f20e9c1671a845d38f123997a3ca98df559dd57a5589f8496ecbba6ea3540a7b

Sharing

Copy URL Twitter E-mail

General

Target

f20e9c1671a845d38f123997a3ca98df559dd57a5589f8496ecbba6ea3540a7b
Size

776KB
MD5

f50676b81176482d74f70c794824084c
SHA1

3861959f3222a643227f1840274d02a292564f7a
SHA256

f20e9c1671a845d38f123997a3ca98df559dd57a5589f8496ecbba6ea3540a7b
SHA512

a762451eae28665c0a1fa1d82fe0f68401fdea8890b78aac3179c5d458fa7d3c4ba5eb749c9e98409b8d25b36dc65d43d6a1f34017207d3dc7f7272e1b179411
SSDEEP

6144:fWfr30GIlRv0FQ941j4uS2s2RmgdHwxqToK+MHwxR1oQOtfhMH9I8cW2stf3nSTx:fO3zit0C941jBs2pEkWR1j6hk0W93CB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f20e9c1671a845d38f123997a3ca98df559dd57a5589f8496ecbba6ea3540a7b

Files

f20e9c1671a845d38f123997a3ca98df559dd57a5589f8496ecbba6ea3540a7b
.exe windows:4 windows x86 arch:x86

0a0b58a4308e4ce6fa86372e0fa70a6e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord2091
ord4432
ord364
ord784
ord4241
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord535
ord3874
ord5677
ord3495
ord4508
ord3610
ord3719
ord656
ord793
ord541
ord540
ord801
ord1175
ord6648
ord6874
ord2764
ord6778
ord2818
ord6215
ord2763
ord860
ord6143
ord2642
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord4467
ord4303
ord3351
ord5012
ord976
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord4427
ord401
ord674
ord5254
ord2135
ord818
ord5981
ord4299
ord6880
ord2859
ord2614
ord2688
ord3089
ord2864
ord1783
ord3092
ord2938
ord2575
ord4396
ord3574
ord609
ord940
ord4129
ord922
ord4204
ord924
ord1641
ord2414
ord3619
ord3626
ord3663
ord1871
ord4133
ord4297
ord5788
ord2860
ord472
ord1567
ord268
ord283
ord2754
ord5875
ord1168
ord4277
ord4275
ord2379
ord6241
ord2080
ord613
ord5678
ord3317
ord5789
ord5736
ord289
ord3797
ord6883
ord3811
ord6741
ord6508
ord6921
ord6613
ord6767
ord1949
ord5821
ord3662
ord812
ord2841
ord1200
ord1205
ord1176
ord414
ord559
ord713
ord2809
ord2970
ord1270
ord1232
ord4287
ord6144
ord3571
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5579
ord5571
ord6061
ord5864
ord3596
ord755
ord640
ord6194
ord5785
ord1640
ord323
ord470
ord3573
ord5053
ord6458
ord3693
ord2652
ord1669
ord1706
ord430
ord786
ord2461
ord3318
ord5572
ord6389
ord2915
ord941
ord519
ord6311
ord6283
ord6282
ord2784
ord4171
ord5445
ord703
ord404
ord3216
ord4042
ord2504
ord5903
ord5510
ord1652
ord429
ord4083
ord1829
ord3754
ord3752
ord6128
ord2634
ord6141
ord5861
ord2233
ord4045
ord4160
ord2107
ord6605
ord763
ord2450
ord483
ord2527
ord482
ord4333
ord2814
ord3810
ord5076
ord2096
ord384
ord5440
ord6383
ord5450
ord6394
ord4544
ord3274
ord4622
ord3579
ord439
ord736
ord5495
ord5685
ord4226
ord5683
ord6662
ord2089
ord816
ord562
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord5284
ord4437
ord4428
ord796
ord686
ord554
ord529
ord402
ord807
ord926
ord6069
ord2011
ord6067
ord5871
ord1146
ord2123
ord2494
ord2627
ord2626
ord6242
ord6000
ord2117
ord981
ord2408
ord2862
ord4163
ord6625
ord4457
ord5255
ord6209
ord765
ord4224
ord665
ord1979
ord5442
ord5186
ord3499
ord3177
ord354
ord2515
ord355
ord6385
ord2884
ord6008
ord4000
ord3949
ord3287
ord3303
ord3914
ord939
ord986
ord520
ord1842
ord783
ord5216
ord4034
ord5104
ord642
ord4413
ord4500
ord4772
ord4995
ord4458
ord4216
ord3349
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5082
ord1709
ord1712
ord6053
ord5234
ord6369
ord5279
ord5248
ord2444
ord3598
ord327
ord4235
ord6197
ord6379
ord1821
ord4611
ord4609
ord4485
ord3471
ord2002
ord5729
ord5502
ord3446
ord3195
ord985
ord648
ord334
ord1199
ord1236
ord1152
ord3733
ord810
ord4271
ord3711
ord4694
ord3698
ord3054
ord3425
ord3880
ord6734
ord1105
ord4615
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord2863
ord4159
ord6117
ord2621
ord1134
ord2725
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord2405
ord2380
ord2567
ord2243
ord1803
ord298
ord620
ord4230
ord1233
ord4454
ord1864
ord3701
ord772
ord500
ord5153
ord4284
ord1865
ord2714
ord4023
ord2569
ord5655
ord5787
ord3220
ord2767
ord5860
ord6142
ord3986
ord3521
ord6402
ord3742
ord2152
ord1945
ord4341
ord4349
ord4723
ord4890
ord4964
ord4961
ord1726
ord560
ord813
ord4273
ord4614
ord2535
ord4533
ord4892
ord4370
ord4899
ord4588
ord4589
ord1841
ord823
ord4710
ord537
ord858
ord800
ord6199
ord4234
ord2302
ord825
ord324
ord567

