be6f4ac54e27f3fcf9d567bcf834e0be26226d0c0aea74a5c9cd7cc01cda7a8a

Resubmissions

26/01/2024, 17:57

240126-wjl64acgdk 3

26/01/2024, 17:14

240126-vsctcaadh2 3

26/01/2024, 17:12

240126-vq5fksade7 3

Sharing

Copy URL Twitter E-mail

General

Target

be6f4ac54e27f3fcf9d567bcf834e0be26226d0c0aea74a5c9cd7cc01cda7a8a
Size

72KB
MD5

08601b85258a1e902fc3f7f2ca69b97c
SHA1

0be5fc4b0b23a358b0d3bc0a632e23814a343056
SHA256

be6f4ac54e27f3fcf9d567bcf834e0be26226d0c0aea74a5c9cd7cc01cda7a8a
SHA512

d024c92efb4e44f92598bced432f85cb153456c220425d80dd969bf5f80883d919850d65591cecb2435c7fa5476ffc7f535dc0df821e8f4af985903084e0f953
SSDEEP

1536:XX+g3xxCNoAmWC7YWPF0KS4ExC/eufrvU7vZ6AK:Zxka7A3AWufrvU7AA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be6f4ac54e27f3fcf9d567bcf834e0be26226d0c0aea74a5c9cd7cc01cda7a8a

Files

be6f4ac54e27f3fcf9d567bcf834e0be26226d0c0aea74a5c9cd7cc01cda7a8a
.exe windows:4 windows x86 arch:x86

f1304c12133c0e3e047bf963388c15f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
LoadLibraryA
OpenFile
lstrcatA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
InterlockedExchange
CompareStringA
FreeLibrary
GetCommandLineW
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetTempPathA
SetErrorMode
GetLogicalDrives
FindClose
lstrcpyA

user32

GetSystemMetrics
GetDC
ReleaseDC
TranslateMessage
SetParent
ShowWindow
SendMessageA
wsprintfA
GetParent
GetForegroundWindow
SetForegroundWindow
MessageBoxA
PostQuitMessage
GetActiveWindow
SetCursor
LoadCursorA

shlwapi

PathGetArgsW

rctxmlbase

?XMLWrapper_LoadXML@@YAPAU_xmlDoc@@PBG@Z
?XMLWrapper_AddChildNode@@YAPAU_xmlNode@@PAU1@PBG@Z
?XMLWrapper_SetPropValue@@YAHPAU_xmlNode@@PBG1@Z
?XMLWrapper_FreeDocument@@YAXPAU_xmlDoc@@@Z
?XMLWrapper_Save@@YAHPAU_xmlDoc@@PBG@Z
?XMLWrapper_GetRootNode@@YAPAU_xmlNode@@PAU_xmlDoc@@@Z
?XMLWrapper_CreateDocument@@YAPAU_xmlDoc@@XZ
?XMLWrapper_CreateRootNode@@YAPAU_xmlNode@@PAU_xmlDoc@@PBG@Z
??1CRctXMLStringHelper@@UAE@XZ
?GetString@CRctXMLStringHelper@@QAEPBGXZ
??1CRctAutoReleaseXMLChar@@UAE@XZ
??4CRctXMLStringHelper@@QAEABV0@PAE@Z
??BCRctAutoReleaseXMLChar@@QAEPAEXZ
??7CRctAutoReleaseXMLChar@@QAE_NXZ
?XMLWrapper_GetPropValue@@YA?AVCRctAutoReleaseXMLChar@@PAU_xmlNode@@PBG@Z
??_7CRctXMLStringHelper@@6B@
?XMLWrapper_CompareNodeName@@YAHPAU_xmlNode@@PBG@Z

upi6commondll

?CreateFileNameByUser@CPathEx@@SAHPAGPBG11@Z
?CreateFileNameByTime@CPathEx@@SAHPAGPBG1@Z
?IsWindowVersionHigherThan98@@YAHXZ

uezdll

EzDumpBmpFile
EzDumpJpgFile
EzDibConvertToImage
EzSaveFileAsImage
EzDibNew
EzDibConvert4BitToTrueColor
EzDibConvert1BitToTrueColor
EzDibGetType
EzDibConvert8BitToTrueColor
EzDumpTgaFile
EzDumpPcxFile
EzDumpPngFile
EzImageDelete

msvcrt

_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
swscanf
wcsstr
_wtoi
__CxxFrameHandler
??2@YAPAXI@Z
wcscpy
wcscmp
wcsncpy
_ftol
sprintf
free
_itow
wcslen
swprintf
wcscat
iswalpha
iswdigit
_wsplitpath
memset
_waccess
wcschr
wcsncmp
_stricmp

gdi32

GetDeviceCaps

advapi32

RegCloseKey

winmm

waveOutGetNumDevs

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

magpcmac

MagPathFileExists
MagEnterCriticalSection
MagDeleteCriticalSection
MagInitCriticalSection
MagLeaveCriticalSection

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f1304c12133c0e3e047bf963388c15f2

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

rctxmlbase

upi6commondll

uezdll

msvcrt

gdi32

advapi32

winmm

msvcp60

magpcmac

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 7KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 7KB