f74440af[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f74440af.exe
Size

116KB
MD5

f31c2f7530ca8417e023cd63275fc471
SHA1

fc93c75f476e09c23bf8d2d784786e1d3378ff3b
SHA256

f74440af1892f606cf6451e65198161aad3860682c89493212d4bccdc8c79526
SHA512

769ff5d8a755df29cc35b80866a54bc51eaaf825b25e5574feeed1eafa282facb313c75e8662a7e408c8fa85c246904e6b8745205771cdc060cfc089f4850a61
SSDEEP

1536:C9f6Z8WQMVCLpcyHruGZdpgW/auSzeA8bE5+i42V9wf9S:TagVCLWGZdpT/auCeBbErzQ9S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f74440af.exe

Files

f74440af.exe
.exe windows:6 windows x86 arch:x86

d13216b4e27fc5fabb4fd80ac2c34288

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140u

ord11717
ord1770
ord1722
ord13144
ord12142
ord3117
ord9036
ord9151
ord9099
ord4599
ord9062
ord8631
ord2383
ord2404
ord9751
ord8999
ord11714
ord12949
ord12829
ord3003
ord6973
ord8207
ord8230
ord13208
ord5023
ord13888
ord11990
ord3388
ord3425
ord14025
ord5271
ord8464
ord2246
ord4988
ord4927
ord4912
ord4974
ord5019
ord4942
ord4997
ord5013
ord4954
ord4960
ord4966
ord4948
ord5003
ord4936
ord1777
ord1756
ord1744
ord14588
ord10144
ord10147
ord10151
ord7653
ord996
ord1473
ord13248
ord2322
ord4590
ord462
ord1111
ord6489
ord1113
ord7495
ord1915
ord6861
ord10250
ord5763
ord12928
ord12219
ord12251
ord10433
ord8217
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord12865
ord8386
ord8470
ord8461
ord13007
ord11893
ord14216
ord8974
ord9208
ord8479
ord14308
ord12583
ord6533
ord9210
ord9235
ord12173
ord2760
ord13752
ord6218
ord3164
ord3403
ord3404
ord10472
ord11396
ord11015
ord9040
ord12131
ord2409
ord3305
ord3302
ord8210
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord8965
ord6978
ord11002
ord3266
ord13878
ord12262
ord12258
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord4092
ord5790
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord6566
ord3882
ord296
ord1045
ord4815
ord2304
ord644
ord13614
ord2178
ord7296
ord1511
ord4491
ord2801
ord8324
ord9574
ord12143
ord8616
ord1320
ord782
ord4886
ord1513

kernel32

GetCurrentProcess
GetModuleFileNameA
InitializeCriticalSectionEx
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
OutputDebugStringW
LocalFree
GetLastError
LoadLibraryW
GetProcAddress
GetSystemInfo
GetStartupInfoW
LoadLibraryA
DeleteCriticalSection

user32

EnableWindow
IsChild
GetFocus

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?good@ios_base@std@@QBE_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

vcruntime140

memset
__current_exception
__current_exception_context
_except_handler4_common
memmove
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
_cexit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
terminate
_invalid_parameter_noinfo_noreturn
_controlfp_s
_c_exit

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d13216b4e27fc5fabb4fd80ac2c34288

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

msvcp140

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 3KB - Virtual size: 2KB