a949f77c2dcf92e3f24cf63a385f3634aa5b95e797c96d1bcd904b91f0985224

Sharing

Copy URL Twitter E-mail

General

Target

a949f77c2dcf92e3f24cf63a385f3634aa5b95e797c96d1bcd904b91f0985224
Size

1.3MB
MD5

8d4a5ef3c103bf60d742047ab03251b9
SHA1

e96618c7aa156fdb88f536ba778ec2ac88f7750b
SHA256

a949f77c2dcf92e3f24cf63a385f3634aa5b95e797c96d1bcd904b91f0985224
SHA512

ceed5ce9e84c6e64bcd40a099b1e5c6e585efd655c96d318a4486fc2950b2828d11c114c780df64f9affaf701eb6da356c72d0446f0481013e3a63fe0f3b1b86
SSDEEP

24576:e4CNLITu3AIn3fv+BtxQRDpJ1VL2M9xk9cPKhJc:eiQ3Xg69dp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a949f77c2dcf92e3f24cf63a385f3634aa5b95e797c96d1bcd904b91f0985224

Files

a949f77c2dcf92e3f24cf63a385f3634aa5b95e797c96d1bcd904b91f0985224
.exe windows:6 windows x86 arch:x86

d99022e81be22a1b389a0ce88a048377

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord4870
ord8426
ord2204
ord2202
ord3844
ord1509
ord1471
ord5894
ord12182
ord12191
ord4582
ord8180
ord10384
ord12194
ord12162
ord12870
ord998
ord7406
ord5228
ord5528
ord5739
ord9305
ord5504
ord5742
ord5231
ord5390
ord5210
ord7452
ord7687
ord7688
ord7677
ord5388
ord8182
ord10202
ord9166
ord4725
ord4705
ord2881
ord8140
ord5562
ord1142
ord503
ord12863
ord8718
ord8679
ord4656
ord12706
ord5898
ord305
ord3005
ord14238
ord12503
ord5861
ord5096
ord8322
ord14322
ord2986
ord1526
ord2383
ord6291
ord4841
ord14581
ord6322
ord14583
ord6324
ord14582
ord6323
ord993
ord6831
ord1131
ord1068
ord1177
ord1064
ord1109
ord4084
ord259
ord262
ord1447
ord9092
ord1443
ord4227
ord3250
ord6806
ord2339
ord6104
ord7619
ord6195
ord13681
ord3298
ord3295
ord10207
ord8173
ord2759
ord3140
ord14699
ord10237
ord10239
ord10238
ord10236
ord3230
ord14571
ord12348
ord14518
ord12291
ord300
ord6724
ord2376
ord2381
ord5398
ord13056
ord12433
ord3012
ord13039
ord12430
ord2892
ord1721
ord1438
ord10240
ord5631
ord11671
ord11672
ord9096
ord12032
ord3830
ord3825
ord11881
ord14502
ord8922
ord12163
ord7783
ord10950
ord9213
ord3259
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord1751
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord5769
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord8713
ord6848
ord11663
ord12969
ord13628
ord5911
ord2680
ord12067
ord3933
ord3363
ord3364
ord3258
ord12111
ord1000
ord8732
ord6942
ord6836
ord1389
ord890
ord13011
ord6464
ord7459
ord10986
ord12074
ord6193
ord13677
ord2758
ord9167
ord12115
ord8997
ord10963
ord11343
ord10421
ord458
ord3395
ord3396
ord3159
ord6505
ord14421
ord13407
ord4468
ord14149
ord14048
ord8776
ord5401
ord3676
ord3689
ord3686
ord3688
ord3801
ord10700
ord963
ord12195
ord14054
ord3808
ord3796
ord4869
ord2241
ord13198
ord13883
ord974
ord8717
ord4655
ord1696
ord1692
ord314
ord5059
ord1174
ord1403
ord8429
ord7618
ord2298
ord6540
ord2520
ord3874
ord6768
ord898
ord6460
ord2518
ord450
ord3856
ord13027
ord13234
ord8064
ord8770
ord8326
ord1468
ord8347
ord1456
ord12190
ord8435
ord982
ord12734
ord2860
ord13841
ord2387
ord10383
ord7075
ord3685
ord12869
ord7475
ord9089
ord1178
ord6946
ord6563
ord3946
ord4866
ord12806
ord4580
ord13584
ord6533
ord7133
ord358
ord6463
ord8285
ord5336
ord10330
ord2484
ord7076
ord1066
ord362
ord4639
ord4865
ord14514
ord3337
ord3181
ord6559
ord12485
ord12484
ord3351
ord14509
ord7886
ord14507
ord3231
ord6774
ord5648
ord9353
ord5826
ord4143
ord4082
ord6290
ord4085
ord1141
ord501
ord6200
ord2210
ord2166
ord2165
ord6523
ord9085
ord3864
ord2988
ord8703
ord4213
ord5858
ord3142
ord6471
ord9088
ord2751
ord14487
ord3866
ord12888
ord7905
ord2989
ord8704
ord2027
ord4215
ord11928
ord6996
ord3184
ord11927
ord14380
ord6562
ord9083
ord12474
ord6947
ord4210
ord1472
ord1698
ord5862
ord3949
ord3597
ord540
ord3178
ord3861
ord13026
ord13961
ord494
ord5491
ord12725
ord6529
ord5493
ord12294
ord6801
ord14172
ord9129
ord9225
ord8847
ord10979
ord11257
ord11145
ord2503
ord13054
ord12431
ord2561
ord6909
ord4807
ord1529
ord1044
ord1106
ord310
ord316
ord8146
ord1661
ord266
ord265
ord1140
ord11907
ord500
ord5095
ord1507
ord7964
ord4640
ord2407

