5b4df0bcfbd16d935eeb0a505ac64294

Sharing

Copy URL Twitter E-mail

General

Target

5b4df0bcfbd16d935eeb0a505ac64294
Size

944KB
MD5

5b4df0bcfbd16d935eeb0a505ac64294
SHA1

776c2ee2804c4c31cb016cf7eac2cc6c3e5022b8
SHA256

2fd86b72b325b7518191d091b984b4817ed62363bfd816052bb7e29a0078125d
SHA512

6100fb8346e641fbeee98efdaaa452db55d36153eddc5c6c9ae567a9e543ebb9b640d2e21196ff7067fce169ec8c9820f93f0dee4e9cdb3f1df18be9fce77afd
SSDEEP

24576:Gz+ubONXGlQYSP564WbcGVibP/oTCP6LH2hIv9HSojC:GyubO5GlMx64McGViboTN2e1L+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b4df0bcfbd16d935eeb0a505ac64294

Files

5b4df0bcfbd16d935eeb0a505ac64294
.exe windows:4 windows x86 arch:x86

8246b680c34a53b5be61a0aea4eb363b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord3204
ord3161
ord1063
ord1279
ord5637
ord2902
ord2367
ord1903
ord2246
ord1913
ord2615
ord5009
ord5012
ord4309
ord4135
ord2939
ord4904
ord943
ord5356
ord2992
ord2425
ord2424
ord4019
ord1557
ord3945
ord5148
ord5205
ord2173
ord1306
ord4277
ord4265
ord784
ord297
ord5165
ord2164
ord1489
ord6118
ord299
ord2933
ord1191
ord1187
ord1551
ord1670
ord1671
ord2020
ord4580
ord4890
ord4735
ord4212
ord5182
ord3830
ord5975
ord1395
ord6090
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord1280
ord1934
ord3210
ord3287
ord1091
ord1084
ord5641
ord3997
ord911
ord907
ord1482
ord2263
ord347
ord602
ord1728
ord783
ord5731
ord304
ord5529
ord4109
ord781
ord578
ord310
ord2322
ord876
ord1161
ord5214
ord1402
ord5915
ord762
ord764
ord605
ord354
ord3182
ord4262
ord4486
ord2862
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord3544
ord4630
ord6269
ord332
ord5745
ord5962
ord3696
ord4962
ord3500
ord336
ord595
ord3432
ord3637
ord2285
ord3872
ord1962
ord5161
ord5202
ord5145
ord1352
ord2077
ord2081
ord1912
ord3987
ord5355
ord3929
ord4196
ord6014
ord2090
ord3180
ord5719
ord5921
ord5401
ord5414
ord5588
ord5523
ord5647
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5727
ord6037
ord6057
ord4161
ord6054
ord5608
ord6060
ord5611
ord642
ord3214
ord4236
ord1558
ord1637
ord3879
ord1283
ord1955
ord3244
ord2094
ord4100
ord3795
ord3489
ord2370
ord2958
ord2092
ord3875
ord5866
ord2794
ord2271
ord2866
ord1930
ord573
ord658
ord761
ord3230
ord3651
ord4640
ord4638
ord4876
ord4664
ord2531
ord2657
ord3378
ord2719
ord2248
ord1162
ord6142
ord6146
ord4397
ord6279
ord1736
ord552
ord740
ord3316
ord4281
ord4721
ord1590
ord1744
ord4606
ord1734
ord1946
ord6104
ord6102
ord1936
ord1921
ord2429
ord5704
ord1367
ord947
ord2017
ord2052
ord2053
ord3797
ord2832
ord2797
ord2076
ord6010
ord6108
ord6110
ord3674
ord1159
ord1181
ord1211
ord865
ord785
ord5563
ord1917
ord5430
ord5437
ord3022
ord1003
ord531
ord723
ord6174
ord6180
ord4108
ord5710
ord4394
ord3195
ord620
ord1554
ord3454
ord2585
ord3441
ord2371
ord1729
ord4116
ord6144
ord3499
ord266
ord265
ord314
ord3255
ord2346
ord1580
ord5331
ord6297
ord5320
ord6286
ord3684
ord3596
ord760
ord572
ord4127
ord1716
ord709
ord4761
ord1929
ord2234
ord5613
ord501
ord1486
ord5445
ord2274
ord4066
ord4081
ord5469
ord3761
ord5833
ord6067
ord3934
ord4353
ord1185
ord4125
ord2372
ord4132
ord2008
ord1302
ord4131
ord4674
ord4961
ord4507
ord4946
ord4649
ord4964
ord5053
ord4805
ord4364
ord4710
ord4796
ord4963
ord4377
ord4376
ord4287
ord4794
ord4948
ord4200
ord4516
ord4480
ord4970
ord4846
ord4501
ord4368
ord4439
ord5049
ord4559
ord4920
ord4519
ord4914
ord3740
ord4444
ord4443
ord4790
ord4204
ord4781
ord4389
ord4980
ord4171
ord4178
ord4587
ord4776
ord4386
ord4401
ord4399
ord4381
ord4384
ord4379
ord4863
ord4860
ord3974
ord5914
ord1619
ord5206
ord3344
ord1360
ord5166
ord1562
ord2717
ord4273
ord2803
ord908
ord2451
ord4298
ord4673
ord2441
ord4752
ord6065
ord3401
ord4935
ord2419
ord2420
ord2418
ord2417
ord3488
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord657
ord5403
ord2468
ord1192
ord1160
ord3406
ord589
ord5642
ord330
ord3163
ord2368
ord2991
ord3229
ord3891
ord2527
ord3648
ord3466
ord663
ord635
ord426
ord395
ord4299
ord2475
ord3076
ord5766
ord869
ord4342
ord4320
ord4675
ord4927
ord4908
ord4115
ord4952
ord5977
ord4250
ord1641
ord1571
ord4238
ord416
ord651
ord1564
ord5873
ord2882
ord2264
ord6168
ord3143
ord758
ord567
ord4971
ord4529
ord1230
ord2421
ord3952
ord2936
ord4095
ord2233
ord6017
ord5634
ord410
ord648
ord3477
ord3650
ord3164
ord2086
ord4001
ord4123
ord3302
ord5640
ord1968
ord587
ord4232
ord1545
ord3423
ord3171
ord6120
ord1425
ord6223
ord4888
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722

