4b490d03b76c3f7792cdea66d39a6f04

Sharing

Copy URL Twitter E-mail

General

Target

4b490d03b76c3f7792cdea66d39a6f04
Size

608KB
MD5

4b490d03b76c3f7792cdea66d39a6f04
SHA1

ab591a959770f00370744700c31986fa5197bd84
SHA256

9f8d8a2139dfb391ca747116b01a765e48014aaf528ca0bed17ceed14f80ba9a
SHA512

f933aeed61c1528a76d098e93df446a62cdfdd213cddae15639cea0bc19e6988aea3a347e27b50c6e78aec30dcb9d487ad45cbbbb3e662f485837bc6555fcee3
SSDEEP

12288:/mjjm2YwYj7RZm1nATzsJljE05FMhZFmB8:ejjmxTzsJZMZFm2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b490d03b76c3f7792cdea66d39a6f04

Files

4b490d03b76c3f7792cdea66d39a6f04
.exe windows:4 windows x86 arch:x86

a155a6bff9b04d4a7e19e15a8a171d0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

styleihm

?MettreAuPremierPlan@@YAXPAUHWND__@@H@Z
?STY_AfxMessageBox@@YAHPBDII@Z
?InitTitre@CSTY_Dlg_MsgBox@@SAXPBD@Z
?InitBoutonsPath@CSTY_Dlg_MsgBox@@SAXPBD00000000@Z
?GetInstance@CSTY_Gal_Chargeur@@SAPAV1@XZ
?m_bUseStretch@CSTY_Gal_Chargeur@@2HA
?SetRootDirectory@CSTY_Gal_Chargeur@@QAEXPBD@Z
?InitLangue@CSTY_Gal_Chargeur@@QAEXI@Z
?InitSkin@CSTY_Gal_Chargeur@@QAE?AW4t_enSetSkinResult@@PBD0@Z

xerces-c_2_6

??1Wrapper4InputSource@xercesc_2_6@@UAE@XZ
??3XMemory@xercesc_2_6@@SAXPAX@Z
?makeStream@LocalFileInputSource@xercesc_2_6@@UBEPAVBinInputStream@2@XZ
?getEncoding@InputSource@xercesc_2_6@@UBEPBGXZ
?getPublicId@InputSource@xercesc_2_6@@UBEPBGXZ
?setEncoding@Wrapper4InputSource@xercesc_2_6@@UAEXQBG@Z
?getIssueFatalErrorIfNotFound@InputSource@xercesc_2_6@@UBE_NXZ
?setEncoding@InputSource@xercesc_2_6@@UAEXQBG@Z
?setPublicId@InputSource@xercesc_2_6@@UAEXQBG@Z
?setSystemId@InputSource@xercesc_2_6@@UAEXQBG@Z
?setIssueFatalErrorIfNotFound@InputSource@xercesc_2_6@@UAEX_N@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_6@@2PAVMemoryManager@2@A
?transcode@XMLString@xercesc_2_6@@SA_NQBDQAGIQAVMemoryManager@2@@Z
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_6@@SAPAVDOMImplementation@2@PBG@Z
?transcode@XMLString@xercesc_2_6@@SAPAGQBD@Z
?transcode@XMLString@xercesc_2_6@@SAPADQBG@Z
?release@XMLString@xercesc_2_6@@SAXPAPAD@Z
?release@XMLString@xercesc_2_6@@SAXPAPAG@Z
??0Wrapper4InputSource@xercesc_2_6@@QAE@QAVInputSource@1@_NQAVMemoryManager@1@@Z
??0LocalFileInputSource@xercesc_2_6@@QAE@QBGQAVMemoryManager@1@@Z
??2XMemory@xercesc_2_6@@SAPAXI@Z
??1LocalFileInputSource@xercesc_2_6@@UAE@XZ
?Initialize@XMLPlatformUtils@xercesc_2_6@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@@Z
?fgXercescDefaultLocale@XMLUni@xercesc_2_6@@2QBDB
?Terminate@XMLPlatformUtils@xercesc_2_6@@SAXXZ
??0DOMErrorHandler@xercesc_2_6@@IAE@XZ
??1DOMErrorHandler@xercesc_2_6@@UAE@XZ
?getSystemId@InputSource@xercesc_2_6@@UBEPBGXZ

