4acd16f422b317cc9e110e50eb1776fcd2226b72fdb32946896b70cf2dff8944

Sharing

Copy URL

Twitter E-mail

General

Target

4acd16f422b317cc9e110e50eb1776fcd2226b72fdb32946896b70cf2dff8944
Size

937KB
MD5

d4918c8dbefef0271ba65df9d98fc398
SHA1

93cb6fa6b12f5fb21657f7f8b6f4d4d10d08f560
SHA256

4acd16f422b317cc9e110e50eb1776fcd2226b72fdb32946896b70cf2dff8944
SHA512

26a8a3ec43c2f805685513699022b48ecd2421b5d143c6e2e2cc6a75acd2a457c20820f988226c7fc853865b7be6da9c4741aff384bce45980e7bf193e86b25c
SSDEEP

12288:Ao8OwpzuctRW0Udfk9TNCb/xstGypqnljfvK7FhyNQ9mVW5QfjmkL:s9zucq0+sdNCbitGWqlLK7PyN3Vhj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4acd16f422b317cc9e110e50eb1776fcd2226b72fdb32946896b70cf2dff8944

Files

4acd16f422b317cc9e110e50eb1776fcd2226b72fdb32946896b70cf2dff8944
.exe windows:6 windows x64 arch:x64

71a4debb3a6f02b0cdb642bdf13a695b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140u

ord9175
ord2662
ord12642
ord11775
ord3997
ord3947
ord14132
ord5196
ord5188
ord10122
ord10411
ord10827
ord10828
ord9054
ord11432
ord9670
ord8449
ord1665
ord1157
ord4722
ord9158
ord4655
ord489
ord1121
ord6006
ord3952
ord6090
ord14221
ord14219
ord5604
ord13307
ord13450
ord5056
ord8917
ord2628
ord6630
ord11770
ord8824
ord8003
ord10965
ord10968
ord9200
ord9215
ord9205
ord9677
ord9682
ord9217
ord10807
ord8614
ord8604
ord11435
ord9218
ord10811
ord8702
ord10835
ord9738
ord9739
ord4085
ord2903
ord1667
ord12600
ord6907
ord7250
ord10199
ord11787
ord1065
ord375
ord9039
ord2212
ord10726
ord6074
ord8441
ord4086
ord12466
ord3803
ord2187
ord2479
ord13999
ord4954
ord12240
ord5468
ord9984
ord2689
ord14194
ord3748
ord2907
ord8437
ord4079
ord3057
ord8818
ord1691
ord4771
ord4847
ord4832
ord5748
ord6254
ord8440
ord4083
ord3096
ord8822
ord6342
ord13006
ord5006
ord6879
ord7245
ord502
ord1129
ord956
ord1425
ord8993
ord13283
ord13444
ord8904
ord11784
ord5722
ord13351
ord8928
ord2510
ord4353
ord11859
ord11763
ord7912
ord3081
ord8095
ord4872
ord4873
ord5917
ord12142
ord1766
ord13360
ord5727
ord13358
ord5726
ord11119
ord5743
ord8521
ord9043
ord11489
ord11484
ord5189
ord3723
ord4443
ord11184
ord10093
ord7550
ord961
ord1427
ord11654
ord14299
ord2815
ord8451
ord983
ord7716
ord4445
ord8888
ord10956
ord10713
ord3735
ord8772
ord5981
ord5408
ord2779
ord13468
ord13697
ord10665
ord8093
ord2511
ord7395
ord2767
ord13023
ord12100
ord12341
ord4549
ord3728
ord5557
ord5763
ord9942
ord10941
ord1106
ord469
ord6862
ord8058
ord12563
ord6285
ord8167
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord5706
ord11921
ord11929
ord7920
ord10124
ord11933
ord11901
ord12606
ord5555
ord9941
ord6614
ord13864
ord11928
ord11709
ord1059
ord365
ord1844
ord941
ord8159
ord13545
ord1450
ord7393
ord9838
ord9835
ord4335
ord13199
ord4182
ord4324
ord1670
ord5709
ord285
ord2921
ord277
ord1057
ord4181
ord3746
ord2906
ord8439
ord4081
ord3058
ord8819
ord6258
ord9159
ord13299
ord12967
ord7394
ord4002
ord7426
ord2223
ord363
ord3713
ord6724
ord13761
ord5240
ord2344
ord8161
ord2475
ord6320
ord3756
ord6313
ord11854
ord7780
ord7775
ord12033
ord2270
ord7551
ord280
ord1503
ord7233
ord3599
ord1111
ord6303
ord1424
ord6588
ord8826
ord3164
ord4095
ord1089
ord446
ord6848
ord1501
ord11644
ord1120
ord488
ord4656
ord7691
ord2225
ord11813
ord8731
ord11085
ord3951
ord3308
ord3307
ord3071
ord6000
ord13397
ord2697
ord8830
ord8901
ord10704
ord13767
ord2222
ord4725
ord10163
ord990
ord6251
ord8900
ord9946
ord7922
ord5227
ord7450
ord7461
ord7460
ord5916
ord5062
ord5229
ord5083
ord5582
ord5339
ord9041
ord12256
ord8903
ord5552
ord5363
ord5080
ord11850
ord3172
ord3278
ord3279
ord3812
ord11806
ord2629
ord5723
ord13354
ord11406
ord6631
ord14217
ord7651
ord14211
ord2967
ord4352
ord9384
ord4360
ord4828
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord4853
ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord13513
ord3173
ord8947
ord10691
ord6729
ord11902
ord8656
ord14209
ord11625
ord3718
ord11771
ord8817
ord11415
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord2698
ord7913
ord3209
ord3212
ord13401
ord6002
ord3056
ord4078
ord1053
ord12443
ord1034
ord306
ord296
ord286
ord1033
ord1489
ord5376
ord266
ord265
ord1491
ord2370
ord6361

