7184224475d1ececa974daeb48c2dbc9

Sharing

Copy URL Twitter E-mail

General

Target

7184224475d1ececa974daeb48c2dbc9
Size

871KB
MD5

7184224475d1ececa974daeb48c2dbc9
SHA1

f65a063732f82e81a73311945c38513f9564e283
SHA256

71c87445ffa289ac761b38aeb539e43145d9a7e3767aa490f1238a34a2385c6d
SHA512

3c52b884f61fbfaed06ea81c20e07ab1ba8590404f19a8bd43bf4328930ab5981a47f8d3d48067abd091b5ae3d0a531d7942a1a01e236e2f4c5fe8c92adb6ce2
SSDEEP

24576:r2py8mduT6fXUUiQmiBCZ0a7T7HMNtcDrKKRwA:KpnfTYthR0Z0MssX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7184224475d1ececa974daeb48c2dbc9

Files

7184224475d1ececa974daeb48c2dbc9
.exe windows:5 windows x86 arch:x86

df8f3b7fa28a119776839b7151c1b519

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

ResumeSuspendedDownload
InternetGetPerSiteCookieDecisionA
UpdateUrlCacheContentPath
HttpSendRequestW
InternetOpenW
InternetWriteFile
GopherGetAttributeW
InternetSetStatusCallback
FtpGetFileEx
HttpAddRequestHeadersA
SetUrlCacheGroupAttributeW
InternetQueryOptionA
LoadUrlCacheContent
SetUrlCacheEntryInfoA
InternetErrorDlg
ReadUrlCacheEntryStream
InternetGetConnectedStateExW
InternetSetCookieW
InternetQueryDataAvailable
SetUrlCacheConfigInfoW
FindNextUrlCacheContainerA
FindNextUrlCacheEntryA
FtpCommandA
CreateUrlCacheGroup
InternetConfirmZoneCrossingA
SetUrlCacheEntryGroupA
InternetTimeToSystemTimeA
InternetTimeFromSystemTimeA
InternetWriteFileExW
InternetSecurityProtocolToStringA
GetUrlCacheHeaderData
FtpGetCurrentDirectoryW
GopherCreateLocatorW
InternetGoOnline
GopherFindFirstFileW
IsHostInProxyBypassList
GopherGetLocatorTypeA

winscard

SCardGetProviderIdA
SCardConnectW
SCardGetCardTypeProviderNameW
SCardReleaseContext
SCardIsValidContext
SCardStatusA
SCardListInterfacesA
SCardIntroduceCardTypeW
SCardRemoveReaderFromGroupA
SCardIntroduceCardTypeA
SCardGetStatusChangeA
SCardListCardsW
SCardListReadersW
SCardReleaseStartedEvent
SCardForgetReaderGroupA
SCardSetCardTypeProviderNameW
SCardIntroduceReaderW
SCardCancel
SCardListInterfacesW
SCardForgetCardTypeW
SCardSetAttrib
SCardEstablishContext
SCardListReaderGroupsA
SCardLocateCardsByATRW
SCardLocateCardsA
SCardRemoveReaderFromGroupW
SCardIntroduceReaderGroupA
g_rgSCardT0Pci
SCardStatusW
SCardForgetReaderA
g_rgSCardRawPci
SCardControl
SCardReleaseNewReaderEvent
SCardTransmit
SCardGetProviderIdW
SCardConnectA
SCardForgetReaderGroupW
SCardReleaseAllEvents
SCardGetStatusChangeW
SCardIntroduceReaderA
SCardAddReaderToGroupW
SCardListReaderGroupsW
SCardAddReaderToGroupA

