7afa32b27dbab88ac5b25bd768c77745

Sharing

Copy URL Twitter E-mail

General

Target

7afa32b27dbab88ac5b25bd768c77745
Size

342KB
MD5

7afa32b27dbab88ac5b25bd768c77745
SHA1

bff54946ef5f36ea3976673311a1ca701ccda3fc
SHA256

e5bdde48b5d9f81419916b60467844bad4f021da237eb81e0987f5a073621399
SHA512

ccaa7481f83828492ae8a74ab7159ac539409fb7eda60aafed0ad3efad081fbf8741146ef9a30409f81b3dcaf6d3ead70b6bb662fb8c661d1ebe10597736a5e4
SSDEEP

6144:v/CMfG/KdutusOxxOkM9QDZVZsnpxSPZqUdVhyPi7KG0pzYuhGJ1D0Zy4USkXrN/:bfAKdutHAxOyZVZsniPZqUfh7KbYugD/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7afa32b27dbab88ac5b25bd768c77745

Files

7afa32b27dbab88ac5b25bd768c77745
.exe windows:5 windows x86 arch:x86

2da41fdb8cbc05d45291c902fb5fe7ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

??4bad_cast@@QAEAAV0@ABV0@@Z
_CIcos
_wfindnext
__unDName
_spawnl
?close@ofstream@@QAEXXZ
_wpopen
??0iostream@@QAE@PAVstreambuf@@@Z
__CxxLongjmpUnwind
_wstat
_putch
_fstat
atexit
_strerror
??_7iostream@@6B@
?eatwhite@istream@@QAEXXZ
__p__dstbias
_mbsbtype
_safe_fprem
_wstati64
??6ostream@@QAEAAV0@PBD@Z
_endthread
??0bad_typeid@@QAE@ABV0@@Z
cos
_ismbcupper
??4stdiostream@@QAEAAV0@AAV0@@Z
_inpd
_fcloseall
_mbsnbicoll
??_Gfstream@@UAEPAXI@Z
?name@type_info@@QBEPBDXZ
_wexecvpe
?attach@ifstream@@QAEXH@Z
??_Ebad_typeid@@UAEPAXI@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
_HUGE
??_7strstream@@6B@
memcpy
towlower
??1bad_cast@@UAE@XZ
strtok
_ismbcl0

msls31

LsdnDistribute
LsFinishCurrentSubline
LsQueryFLineEmpty
LsdnFinishDelete
LsdnQueryPenNode
LsDisplaySubline
LssbGetDupSubline
LsCreateSubline
LsSqueezeSubline
LsdnModifyParaEnding
LsGetSpecialEffectsSubline
LsGetHihLsimethods
LsEnumSubline
LsExpandSubline
LsDestroySubline
LsSetBreaking
LsFindNextBreakSubline
LssbGetNumberDnodesInSubline
LsdnResolvePrevTab
LsLwMultDivR
LsdnSubmitSublines
LsSetModWidthPairs
LsdnFinishByPen
LsQueryTextCellDetails
LsdnFinishByOneChar
LsCompressSubline
LsModifyLineHeight
LssbFDoneDisplay
LsPointUV2FromPointUV1
LsdnFinishBySubline

kernel32

IsBadStringPtrA
SetConsoleCtrlHandler
lstrlenA
GetConsoleCP
TlsAlloc
GetLastError
LoadLibraryA
GetNumberFormatA
CreateMemoryResourceNotification
VirtualAlloc
ConvertFiberToThread
GetVolumePathNameW
lstrcatW
GetProcessTimes
IsBadHugeReadPtr
GlobalUnWire
GetConsoleKeyboardLayoutNameW
GetNumaNodeProcessorMask
SetErrorMode
HeapCreate
RemoveLocalAlternateComputerNameA
DeleteAtom
GlobalMemoryStatus
RegisterConsoleIME
ExitThread
RegisterWaitForInputIdle
OutputDebugStringA
GetEnvironmentVariableA
SetCommState
ReadFileScatter
InitializeCriticalSection
TermsrvAppInstallMode
CancelWaitableTimer
GetExpandedNameW
SetEvent
GetModuleHandleA

shlwapi

SHCreateShellPalette
StrIsIntlEqualA
DllGetVersion
wnsprintfA
PathIsLFNFileSpecA
SHRegGetPathW
UrlCreateFromPathW
PathMatchSpecA
UrlCanonicalizeA
PathGetCharTypeA
PathIsUNCServerW
PathSearchAndQualifyA
SHRegOpenUSKeyA
PathCanonicalizeA
StrChrIW
SHRegDeleteEmptyUSKeyW
PathCreateFromUrlA
UrlHashA
PathIsRelativeW
SHAutoComplete
PathIsSameRootW

user32

SetWindowWord
GetSubMenu
DdeCmpStringHandles
IsCharLowerW
DeregisterShellHookWindow
EnumWindowStationsW
SwitchToThisWindow
ScrollChildren
SetWindowRgn
GetScrollInfo
DdeImpersonateClient
VkKeyScanW
DragObject
PeekMessageA
GetDlgItemTextA
PaintMenuBar
SetFocus
CharToOemBuffW
InvalidateRgn
CreateWindowExA
OpenDesktopA
CtxInitUser32
DrawFrameControl
RegisterClassW
EnableMenuItem
EnumDisplaySettingsA
EnumDesktopsA
UserLpkTabbedTextOut
TranslateMDISysAccel

wininet

SetUrlCacheHeaderData
FindFirstUrlCacheEntryExA
FtpGetFileEx
ParseX509EncodedCertificateForListBoxEntry
GopherGetLocatorTypeW
FtpGetFileSize
CreateMD5SSOHash
FtpCommandA
DeleteUrlCacheEntryW
InternetSetOptionExW
GopherOpenFileA
FtpDeleteFileA
InternetAutodial
FindNextUrlCacheEntryExA
InternetOpenUrlA
InternetOpenA
GopherGetLocatorTypeA
FtpFindFirstFileA
FtpCreateDirectoryW
InternetInitializeAutoProxyDll
InternetCombineUrlW
InternetSetOptionW
FtpFindFirstFileW
InternetWriteFileExW
FtpPutFileA
InternetSetOptionA
FindFirstUrlCacheEntryW
CommitUrlCacheEntryA
SetUrlCacheEntryInfoA
SetUrlCacheEntryGroupA

oleaut32

VarI1FromBool
VarDecInt
BSTR_UserMarshal
VarIdiv
LoadTypeLib
VarR4FromUI8
BSTR_UserFree
CreateTypeLib
VarI4FromR4
VarUI1FromUI8
VarCyFromUI4
VarR4FromDec
VarCyFromDec
GetRecordInfoFromGuids
VarDateFromUI8
VarBoolFromUI4
GetAltMonthNames
VarCySub
VarR4FromUI1
VarCat
VarR8FromR4

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 167KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2da41fdb8cbc05d45291c902fb5fe7ff

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

msls31

kernel32

shlwapi

user32

wininet

oleaut32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 167KB - Virtual size: 636KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 336B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 167KB - Virtual size: 636KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 336B