdd60d53829effc53cb8afeeeaa4b49341df6c9b0c5ad2bdbecaa28f5e0c67db
Size

15.7MB
MD5

26104f9c580b789db5f80011b25d578a
SHA1

308e7af099688ff01ac627b718c5f8c4d732a320
SHA256

fdd60d53829effc53cb8afeeeaa4b49341df6c9b0c5ad2bdbecaa28f5e0c67db
SHA512

1b5ae037bff34e561d7b203d43c2ff366a4c612a9b0856f24df28ca74937459fd4730525fcc0b55a305eb3896d7d0617c43978e6f3a31c76554ac5879dc369d1
SSDEEP

393216:O02Iw+0KK1Bduth9QBfO6vIBCjRhlE/FPJAR:ON0K8t6A8BETA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdd60d53829effc53cb8afeeeaa4b49341df6c9b0c5ad2bdbecaa28f5e0c67db

Files

fdd60d53829effc53cb8afeeeaa4b49341df6c9b0c5ad2bdbecaa28f5e0c67db
.exe windows:6 windows x64 arch:x64

0d77d9eb424fa9705feee67e93f3c9d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtQueryInformationProcess
NtQuerySystemInformation
RtlInitUnicodeString

mfc140

ord13438
ord3166
ord8909
ord10644
ord6703
ord11850
ord8618
ord14128
ord11575
ord3710
ord11719
ord8792
ord11366
ord11365
ord5435
ord9936
ord9932
ord9934
ord9935
ord9933
ord14279
ord2696
ord7881
ord3202
ord3205
ord13331
ord5982
ord7206
ord450
ord8131
ord8050
ord12490
ord7989
ord5167
ord2437
ord12170
ord12171
ord14135
ord7619
ord14133
ord9049
ord4002
ord3941
ord12571
ord7637
ord2004
ord11614
ord11615
ord14007
ord12160
ord7688
ord14207
ord6100
ord14209
ord11888
ord11892
ord6102
ord14208
ord6101
ord3723
ord5687
ord11869
ord11877
ord4436
ord7888
ord10079
ord11881
ord11849
ord12552
ord5064
ord5347
ord5536
ord9001
ord5323
ord5539
ord5067
ord5213
ord5049
ord7430
ord7431
ord7420
ord5211
ord7890
ord9898
ord8862
ord6590
ord1089
ord1087
ord6292
ord1109
ord6229
ord6299
ord3748
ord316
ord1032
ord4648
ord2264
ord3943
ord13469
ord1695
ord1717
ord1743
ord1729
ord1750
ord4765
ord4832
ord4777
ord4795
ord4789
ord4783
ord4842
ord4826
ord4771
ord4848
ord4803
ord4741
ord4756
ord4817
ord4351
ord9343
ord7028
ord13050
ord940
ord2173
ord7685
ord1446
ord981
ord7363
ord10026
ord1485
ord4343
ord2962
ord14136
ord7620
ord14134
ord6607
ord11357
ord13284
ord5704
ord2627
ord11754
ord3804
ord3271
ord3270
ord3165
ord11798
ord5566
ord5896
ord9903
ord6282
ord988
ord310
ord8128
ord3689
ord10117
ord4714
ord14047
ord3705
ord878
ord1367
ord10680
ord8693
ord9016
ord8413
ord2368
ord11761
ord10657
ord11037
ord3300
ord3299
ord3066
ord5980
ord13327
ord2695
ord8888
ord8863
ord6266
ord5224
ord4326
ord1487
ord11803
ord2207

kernel32

K32GetDeviceDriverBaseNameA
VirtualAlloc
VirtualFree
GetComputerNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileIntA
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
GetConsoleWindow
GetModuleFileNameA
SetPriorityClass
SetThreadPriority
GetCurrentThread
ExitProcess
FindResourceA
Process32First
Process32Next
WriteProcessMemory
K32EnumDeviceDrivers
Sleep
SuspendThread
CreateProcessA
ReadProcessMemory
VirtualProtectEx
GetThreadContext
SetThreadContext
ResumeThread
TerminateProcess
OpenProcess
CreateDirectoryA
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
WritePrivateProfileStringA
GetTempPathA
InitializeCriticalSectionAndSpinCount
DeleteFileA
WriteFile
CreateFileA
LoadLibraryA
OutputDebugStringW
CloseHandle
GetModuleHandleA
GetProcAddress
CreateToolhelp32Snapshot
CreateEventW
GetModuleHandleW
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

EnableWindow
GetAsyncKeyState
DrawIcon
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
AppendMenuA
GetSystemMenu
MessageBoxA

advapi32

RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA
RegCloseKey

shell32

SHGetKnownFolderPath
ShellExecuteA

comctl32

InitCommonControlsEx

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

ws2_32

inet_addr
connect
closesocket
htons
socket
send
recv
WSAStartup
WSACleanup

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
strstr
memset
__C_specific_handler
__current_exception
__current_exception_context
memmove
_CxxThrowException
memchr
memcmp
memcpy

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
exit
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_invalid_parameter_noinfo_noreturn
_cexit
terminate
_seh_filter_exe
_set_app_type
__p__pgmptr

api-ms-win-crt-stdio-l1-1-0

fclose
_set_fmode
fopen
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__p__commode
__stdio_common_vsprintf

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

strtol
_itoa
atoi
_atoi64

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_setmbcp

Sections

.text
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9?_
Size: - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.#,0
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

."[*
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 9.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d77d9eb424fa9705feee67e93f3c9d1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

mfc140

kernel32

user32

advapi32

shell32

comctl32

msvcp140

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 56KB

.rdata Size: - Virtual size: 27KB

.data Size: - Virtual size: 62KB

.pdata Size: - Virtual size: 2KB

.9?_ Size: - Virtual size: 8.5MB

.#,0 Size: 5KB - Virtual size: 4KB

."[* Size: 15.7MB - Virtual size: 15.7MB

.reloc Size: 512B - Virtual size: 292B

.rsrc Size: 2KB - Virtual size: 9.3MB

.text
Size: - Virtual size: 56KB

.rdata
Size: - Virtual size: 27KB

.data
Size: - Virtual size: 62KB

.pdata
Size: - Virtual size: 2KB

.9?_
Size: - Virtual size: 8.5MB

.#,0
Size: 5KB - Virtual size: 4KB

."[*
Size: 15.7MB - Virtual size: 15.7MB

.reloc
Size: 512B - Virtual size: 292B

.rsrc
Size: 2KB - Virtual size: 9.3MB