8f22024253c67820e9dc54c4f07f39c1

Sharing

Copy URL Twitter E-mail

General

Target

8f22024253c67820e9dc54c4f07f39c1
Size

525KB
MD5

8f22024253c67820e9dc54c4f07f39c1
SHA1

ffdd8f981bb15624b4602c477b34007eb6391b1f
SHA256

d3a9a0d4603445ca5d74b286a25e93ae1d903902a51b334726590d1f46ad6473
SHA512

3c9c4a3d4270c6e4744ed332edcaf593d81ded1d71241683721f792e53c85bd4203a18eb4c221c67666dbc2782e45020c29cd41464d004a61093a7f3464e4a59
SSDEEP

6144:dYDbhgRE8qT/RsHXSCH9IThRWBxNTi0gfRjDxDIrCGQbxUajLopD9iq759FWpdFP:whibGOHXd9IGBRgDhMYZop9LmdFvH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f22024253c67820e9dc54c4f07f39c1

Files

8f22024253c67820e9dc54c4f07f39c1
.exe windows:4 windows x86 arch:x86

46d3ef8d9f7fd61b80a3bed372f11ca4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imgcmn

?AddResolutionPage@CPagePropSheet@@QAEXXZ
?SetDefaultFileType@CPagePropSheet@@QAEXF@Z
?AddColorPage@CPagePropSheet@@QAEXXZ
?AddCompressionPage@CPagePropSheet@@QAEXXZ
?AddSizePage@CPagePropSheet@@QAEXXZ
?SetDefaultCompType@CPagePropSheet@@QAEXF@Z
?SetDefaultColor@CPagePropSheet@@QAEXF@Z
?SetDefaultResolution@CPagePropSheet@@QAEXJJ@Z
?DoModal@CPagePropSheet@@UAEHXZ
?SetDefaultCompOpts@CPagePropSheet@@QAEXJ@Z
?HidePal4@CPagePropSheet@@QAEXXZ
?GetColor@CPagePropSheet@@QAEFXZ
?GetXRes@CPagePropSheet@@QAEJXZ
?GetYRes@CPagePropSheet@@QAEJXZ
?GetCompType@CPagePropSheet@@QAEFXZ
?GetHeight@CPagePropSheet@@QAEJXZ
?GetWidth@CPagePropSheet@@QAEJXZ
??1CPagePropSheet@@UAE@XZ
?GetCompOpts@CPagePropSheet@@QAEJXZ
?GetFileType@CPagePropSheet@@QAEFXZ
?GetLong@CVariantHandler@@QAEJAAJABJH@Z
??0CPagePropSheet@@QAE@PBDPAVCWnd@@@Z
?GetBool@CVariantHandler@@QAEJAAHABHH@Z
?GetShort@CVariantHandler@@QAEJAAFABFH@Z
??0CVariantHandler@@QAE@XZ
?SetVariant@CVariantHandler@@QAEXABUtagVARIANT@@@Z
?AddFileTypePage@CPagePropSheet@@QAEXXZ
??1CVariantHandler@@QAE@XZ
?UpdateVersion@@YGJH@Z