msvcr71

_CxxThrowException
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
strtoul
atol
_mbsstr
_mbschr
_mbsnbicmp
_ismbcspace
fopen
fread
fwrite
ftell
fseek
fclose
sscanf
atoi
_mbsicmp
wcslen
strcpy
memcmp
strcat
strrchr
memmove
_vsnprintf
localtime
_tzset
_mbsnbcpy
labs
strchr
strcmp
_strupr
_strnicmp
_setmbcp
_ismbcdigit
_ismbcalnum
abs
toupper
_controlfp
_c_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
_onexit
__dllonexit
free
malloc
wcscpy
_except_handler3
_resetstkoflw
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_exit
sqrt
time
srand
rand
strlen
sprintf
__CxxFrameHandler
memcpy
memset

kernel32

LocalAlloc
FindResourceA
LoadResource
SizeofResource
LockResource
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
OutputDebugStringA
CreateMutexA
OpenFileMappingW
OpenEventW
ReleaseMutex
OpenFileMappingA
OpenProcess
MapViewOfFile
UnmapViewOfFile
ResumeThread
CreateEventA
CreateThread
WaitForSingleObject
GetPrivateProfileIntA
SetEvent
WaitForMultipleObjects
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileA
FindNextFileA
CreateFileA
GetFileSize
CloseHandle
ReadFile
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetLastError
lstrlenA
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetVersion
GetCurrentProcessId
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameA
GetCurrentThread
HeapAlloc
GetProcessHeap
HeapFree
MulDiv
VirtualQuery
InterlockedCompareExchange
VirtualProtect
FlushInstructionCache
GetCurrentProcess
SetThreadContext
GetThreadContext
SuspendThread
VirtualAlloc
SetLastError