mfc71

ord5152
ord1908
ord5073
ord6275
ord4185
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4262
ord3182
ord605
ord2372
ord4541
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord4244
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5566
ord2838
ord4481
ord4261
ord3333
ord757
ord566
ord5213
ord1248
ord3397
ord2248
ord1128
ord1144
ord593
ord4125
ord5613
ord5119
ord334
ord1054
ord3830
ord1126
ord3641
ord1903
ord354
ord4749
ord709
ord501
ord4108
ord6005
ord5714
ord722
ord530
ord5444
ord6295
ord6283
ord3022
ord2468
ord4085
ord3255
ord2346
ord259
ord1580
ord5331
ord262
ord6297
ord5491
ord5320
ord6286
ord5419
ord631
ord1440
ord2751
ord3931
ord2288
ord2280
ord386
ord1254
ord442
ord382
ord675
ord3850
ord6178
ord6208
ord4048
ord1230
ord866
ord4063
ord1247
ord423
ord3019
ord660
ord5427
ord6180
ord6174
ord865
ord5403
ord6101
ord2748
ord6168
ord1258
ord1401
ord3946
ord1617
ord1620
ord5912
ord1551
ord1670
ord1671
ord2020
ord4580
ord4890
ord4735
ord4212
ord5182
ord385
ord2021
ord3088
ord630
ord2131
ord6090
ord370
ord783
ord618
ord6067
ord1072
ord314
ord300
ord2271
ord557
ord745
ord1074
ord378
ord548
ord1158
ord4044
ord628
ord1153
ord1091
ord5715
ord5716
ord6006
ord5712
ord6205
ord2149
ord3340
ord5438
ord1005
ord4081
ord3997
ord1916
ord1006
ord869
ord4109
ord1185
ord5529
ord5563
ord2322
ord6310
ord384
ord5089
ord1439
ord629
ord556
ord5097
ord5346
ord1452
ord744
ord1482
ord4067
ord3023
ord3934
ord5431
ord5430
ord2933
ord299
ord6118
ord1489
ord2272
ord911
ord907
ord1486
ord427
ord310
ord297
ord2902
ord664
ord876
ord4066
ord746
ord426
ord558
ord663
ord3236
ord870
ord784
ord781
ord578
ord304
ord265
ord266
ord762
ord1917
ord1084
ord764
ord1187
ord1191
ord581
ord1167
ord1092
ord1209
ord315
ord765
ord785
ord5102
ord1207

msvcr71

_itoa
strncat
sprintf
_strdup
_vsnprintf
strncpy
_atoi64
isdigit
qsort
_localtime64
_ftime
time
atol
sscanf
fclose
fopen
_errno
_mkdir
fprintf
fread
strlen
memset
_ultoa
strcpy
_mbschr
_mbsstr
_mbsdec
_mbsinc
_mbsninc
_mbsnbcpy
wcsncpy
atoi
memmove
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_mbsicmp
_CxxThrowException
realloc
_purecall
__CxxFrameHandler
_except_handler3
_resetstkoflw
free
malloc
strcat
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_strnicmp
_snprintf
_stricmp
_mbspbrk
_mbsrchr
_mbscmp
_mbsnbcmp
_ismbcdigit
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_setmbcp
_controlfp

kernel32

IsDBCSLeadByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
lstrcpynA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
SetEvent
ResetEvent
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathA
HeapFree
Process32Next
GetExitCodeProcess
WaitForSingleObject
lstrcpyA
lstrcatA
MulDiv
FlushInstructionCache
GetCurrentProcess
HeapAlloc
lstrcmpA
GetCurrentThreadId
Sleep
GetUserDefaultUILanguage
Process32First
LeaveCriticalSection
CreateEventA
CreateFileMappingA
CreateThread
GetLocalTime
CreateFileA
CreateDirectoryA
GetTickCount
CopyFileA
GetShortPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
GetFileAttributesA
WritePrivateProfileStringA
MoveFileExA
GetTempFileNameA
SetFileAttributesA
MoveFileA
LocalFree
CreateProcessA
GlobalFree
LocalAlloc
GlobalHandle
ReadFile
GetFileInformationByHandle
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
OpenProcess
TerminateProcess
CloseHandle
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
EnterCriticalSection
GetModuleFileNameA
GetCurrentProcessId
CreateToolhelp32Snapshot
DeleteFileA
GetProcAddress
LoadLibraryA
GetProcessHeap
GetPrivateProfileStringA

user32

UnregisterClassA
MessageBoxA
SetWindowLongA
RegisterWindowMessageA
EnableWindow
IsWindow
SendMessageA
CharNextA
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
GetMessageA
TranslateMessage
DispatchMessageA
GetClipboardData
GetSystemMetrics
IsIconic
DrawIcon
LoadImageA
CreateIconIndirect
wsprintfA
CreateWindowExA
CreateAcceleratorTableA
GetClassNameA
DestroyWindow
RedrawWindow
GetDlgItem
SetFocus
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetWindowLongA
ClientToScreen
GetClientRect
GetWindowRect
PostQuitMessage
GetParent
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetTimer
PeekMessageA
KillTimer
FindWindowA
PostMessageA
GetDesktopWindow
IsWindowEnabled
SetActiveWindow
SetWindowTextA
SetWindowPos

gdi32

CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
CreateBitmap

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
LookupPrivilegeValueA
OpenProcessToken
LookupPrivilegeNameA
GetTokenInformation

shell32

FindExecutableA
ShellExecuteA
SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

comctl32

ord17

shlwapi

PathFindExtensionA

ole32

CLSIDFromProgID
OleUninitialize
OleInitialize
CLSIDFromString
CoInitialize
OleLockRunning
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromCLSID
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
LoadRegTypeLi
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
UnRegisterTypeLi
SafeArrayRedim
VariantCopy
SysAllocStringByteLen
SafeArrayCreate
OleCreateFontIndirect
SysStringByteLen
RegisterTypeLi
LoadTypeLi

msvcp71

??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z

Sections

.text
Size: 404KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.irdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a155a6bff9b04d4a7e19e15a8a171d0a

Headers

File Characteristics

Imports

version

styleihm

xerces-c_2_6

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp71

Sections

.text Size: 404KB - Virtual size: 402KB

.rdata Size: 108KB - Virtual size: 105KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 4KB

.irdata Size: 68KB - Virtual size: 68KB

.text
Size: 404KB - Virtual size: 402KB

.rdata
Size: 108KB - Virtual size: 105KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 4KB

.irdata
Size: 68KB - Virtual size: 68KB