95556430589751d30f848c69669876603cb0f7f09d21e63de3e33b36c663ff5d

Sharing

Copy URL Twitter E-mail

General

Target

95556430589751d30f848c69669876603cb0f7f09d21e63de3e33b36c663ff5d
Size

1.8MB
MD5

ab950dcd17733a6983ab6f1912570044
SHA1

1c554f6daec894e645ba655a62051345e6efc684
SHA256

95556430589751d30f848c69669876603cb0f7f09d21e63de3e33b36c663ff5d
SHA512

8fd5516398c5c9789c43867ae8106fd765c607977b05fb1649fd38ee04241a439bd922634026777e79b654340c107dd947da0b89e5d63caa2735c8c3711de059
SSDEEP

3072:Lar6N6p30ttItiaTPF65H4FRVSFkFTsLgzC9plKYO9IDN:L1g8tZaMl4FRgFklsLCC9TKYO9ID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95556430589751d30f848c69669876603cb0f7f09d21e63de3e33b36c663ff5d

Files

95556430589751d30f848c69669876603cb0f7f09d21e63de3e33b36c663ff5d
.exe windows:5 windows x64 arch:x64

5f1f37f96b6566a3ff1118f490bcf4c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc100u

ord1974
ord1958
ord3942
ord5894
ord11523
ord10891
ord10922
ord9189
ord7094
ord10918
ord10910
ord5049
ord3295
ord13189
ord13192
ord13190
ord13193
ord13188
ord13191
ord6898
ord11150
ord12889
ord10658
ord13782
ord1716
ord6853
ord11542
ord3484
ord3543
ord8221
ord13008
ord6836
ord13002
ord11158
ord11157
ord2117
ord4570
ord13475
ord11463
ord7246
ord7321
ord7568
ord3998
ord3704
ord4623
ord1291
ord776
ord12387
ord9770
ord2343
ord8512
ord5584
ord11362
ord1458
ord5560
ord5899
ord10892
ord2355
ord12255
ord5340
ord6610
ord12834
ord12840
ord405
ord5603
ord4702
ord4703
ord11384
ord837
ord10703
ord910
ord344
ord1868
ord6895
ord1270
ord878
ord6609
ord9138
ord11480
ord12842
ord12836
ord11517
ord7222
ord10845
ord8084
ord13794
ord8290
ord12581
ord6451
ord3277
ord369
ord6085
ord2076
ord5790
ord4200
ord12677
ord7663
ord4507
ord11618
ord1996
ord265
ord2788
ord2527
ord1274
ord885
ord3290
ord11363
ord3997
ord1248
ord857
ord1457
ord1418
ord7609
ord11828
ord285
ord5052
ord2541
ord4356
ord11175
ord280
ord1288
ord2023
ord7315
ord1290
ord286
ord1276
ord3292
ord2533
ord266
ord10805
ord7870
ord9747
ord10101
ord9216
ord3486
ord2885
ord2884
ord2663
ord5338
ord12251
ord2794
ord2791
ord7088
ord2354
ord13766
ord13768
ord13767
ord13765
ord13769
ord13752
ord13680
ord13681
ord7968
ord10763
ord3282
ord10626
ord13001
ord7803
ord10846
ord5998
ord9734
ord8063
ord2760
ord12359
ord10928
ord10926
ord1479
ord1486
ord1492
ord1490
ord1497
ord4228
ord4265
ord4236
ord4248
ord4244
ord4240
ord4270
ord4261
ord4232
ord4274
ord4253
ord4219
ord4223
ord4256
ord3857
ord13687
ord3850
ord2577
ord13003
ord6837
ord13009
ord5910
ord10414
ord12208
ord5064
ord2286
ord10798
ord3362
ord2859
ord2858
ord2759
ord10841
ord4935
ord9024
ord8038
ord6453
ord928
ord5562
ord5616
ord3320
ord296
ord890
ord4131
ord1953
ord1428
ord926
ord373
ord4473
ord4737
ord4907
ord8174
ord4715
ord4910
ord4476
ord4612
ord4457
ord6669
ord6670
ord6660
ord4610
ord7096
ord9019
ord8037
ord4199
ord2050
ord1910
ord923
ord362
ord7627
ord1900
ord1877
ord1190
ord1278

msvcr100

_configthreadlocale
__setusermatherr
_cexit
_exit
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_XcptFilter
__C_specific_handler
__wgetmainargs
_amsg_exit
sprintf_s
swprintf_s
_initterm_e
_vsnwprintf
memcpy_s
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
_wtoi
_initterm
_wcmdln
exit
memset
malloc
__CxxFrameHandler3
_CxxThrowException
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
__FrameUnwindFilter
_wtoi64
free
wcstod
wcstol

kernel32

lstrlenW
LocalAlloc
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
Sleep
GetPrivateProfileIntW
GetModuleFileNameW
GetStartupInfoW
LocalFree
FormatMessageW
CreateDirectoryW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
GetCommandLineW
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
GetTickCount
GetCurrentProcessId
WritePrivateProfileStringW
GetSystemTimeAsFileTime
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter

user32

AppendMenuW
UpdateWindow
IsIconic
GetSystemMetrics
CharLowerBuffW
KillTimer
GetClientRect
SetTimer
CloseWindow
SetPropW
SetParent
GetWindowRect
LoadCursorW
SetRectEmpty
EnableWindow
SendMessageW
SetForegroundWindow
RegisterWindowMessageW
LoadIconW
DrawIcon
CopyRect
GetSystemMenu

advapi32

RegOpenKeyW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathIsRootW
PathFileExistsW

atl100

ord61
ord20
ord23
ord64

ole32

CoRevokeClassObject
CoCreateInstance
CoInitialize
CoUninitialize
OleRun

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysAllocString
VarDateFromStr
VariantInit
VariantClear

msvcp100

?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Decref@facet@locale@std@@QEAAPEAV123@XZ
?_Lockit_ctor@_Lockit@std@@SAXH@Z

mscoree

_CorExeMain

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CAXA_Sha
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f1f37f96b6566a3ff1118f490bcf4c7

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

kernel32

user32

advapi32

shell32

comctl32

shlwapi

atl100

ole32

oleaut32

msvcp100

mscoree

Sections

.text Size: 55KB - Virtual size: 55KB

.nep Size: 512B - Virtual size: 240B

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 3KB - Virtual size: 56KB

.pdata Size: 3KB - Virtual size: 2KB

CAXA_Sha Size: 512B - Virtual size: 32B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 55KB - Virtual size: 55KB

.nep
Size: 512B - Virtual size: 240B

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 3KB - Virtual size: 56KB

.pdata
Size: 3KB - Virtual size: 2KB

CAXA_Sha
Size: 512B - Virtual size: 32B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 6KB - Virtual size: 6KB