kernel32

CreateDirectoryW
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
OpenProcess
GetExitCodeProcess
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetSystemDefaultLCID
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
DeleteFileW
LoadLibraryW
FreeLibrary
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateFileW
SetEndOfFile
GetFileSize
SetFilePointer
GetLastError
WriteFile
ReadFile
CloseHandle
GetModuleHandleW
OutputDebugStringW

user32

GetMenuItemID
TranslateAcceleratorW
AdjustWindowRect
GetMenu
GetWindowThreadProcessId
FindWindowW
GetMenuItemCount
GetSubMenu
GetSysColor
GetDlgCtrlID
UpdateWindow
InvalidateRect
LoadMenuW
OpenClipboard
EnableWindow
SendMessageW
GetMenuItemInfoW
EmptyClipboard
LoadAcceleratorsW
CheckMenuItem
GetMenuState
CloseClipboard
SetClipboardData

gdi32

GetStockObject
CreateFontIndirectW
GetObjectW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?global@locale@std@@SA?AV12@AEBV12@@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xruntime_error@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__C_specific_handler
_CxxThrowException
__RTDynamicCast
memcmp
memmove
__current_exception_context
_purecall
wcsstr
__std_exception_destroy
__std_exception_copy
__std_terminate
memcpy
__current_exception

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_crt_atexit
_register_onexit_function
_initialize_onexit_table
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_seh_filter_exe
_set_app_type
_get_wide_winmain_command_line
_cexit
_initialize_wide_environment
_configure_wide_argv
_initterm
_initterm_e
exit
_exit

api-ms-win-crt-stdio-l1-1-0

_fileno
_setmode
__p__commode
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_set_fmode

api-ms-win-crt-string-l1-1-0

_wcsnicmp
strcpy_s
wcscpy_s
strcmp

api-ms-win-crt-convert-l1-1-0

wcstof
wcstoul
wcstol

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_wsetlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71a4debb3a6f02b0cdb642bdf13a695b

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcp140

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 305KB - Virtual size: 305KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 99KB - Virtual size: 544KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 355KB - Virtual size: 355KB

.text
Size: 305KB - Virtual size: 305KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 99KB - Virtual size: 544KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 355KB - Virtual size: 355KB