user32

MonitorFromWindow
GetMonitorInfoA
EnumChildWindows
GetPropA
RemovePropA
GetClassNameA
SetPropA
EqualRect
IsWindowVisible
PostMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
GetFocus
SetRectEmpty
GetClassInfoA
GetMessagePos
MoveWindow
GetDlgItem
WindowFromDC
FrameRect
RegisterWindowMessageA
OffsetRect
IsIconic
SetCapture
SendMessageA
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
GetSystemMetrics
GetAsyncKeyState
KillTimer
SetTimer
InvalidateRect
ReleaseDC
GetWindowDC
GetDC
GetClientRect
GetWindowRect
LoadBitmapA
InflateRect
GetForegroundWindow
GetWindowThreadProcessId
FlashWindowEx
IsWindow
SetRect
GetPropW
FillRect
LoadCursorA
EnableWindow
UpdateWindow
DefWindowProcA
AdjustWindowRectEx
GetParent
GetSysColor
MessageBoxA
IsWindowEnabled
GetWindow
DialogBoxIndirectParamW
CopyRect
DrawTextW
SystemParametersInfoW
MessageBeep
LoadIconW
GetDialogBaseUnits
GetWindowContextHelpId
SendMessageW
EndDialog
SetWindowTextA
GetWindowTextA
SetFocus
RemoveMenu
GetSystemMenu
SetWindowContextHelpId
SendDlgItemMessageW
SetPropW
PtInRect
DrawTextA
SetWindowLongW
GetWindowLongW
GetNextDlgGroupItem
SetWindowRgn
GetWindowRgn
GetWindowLongA
SystemParametersInfoA
DrawIconEx
SetWindowPos
GetMenu
LoadImageA
IsRectEmpty
IsZoomed
EndDeferWindowPos
BeginDeferWindowPos
SetCursor
ClientToScreen
RedrawWindow
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
CreatePopupMenu
AppendMenuA
EnableMenuItem
TabbedTextOutA
DrawTextExA
GrayStringA
DestroyIcon
DrawIcon
InsertMenuItemA
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
SetWindowLongA
GetSysColorBrush
DrawEdge
CallWindowProcA
DrawFrameControl
MapWindowPoints

gdi32

CreateCompatibleBitmap
CreateFontA
CreateFontIndirectW
GetTextExtentPoint32A
ExtCreateRegion
CreateFontIndirectA
GetDeviceCaps
CreateBitmap
DeleteDC
StretchBlt
CombineRgn
CreateDIBSection
BitBlt
GetObjectA
Rectangle
SelectObject
CreateCompatibleDC
CreatePen
SetDIBits
CreateSolidBrush
DeleteObject
GetMapMode
CreateRoundRectRgn
CreateRectRgn
SelectClipRgn
PtInRegion
CreateEllipticRgnIndirect
OffsetRgn
CreateRectRgnIndirect
ExtTextOutA
ExcludeClipRect
PtVisible
RectVisible
TextOutA
Escape
GetTextMetricsA
SetBoundsRect
SetBkColor
SetTextColor
UnrealizeObject
PatBlt
SetBrushOrgEx
CreatePatternBrush
IntersectClipRect
PlayEnhMetaFile
SetWindowOrgEx
GetStockObject
SetDIBitsToDevice

msimg32

TransparentBlt
AlphaBlend

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

msvcp71

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

winmm

PlaySoundA
mmioAdvance
mmioSetInfo
mmioSeek
mmioCreateChunk
mmioGetInfo
mmioDescend
mmioRead
mmioAscend
mmioOpenA
mmioClose
mmioWrite

ws2_32

shutdown
getsockopt
closesocket
ioctlsocket
WSAStartup
WSAGetLastError
inet_addr
socket
connect
send
recv
WSASetLastError
__WSAFDIsSet
select

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

comctl32

ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathFileExistsA

ole32

CoInitialize
CreateStreamOnHGlobal

gdiplus

GdipDisposeImage
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImageWidth
GdipCloneImage
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageI
GdipDrawImageRect
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateHICONFromBitmap
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight

dsound

ord11

Sections

.text
Size: 528KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8246b680c34a53b5be61a0aea4eb363b

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

oleaut32

msvcp71

winmm

ws2_32

advapi32

comctl32

shlwapi

ole32

gdiplus

dsound

Sections

.text Size: 528KB - Virtual size: 524KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 12KB - Virtual size: 148KB

.rsrc Size: 316KB - Virtual size: 313KB

.text
Size: 528KB - Virtual size: 524KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 12KB - Virtual size: 148KB

.rsrc
Size: 316KB - Virtual size: 313KB