mfc42

ord6143
ord3597
ord641
ord324
ord1768
ord4299
ord3092
ord1168
ord4710
ord1200
ord2864
ord755
ord2859
ord470
ord6453
ord3626
ord3663
ord2414
ord2379
ord3237
ord6282
ord6283
ord5856
ord5683
ord858
ord860
ord537
ord1601
ord1264
ord6142
ord5860
ord500
ord1268
ord1938
ord4268
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord6055
ord1776
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord807
ord3521
ord554
ord6064
ord2120
ord5883
ord4147
ord6146
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord4759
ord4278
ord2915
ord5710
ord940
ord2763
ord2764
ord1876
ord266
ord2014
ord6395
ord5455
ord3298
ord4483
ord1781
ord2793
ord2955
ord2858
ord5652
ord5019
ord5106
ord4921
ord5003
ord4730
ord4669
ord4490
ord4345
ord4338
ord4647
ord5022
ord4492
ord4512
ord4962
ord971
ord2058
ord4645
ord2548
ord5508
ord5956
ord4037
ord3268
ord3353
ord4622
ord420
ord720
ord6329
ord4382
ord4388
ord2371
ord4493
ord5824
ord1729
ord4133
ord4297
ord2652
ord1669
ord2074
ord3116
ord539
ord2394
ord616
ord6402
ord6403
ord535
ord3522
ord5290
ord3402
ord2135
ord567
ord818
ord861
ord4627
ord4425
ord5981
ord2642
ord3744
ord2629
ord801
ord541
ord1199
ord3874
ord2614
ord5583
ord5686
ord1822
ord4004
ord4419
ord4959
ord4360
ord3364
ord335
ord649
ord4346
ord599
ord2727
ord1243
ord2730
ord2729
ord2547
ord421
ord3001
ord4604
ord819
ord5863
ord568
ord1147
ord4129
ord3442
ord6081
ord3815
ord1923
ord4695
ord5940
ord2003
ord5730
ord3948
ord2185
ord2184
ord4214
ord3107
ord5617
ord989
ord3445
ord3194
ord4161
ord6451
ord520
ord788
ord5198
ord1269
ord5910
ord922
ord924
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2301
ord2302
ord4055
ord2364
ord6334
ord1783
ord6241
ord5951
ord3098
ord3619
ord815
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5714
ord3738
ord326
ord459
ord561
ord2558
ord4610
ord6354
ord1214
ord5500
ord2036
ord986
ord6137
ord5914
ord4159
ord2621
ord6117
ord1134
ord5716
ord5717
ord1205
ord2725
ord3761
ord2890
ord2455
ord4698
ord5289
ord1894
ord4254
ord2688
ord2010
ord3187
ord4605
ord5501
ord2991
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord6336
ord5577
ord3172
ord5654
ord4387
ord3454
ord5098
ord2124
ord3261
ord3280
ord4623
ord4430
ord748
ord456
ord1218
ord4860
ord4825
ord4956
ord4423
ord2402
ord5025
ord1992
ord3797
ord5496
ord926
ord2505
ord6327
ord640
ord2405
ord2556
ord1640
ord323
ord1265
ord4628
ord5277
ord3081
ord5651
ord3127
ord3616
ord5442
ord6383
ord3318
ord6260
ord1979
ord6385
ord5186
ord5440
ord665
ord350
ord354
ord962
ord750
ord603
ord1993
ord1969
ord273
ord1262
ord1259
ord2255
ord5206
ord458
ord2015
ord4826
ord4861
ord4957
ord5090
ord3066
ord3060
ord4416
ord5000
ord5021
ord4491
ord4494
ord5732
ord1267
ord4320
ord3881
ord3141
ord4916
ord4640
ord4517
ord5020
ord4950
ord2171
ord2437
ord1747
ord4275
ord3610
ord656
ord3873
ord1945
ord4273
ord4589
ord4341
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord5240
ord3748
ord1726
ord5260
ord4432
ord560
ord813
ord4890
ord4349
ord5076
ord4723
ord2535
ord3256
ord2975
ord3525
ord6093
ord4033
ord5882
ord1641
ord2089
ord1949
ord3528
ord6094
ord4034
ord4450
ord4685
ord1882
ord4250
ord2440
ord1694
ord5006
ord4470
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5475
ord3403
ord2879
ord2878
ord4154
ord4077
ord5237
ord5285
ord2649
ord1665
ord4436
ord5252
ord4427
ord747
ord733
ord439
ord450
ord436
ord736
ord4995
ord4337
ord5495
ord2104
ord4460
ord4146
ord5664
ord5656
ord3254
ord1871
ord5575
ord434
ord6009
ord5960
ord353
ord4448
ord1842
ord4242
ord5472
ord5282
ord674
ord366
ord4457
ord4151
ord4413
ord5030
ord4907
ord4590
ord4875
ord5852
ord3481
ord5644
ord2252
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord4732
ord4541
ord5477
ord2259

