635138e3c7fca4427a32789a59c6e1d8

Sharing

Copy URL Twitter E-mail

General

Target

635138e3c7fca4427a32789a59c6e1d8
Size

177KB
MD5

635138e3c7fca4427a32789a59c6e1d8
SHA1

024c393149ebdb42b9a3d532d2370db9351f9fe0
SHA256

5a353e5f5d1169b534843be262c4ff430c6ffc7f8d70e947f782201639e9d2e4
SHA512

a04507c56fd2769df4f3502b24f27eeef80f30bbe8d715fc25da0a151b8fbc5713a5cdc9f51e64ee73be4bd4a7eb16584d537c605e5966321a0a32700bede158
SSDEEP

3072:ZYHwlyi0UP+WHOmPKeZO7djuC7hrIcxN/+M2FbX1o42/a3GH5CvZ7r4X:92mPK1jusxN/P4bFD2/a25CvZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
635138e3c7fca4427a32789a59c6e1d8

Files

635138e3c7fca4427a32789a59c6e1d8
.exe windows:4 windows x86 arch:x86

e3b066c063bc5ab63eb1cce6f523d5e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
lstrcmpiW
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetPrivateProfileStringA
GetModuleFileNameA
lstrcpynA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GetTimeFormatA
GlobalAddAtomA
GlobalDeleteAtom
GetVersion
InterlockedIncrement
InterlockedDecrement
CloseHandle
GetModuleHandleA
FreeLibrary
LoadLibraryExA
IsDBCSLeadByte
LoadLibraryA
WaitForSingleObject
GetCommandLineA
CreateMutexA
WinExec
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
lstrlenW
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
lstrlenA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
RaiseException
ReleaseMutex

user32

CharLowerW
CharUpperA
CharUpperW
CharLowerA
UnregisterClassA
GetSubMenu
RegisterWindowMessageA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
DestroyMenu
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
LoadImageA
RegisterClassExA
CallWindowProcA
PostQuitMessage
wsprintfA
GetClassInfoExA
PostMessageA
UnregisterHotKey
RegisterHotKey
EnumChildWindows
GetWindow
SystemParametersInfoA
MapWindowPoints
GetWindowTextLengthA
GetWindowTextA
ScreenToClient
RedrawWindow
SetTimer
SetFocus
KillTimer
LoadMenuA
SetWindowLongA
GetMenuStringA
GetMenuItemCount
LoadStringA
GetSysColor
CreateWindowExA
GetClientRect
MoveWindow
SetForegroundWindow
GetActiveWindow
DialogBoxParamA
CreateDialogParamA
IsWindow
DestroyWindow
LoadCursorA
RegisterClassA
EndDialog
DefWindowProcA
BeginPaint
FillRect
DrawTextA
EndPaint
CharNextA
SetMenuItemInfoA
GetDesktopWindow
GetWindowLongA
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
SetWindowTextA
EnableWindow
ShowWindow
GetDlgItem
GetParent
SendDlgItemMessageA
SendMessageA

gdi32

SetTextColor
SetBkMode
SetBkColor
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps

advapi32

RegQueryInfoKeyA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VarUI4FromStr

msvcp71

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

msvcr71

_stricmp
isdigit
islower
isupper
_except_handler3
free
malloc
_resetstkoflw
_CxxThrowException
_mbsstr
memmove
wcscpy
__CxxFrameHandler
??3@YAXPAX@Z
??_V@YAXPAX@Z
atoi
_itoa
_mbsinc
_mbsnbcat
_mbsnbcpy
_mbslwr
strncat
wcsncat
wcslen
_vsnprintf
_mbsicmp
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
rand
srand
realloc
memset
_callnewh
__dllonexit
_onexit
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_mbsrchr

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3b066c063bc5ab63eb1cce6f523d5e7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp71

msvcr71

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 792B

.yrdata Size: 76KB - Virtual size: 76KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 792B

.yrdata
Size: 76KB - Virtual size: 76KB