msvcrt

_callnewh
malloc
__CxxFrameHandler
_mbscmp
sscanf
strtod
_ftol
toupper
atoi
atof
isalnum
_CIpow
isdigit
_purecall
strtoul
_mbsrchr
isxdigit
isprint
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_setmbcp

kernel32

CloseHandle
CreateFileA
GetVersionExA
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalSize
MulDiv
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalFree
FormatMessageA
GetLastError
lstrcpyA
lstrcpynA
ReadFile
WriteFile
Sleep
PurgeComm
SetCommState
GetCommState
SetCommTimeouts
SetupComm
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetModuleHandleA
GetStartupInfoA

user32

LoadBitmapA
GetWindow
LockWindowUpdate
LoadImageA
SetScrollRange
SetScrollPos
GetScrollPos
UpdateWindow
ModifyMenuA
DeleteMenu
GetMenu
GetMessagePos
GetSysColorBrush
EndDeferWindowPos
BeginDeferWindowPos
ClientToScreen
GetWindowLongA
GetClassLongA
RedrawWindow
GetDCEx
wsprintfA
GetDoubleClickTime
WindowFromPoint
IsClipboardFormatAvailable
GrayStringA
TabbedTextOutA
CopyIcon
ScreenToClient
ReleaseCapture
KillTimer
IntersectRect
GetClassInfoA
DefWindowProcA
IsWindow
GetParent
TranslateMessage
DispatchMessageA
IsRectEmpty
PtInRect
InvalidateRect
DrawFrameControl
GetSystemMetrics
LoadCursorA
SetCursor
GetSysColor
FillRect
FrameRect
DrawEdge
InflateRect
DrawTextA
ReleaseDC
SystemParametersInfoA
GetKeyState
GetFocus
GetCursorPos
GetCapture
PostMessageA
IsWindowVisible
CopyRect
GetDC
GetWindowRect
SetCapture
ClipCursor
SetTimer
GetClientRect
InvertRect
SetRect
OffsetRect
GetDlgCtrlID
SendMessageA
IsChild
EnableWindow

gdi32

PatBlt
GetTextColor
EnumFontFamiliesA
GetTextMetricsA
CreateFontA
StartDocA
StartPage
EndPage
EndDoc
AbortDoc
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
GetBkColor
BitBlt
GetCurrentObject
GetTextExtentPoint32A
CreateFontIndirectA
GetDeviceCaps

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey

shell32

ShellExecuteA

comctl32

ImageList_GetImageInfo
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Draw

oleaut32

VarDecFromR8
VarDecMul
VarR8FromDec
VarDecDiv

msvcp60

?nothrow@std@@3Unothrow_t@1@B

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a0b58a4308e4ce6fa86372e0fa70a6e

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

oleaut32

msvcp60

Sections

.text Size: 224KB - Virtual size: 223KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 12KB - Virtual size: 47KB

.rsrc Size: 496KB - Virtual size: 495KB

.text
Size: 224KB - Virtual size: 223KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 12KB - Virtual size: 47KB

.rsrc
Size: 496KB - Virtual size: 495KB