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__CxxFrameHandler
_CxxThrowException
atof
atoi
_mbscmp
_mbstok
_mbsicmp
_strupr
_itoa
_setmbcp
_ltoa
_controlfp
_ftol
atol
_fcvt
free
malloc
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr

kernel32

GetDiskFreeSpaceA
GetLocaleInfoA
VirtualAlloc
VirtualFree
MulDiv
MoveFileA
GetTempPathA
GetTempFileNameA
OpenFile
DeleteFileA
GetWindowsDirectoryA
lstrcmpA
FindNextFileA
FindClose
GetCurrentDirectoryA
CloseHandle
CreateFileMappingA
ExitProcess
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
OpenFileMappingA
FindFirstFileA
lstrcpyA
LoadLibraryA
GetProcAddress
lstrcpynA
lstrcatA
FreeLibrary
GetUserDefaultLCID
GetTickCount
lstrlenA
FindResourceA
LoadResource
LockResource
GlobalUnlock
GlobalLock
GlobalSize
GlobalFlags
GetStartupInfoA
GlobalFree
CopyFileA

user32

BringWindowToTop
UpdateWindow
RegisterWindowMessageA
SetMenu
DeleteMenu
KillTimer
DestroyMenu
IsWindow
GetMenuState
RegisterClipboardFormatA
InSendMessage
EnableMenuItem
AdjustWindowRect
GetSystemMetrics
GetSystemMenu
IsZoomed
IsIconic
CreatePopupMenu
InvalidateRect
PtInRect
wsprintfA
EndPaint
BeginPaint
GetUpdateRect
GetClipboardData
LoadBitmapA
OffsetRect
MessageBeep
SetTimer
AppendMenuA
CheckMenuItem
ModifyMenuA
GetSysColor
CheckMenuRadioItem
OpenClipboard
PeekMessageA
CloseClipboard
IsClipboardFormatAvailable
GetClientRect
ClientToScreen
SetRect
GetDesktopWindow
GetCursorPos
LoadMenuA
GetSubMenu
SetRectEmpty
IsRectEmpty
EnableWindow
GetDlgCtrlID
WinHelpA
GetDC
ReleaseDC
GetActiveWindow
GetWindowRect
ScreenToClient
SetWindowPos
PostMessageA
SendMessageA
MessageBoxA
LoadStringA
SetForegroundWindow
GetMenuItemCount
GetMenuItemID
SetCapture
SetFocus
ReleaseCapture
SetActiveWindow
GetMenu
GetDlgItem
CopyRect
SetWindowLongA
GetWindow

gdi32

CreateBitmap
GetPixel
BitBlt
DeleteDC
SetBkColor
CreateRectRgnIndirect
DeleteMetaFile
GetObjectA
DeleteObject
SelectObject
CreatePalette
CreateCompatibleDC
GetDeviceCaps
CreateFontIndirectA
RealizePalette
StretchDIBits
SelectPalette

comdlg32

GetFileTitleA

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryValueA
RegCloseKey
RegOpenKeyA

shell32

DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

StgCreateDocfile
WriteClassStg
OleCreate
StgOpenStorage
OleSetClipboard
CLSIDFromProgID
CoCreateInstance
CoGetMalloc

oleaut32

SysAllocStringLen
VariantCopy
SysStringLen
SysFreeString
OleCreateFontIndirect
SysAllocString
VariantInit
VariantClear

Exports

Exports

??_FCPagePropSheet@@QAEXXZ

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 257KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46d3ef8d9f7fd61b80a3bed372f11ca4

Headers

File Characteristics

Imports

imgcmn

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 194KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 6KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 257KB - Virtual size: 261KB

.text
Size: 196KB - Virtual size: 194KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 6KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 257KB - Virtual size: 261KB