5208ae2a40d7c99951bd0476981a26dc

Sharing

Copy URL Twitter E-mail

General

Target

5208ae2a40d7c99951bd0476981a26dc
Size

826KB
MD5

5208ae2a40d7c99951bd0476981a26dc
SHA1

8f6cc919f2ad9e498efcaeffcad546d913adeb26
SHA256

e51e0bdffcadc3ba73ff49a9ee6e031e52704ac949e32f8d3cf8b067cadf8917
SHA512

525b5e492b31f2761e14d0f499847755a9d247ecc930ac84c53ecb7a344260f2b7c8266459939575f3bbb40466548e5d367a094f46ce028f6168b30c848804ca
SSDEEP

12288:Y9UfRY232+YCayNBwdBLIvH/kY743fOuebpI5T36YRMI9uswsatfVq35eJM7:LpVNKdyvP4vO5yZ3FQswt5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5208ae2a40d7c99951bd0476981a26dc

Files

5208ae2a40d7c99951bd0476981a26dc
.exe windows:5 windows x86 arch:x86

16183c7629ee64a35925af6baf8e8264

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

?fLockcInit@ios@@0HA
??1filebuf@@UAE@XZ
?clear@ios@@QAEXH@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
??5istream@@QAEAAV0@AAH@Z
?unbuffered@streambuf@@IBEHXZ
??0ofstream@@QAE@ABV0@@Z
??_7strstream@@6B@
?put@ostream@@QAEAAV1@D@Z
??_Eostream_withassign@@UAEPAXI@Z
??1stdiobuf@@UAE@XZ
?cin@@3Vistream_withassign@@A
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?eof@ios@@QBEHXZ
??6ostream@@QAEAAV0@H@Z
??0filebuf@@QAE@XZ
?pptr@streambuf@@IBEPADXZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?str@strstream@@QAEPADXZ
??_Gfstream@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_Dostrstream@@QAEXXZ
??_Dstrstream@@QAEXXZ
??_Eiostream@@UAEPAXI@Z
?putback@istream@@QAEAAV1@D@Z

glu32

gluErrorString
gluTessProperty
gluTessNormal
gluBeginPolygon
gluNewNurbsRenderer
gluQuadricNormals
gluPerspective
gluQuadricDrawStyle
gluNurbsCurve
gluQuadricCallback
gluGetNurbsProperty
gluProject
gluUnProject
gluNewQuadric
gluErrorUnicodeStringEXT
gluPickMatrix
gluEndPolygon
gluLoadSamplingMatrices
gluEndSurface
gluEndTrim
gluOrtho2D
gluSphere
gluScaleImage
gluDeleteQuadric
gluDeleteNurbsRenderer
gluNurbsProperty
gluTessEndContour
gluBeginSurface
gluNewTess
gluLookAt

msvcrt40

??0exception@@QAE@ABV0@@Z
_strlwr
memset
_mbsnbset
??4istream@@IAEAAV0@ABV0@@Z
__p__amblksiz
??_Eios@@UAEPAXI@Z
__iscsym
?sputc@streambuf@@QAEHH@Z
_CIsin
?pcount@ostrstream@@QBEHXZ
_expand
??7ios@@QBEHXZ
?setf@ios@@QAEJJJ@Z
toupper
??_Estrstreambuf@@UAEPAXI@Z
iswupper
getwchar
??1exception@@UAE@XZ
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
pow
strlen
?x_maxbit@ios@@0JA
??_7strstream@@6B@
vfprintf
?in_avail@streambuf@@QBEHXZ
_wtol
??_7logic_error@@6B@
??_Dfstream@@QAEXXZ
_wfreopen
??5istream@@QAEAAV0@AAG@Z
wprintf
__argv
_spawnl
fscanf
??0ifstream@@QAE@ABV0@@Z

kernel32

SwitchToThread
OpenMutexA
SetSystemPowerState
GetSystemTimeAsFileTime
EnumResourceNamesA
RemoveVectoredExceptionHandler
GetSystemDirectoryW
HeapDestroy
GetModuleHandleExA
GetConsoleAliasA
GetLongPathNameA
GetProcessShutdownParameters
UTUnRegister
Module32FirstW
CompareFileTime
InterlockedPushEntrySList
IsBadStringPtrW
Heap32First
PrivCopyFileExW
LoadLibraryA
WriteProfileStringA
GetTempPathW
VirtualQuery
SetThreadAffinityMask
GetDriveTypeA
LoadResource
DeviceIoControl
VirtualAlloc
GetCurrentProcessId
FlushConsoleInputBuffer
SetProcessWorkingSetSize
DelayLoadFailureHook
LeaveCriticalSection
RegisterWowBaseHandlers
MulDiv

oleaut32

VarBstrFromR8
VarBstrFromUI4
VarCyNeg
VarBstrFromR4
OleSavePictureFile
VarUI8FromDate
VarI4FromBool
VarUI2FromI1
VarI8FromR8
VarUI1FromUI4
VarCyFix
VarUI8FromStr
VarI2FromUI2
VarDecFromUI2
LoadTypeLib
VarI1FromI4
SafeArrayGetUBound
VarUI4FromR4
LHashValOfNameSysA
VarBoolFromI4
VarDecCmp
OleIconToCursor
VarUI2FromI8
SysStringByteLen
VarBstrFromDate
VarBoolFromI2
VarBstrFromI2
OleTranslateColor
VarDateFromUdateEx
VarUI1FromI4
SafeArrayGetLBound
VarNumFromParseNum
VarR4FromUI1
VarDecFromUI8
SafeArrayRedim

rpcns4

RpcNsGroupMbrInqNextW
RpcNsEntryObjectInqBeginW
RpcNsGroupMbrAddA
RpcNsMgmtInqExpAge
RpcNsBindingSelect
I_RpcNsSendReceive
RpcNsBindingLookupDone
RpcNsProfileEltInqBeginA
I_RpcNsGetBuffer
RpcNsMgmtEntryInqIfIdsW
RpcNsEntryExpandNameA
I_RpcNsRaiseException
RpcNsBindingLookupBeginW
RpcNsBindingExportA
RpcNsGroupMbrRemoveW
RpcNsProfileEltRemoveA
RpcNsBindingExportW
RpcNsBindingImportDone
RpcNsMgmtEntryDeleteW
RpcNsGroupMbrInqBeginA
RpcNsBindingUnexportA
RpcNsBindingImportBeginW
RpcNsEntryObjectInqNext
RpcIfIdVectorFree
RpcNsGroupMbrAddW
RpcNsProfileDeleteA
RpcNsProfileEltInqNextA
RpcNsEntryObjectInqDone
RpcNsBindingUnexportW
RpcNsBindingUnexportPnPA
RpcNsGroupMbrRemoveA
I_RpcReBindBuffer
RpcNsMgmtEntryInqIfIdsA
RpcNsProfileEltInqNextW
RpcNsGroupMbrInqDone

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 620KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16183c7629ee64a35925af6baf8e8264

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

glu32

msvcrt40

kernel32

oleaut32

rpcns4

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 620KB - Virtual size: 1.9MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 348B

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 620KB - Virtual size: 1.9MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 348B