kernel32

OutputDebugStringW
GetOverlappedResult
SetThreadPriority
ResumeThread
ClearCommError
EscapeCommFunction
GetCommState
PurgeComm
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
GlobalLock
GlobalUnlock
SetupComm
CreatePipe
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
lstrcpynA
GetPrivateProfileSectionA
GetPrivateProfileIntA
lstrcpyA
MulDiv
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
GlobalFree
GlobalAlloc
LoadLibraryExA
GetSystemTime
SystemTimeToFileTime
GetVolumeInformationA
WritePrivateProfileStringA
GetPrivateProfileStringA
FindResourceA
SizeofResource
LoadResource
GetModuleHandleA
GetModuleFileNameA
GetNativeSystemInfo
GetCurrentThreadId
GetCurrentProcess
WriteFile
DeleteFileA
GetStartupInfoA
LoadLibraryA
lstrlenA
GetProcAddress
FreeLibrary
GetSystemFirmwareTable
CreateProcessA
DeviceIoControl
ReadFile
CreateFileA
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
FormatMessageA
LocalFree
Sleep
VirtualFree
VirtualAlloc
GetLocalTime
DeleteCriticalSection
GetLastError

user32

PeekMessageA
LoadCursorW
SetClassLongA
ClipCursor
GetDlgCtrlID
PtInRect
PostMessageA
DrawEdge
FindWindowA
CopyRect
FillRect
DrawFocusRect
GetSysColor
ReleaseDC
GetDC
LoadIconW
DrawIcon
AppendMenuA
GetSystemMenu
GetSystemMetrics
IsIconic
SetWindowPos
IsWindow
GetParent
GetWindowRect
GetClientRect
RedrawWindow
InvalidateRect
EnableWindow
DefWindowProcA
GetWindow
GetClassNameA
KillTimer
SetTimer
PostThreadMessageA
SendMessageA
wsprintfA

gdi32

GetBkColor
GetROP2
Ellipse
CreateCompatibleDC
Polygon
GetDIBits
GetCurrentObject
GetObjectA
LPtoDP
CreateFontA
GetDeviceCaps
CreateCompatibleBitmap
Rectangle
CreateFontIndirectA
GetTextExtentPoint32A
RoundRect
CreatePen
BitBlt

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumValueA

shell32

Shell_NotifyIconA

oleaut32

OleLoadPicture

msvcp140

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

ws2_32

WSACleanup
WSAGetLastError
htonl
inet_ntoa
ntohs
WSAStartup
getaddrinfo
freeaddrinfo
setsockopt
shutdown
gethostbyname
gethostbyaddr
socket
send
select
recv
listen
htons
accept
getsockname
getpeername
connect
closesocket
bind
WSASetLastError
WSAAddressToStringA
inet_ntop

iphlpapi

GetAdaptersInfo

vcruntime140

__CxxFrameHandler3
memchr
memmove
_CxxThrowException
memcpy
memset
strstr
_purecall
strchr
_except_handler3
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_narrow_winmain_command_line
_initterm_e
_set_app_type
_seh_filter_exe
_exit
_invalid_parameter_noinfo
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
_controlfp_s
_errno
_invalid_parameter_noinfo_noreturn
exit
terminate

api-ms-win-crt-stdio-l1-1-0

ftell
__stdio_common_vsscanf
_set_fmode
__p__commode
__stdio_common_vsprintf
fgets
feof
fopen
fwrite
fopen_s
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fseek
fread

api-ms-win-crt-filesystem-l1-1-0

_makepath
_splitpath
_mkdir
_makepath_s
_findclose
_findfirst64i32
_findnext64i32
_chdrive
_chdir
_rmdir

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

_libm_sse2_atan_precise
_libm_sse2_sin_precise
modf
_CIfmod
ceil
floor
_isnan
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_except1
_libm_sse2_sqrt_precise
__setusermatherr

api-ms-win-crt-string-l1-1-0

isdigit
strtok
_strupr
tolower
strcat_s
isspace
isalnum
isprint
strcpy_s
strnlen
_strupr_s
strncpy_s
strncpy
toupper
strncmp

api-ms-win-crt-convert-l1-1-0

atoi
atol
strtol
strtoul
atof

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

comctl32

ImageList_SetBkColor
ImageList_Draw

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 642KB - Virtual size: 641KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d99022e81be22a1b389a0ce88a048377

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

gdi32

advapi32

shell32

oleaut32

msvcp140

ws2_32

iphlpapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

comctl32

ole32

Sections

.text Size: 498KB - Virtual size: 497KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 8KB - Virtual size: 47KB

.gfids Size: 512B - Virtual size: 56B

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 642KB - Virtual size: 641KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 498KB - Virtual size: 497KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 8KB - Virtual size: 47KB

.gfids
Size: 512B - Virtual size: 56B

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 642KB - Virtual size: 641KB

.reloc
Size: 39KB - Virtual size: 38KB