6bf1c8ef23ac30ff11fd187275d383d720329ac16e9266e82dbcdfd857bd5bf0

Sharing

Copy URL Twitter E-mail

General

Target

6bf1c8ef23ac30ff11fd187275d383d720329ac16e9266e82dbcdfd857bd5bf0
Size

256KB
MD5

88ed3b069921deae87f15728be5d87c5
SHA1

abc4406ff49c3c577b9108042049da0768e5ed69
SHA256

6bf1c8ef23ac30ff11fd187275d383d720329ac16e9266e82dbcdfd857bd5bf0
SHA512

a8681bb84a87a96a2d6e771d601e13654a9d55b98e275c85c4f890f749406fe27e48ed37fbf7e75ff2baf9ad6a506684a19630cef17bcdcf6a42dd0bd6fa2217
SSDEEP

3072:yodRB39KlSIM1UYTw67hUn4r/R4x1tHrTZ4ZmXy+NZvP1dqQyhGd/s:yOv39KrYTw67hU4cr6P+NZ6Gd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bf1c8ef23ac30ff11fd187275d383d720329ac16e9266e82dbcdfd857bd5bf0

Files

6bf1c8ef23ac30ff11fd187275d383d720329ac16e9266e82dbcdfd857bd5bf0
.exe windows:5 windows x86 arch:x86

2cf4aad39c6fdfb1d3c88042b2d7e2b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shlwapi

PathFileExistsW

libcurl

curl_easy_init
curl_global_cleanup
curl_easy_cleanup
curl_easy_setopt
curl_easy_perform

network

??_7Action@Http@@6B@
??_7Base@Http@@6B@
?Size@Memory@Http@@QBEIXZ
?MemoryAddr@Memory@Http@@QBEPADXZ
??1URL@Http@@UAE@XZ
??0URL@Http@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?UserData@Request@Http@@QBEPAVBase@2@XZ
?Get@Router@Http@@QAEXABVURL@2@PAVAction@2@PAVBase@2@@Z
?GetInstance@Router@Http@@SAAAV12@XZ
?CurlCode@Response@Http@@QBE?AW4CURLcode@@XZ
??0Response@Http@@QAE@ABV01@@Z
??0Action@Http@@QAE@XZ
??1Response@Http@@UAE@XZ

kernel32

DeleteFileW
GetModuleHandleW
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
lstrlenW
GetTempPathW
GetProcAddress
lstrcatW
WideCharToMultiByte
GetLongPathNameW
SetHandleInformation
EncodePointer
GetFullPathNameW
FreeLibrary
LoadLibraryExW
WaitForSingleObject
LoadLibraryW
CloseHandle
MultiByteToWideChar
DecodePointer
CreateProcessW
GetExitCodeProcess
GetLastError
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
CreatePipe

user32

LoadIconW
BeginPaint
GetParent
DialogBoxParamW
KillTimer
LoadImageW
GetWindowRect
SetTimer
EndPaint
InvalidateRect
GetWindowTextW
EndDialog
GetSystemMetrics
EnableWindow
SetWindowTextW
MoveWindow
PostMessageW
GetClientRect
CreateWindowExW
SendMessageW
MessageBoxW
GetDlgItem

gdi32

DeleteDC
StretchBlt
SelectObject
GetObjectW
CreateCompatibleDC

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

DragFinish
DragQueryFileW
DragAcceptFiles
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

msvcp120

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
?_Release@_Pad@std@@QAEXXZ
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
??1_Pad@std@@QAE@XZ
??0_Pad@std@@QAE@XZ
_Thrd_detach
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ

msvcr120

fopen
_strdup
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except1
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
realloc
abs
calloc
_isnan
_finite
__CxxFrameHandler3
_CxxThrowException
??0exception@std@@QAE@XZ
strlen
memset
memcpy
memcmp
_vscprintf
_vsnprintf_s
modf
exit
fprintf
__iob_func
free
perror
memchr
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
??_V@YAXPAX@Z
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
swprintf_s
wcsncpy_s
tolower
sprintf_s
__RTDynamicCast
fwrite
fclose
_errno
malloc
mbstowcs_s
?terminate@@YAXXZ
?what@exception@std@@UBEPBDXZ

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cf4aad39c6fdfb1d3c88042b2d7e2b3

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

libcurl

network

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

msvcp120

msvcr120

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 12KB - Virtual size: 12KB