msvcrt40

??_7logic_error@@6B@
__p__wcmdln
fscanf
getchar
atan
fgetws
__iscsym
??_Gistrstream@@UAEPAXI@Z
_mbstrlen
?attach@fstream@@QAEXH@Z
strncmp
_assert
?fill@ios@@QAEDD@Z
iswprint
_mbcjmstojis
?putback@istream@@QAEAAV1@D@Z
fseek
_spawnv
_timezone
strerror
getc
?overflow@filebuf@@UAEHH@Z
??_Eistream_withassign@@UAEPAXI@Z
??1stdiobuf@@UAE@XZ
_beginthreadex
wcsncpy
?osfx@ostream@@QAEXXZ
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
_snprintf
??_Gbad_cast@@UAEPAXI@Z
_clearfp
??_Glogic_error@@UAEPAXI@Z
?terminate@@YAXXZ
??0ostream_withassign@@QAE@ABV0@@Z
__p__timezone
__p__winmajor
??_7istrstream@@6B@
?binary@filebuf@@2HB
??_Gstdiostream@@UAEPAXI@Z
_yn

hid

HidD_GetIndexedString
HidP_SetScaledUsageValue
HidD_SetNumInputBuffers
HidP_InitializeReportForID
HidP_SetData
HidD_FreePreparsedData
HidP_GetData
HidD_GetPhysicalDescriptor
HidD_GetHidGuid
HidP_GetCaps
HidP_GetUsagesEx
HidP_TranslateUsagesToI8042ScanCodes
HidP_GetButtonCaps
HidP_GetSpecificValueCaps
HidP_MaxUsageListLength
HidP_GetUsages
HidP_UnsetUsages
HidP_SetUsages
HidD_GetNumInputBuffers
HidP_MaxDataListLength
HidD_GetManufacturerString
HidD_GetAttributes
HidP_GetLinkCollectionNodes
HidP_GetValueCaps
HidP_UsageListDifference
HidP_SetUsageValueArray
HidD_GetPreparsedData
HidD_SetFeature
HidD_SetConfiguration
HidD_FlushQueue
HidD_SetOutputReport
HidD_GetConfiguration
HidP_GetUsageValue
HidD_GetFeature

kernel32

GetEnvironmentVariableW
GetSystemPowerStatus
BackupWrite
GetVolumePathNameA
SetFileAttributesA
SleepEx
LoadLibraryA
GetCurrentProcessId
CreateProcessInternalW
GetConsoleKeyboardLayoutNameA
ReadDirectoryChangesW
ExpandEnvironmentStringsA
Process32FirstW
Heap32First
GetSystemWow64DirectoryA
SetConsoleNlsMode
PostQueuedCompletionStatus
FindActCtxSectionGuid
SetConsoleTextAttribute
GetProcessAffinityMask
SetCommState
CreateEventA
GetTickCount
VirtualAlloc
AddRefActCtx
LocalLock
IsValidLanguageGroup
GetConsoleScreenBufferInfo
GetModuleHandleA
GetProcessId
IsProcessorFeaturePresent
GetBinaryType
SetFileShortNameW
SetConsoleNumberOfCommandsA
RegisterWaitForSingleObjectEx
GetSystemDefaultLCID
GetPriorityClass

mapi32

FBinFromHex@8
HrDecomposeEID@28
cmc_list
MAPIDeinitIdle@0
MAPILogoff
CloseIMsgSession@4
ScCountProps@12
MNLS_MultiByteToWideChar@24
HrComposeEID@28
FBadColumnSet@4
FEqualNames@8
SzFindSz@8
MAPIDeleteMail
cmc_free
cmc_logoff
BMAPIGetAddress
ScCopyProps@16
MAPIReadMail
FBadRglpszA@8
ScCreateConversationIndex@16
HrValidateParameters@8
HrValidateIPMSubtree@20
MAPIAllocateMore
SzFindLastCh@8
OpenStreamOnFile
__CPPValidateParameters@8
HrSzFromEntryID@12
OpenTnefStream@28
FixMAPI@0
HrDispatchNotifications@4
MNLS_lstrcmpW@8
FtgRegisterIdleRoutine@20
MNLS_CompareStringW@24
UlRelease@4
CbOfEncoded@4
SwapPlong@8
FPropCompareProp@12

Sections

.text
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 306KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df8f3b7fa28a119776839b7151c1b519

Headers

DLL Characteristics

File Characteristics

Imports

wininet

winscard

msvcrt40

hid

kernel32

mapi32

Sections

.text Size: 555KB - Virtual size: 555KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 306KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 555KB - Virtual size: 555KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 306KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B