adda0d558eeba2c1b7389c3afd021bff

Sharing

Copy URL

Twitter E-mail

General

Target

adda0d558eeba2c1b7389c3afd021bff
Size

236KB
MD5

adda0d558eeba2c1b7389c3afd021bff
SHA1

d17a91de393ad8e6ea425b1219dac1b0d7fc521b
SHA256

e935245520ccd12948c2e668d614e3ec4562bfbcc2db5fdc28af34205c6b885c
SHA512

fd0bb41a51b743836d901a6ebfdf77917dd1a774ea8252f3f707975e0de53f59b8fefa9fb4b274e1857a9cbc02f7adf619ef66387f2fa1fb4b66bd4eeab51e8d
SSDEEP

6144:Dp10fnNEQFv91k6Jj41Gn6l2mBpb99asj:Dp1MEQ3m+n6lhb9N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adda0d558eeba2c1b7389c3afd021bff

Files

adda0d558eeba2c1b7389c3afd021bff
.exe windows:4 windows x86 arch:x86

ccc49825d44e7c9cdc82aeb5ed25c333

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetUserDefaultUILanguage
GetCommandLineA
GetUserDefaultLCID
MulDiv
GetCurrentProcessId
GetProcAddress
IsValidCodePage
IsBadCodePtr
GetUserDefaultLangID
GetCurrentThreadId
MultiByteToWideChar
lstrlenW
lstrlenA
WideCharToMultiByte
Thread32Next
ResumeThread
SuspendThread
OpenThread
Thread32First
Sleep
GetLastError
LoadLibraryA
GetVersion
InterlockedDecrement
GetFileSize
GetModuleHandleA
SetEvent
IsBadReadPtr
VirtualProtect
GetSystemInfo
InterlockedIncrement
SetLastError
LocalFree
GetStartupInfoA

user32

IsCharAlphaNumericA
IsCharLowerA
GetCursor
GetDesktopWindow
IsWindow
GetForegroundWindow
IsCharAlphaA
CharLowerA
GetWindowRect
PostMessageA
GetSystemMetrics
GetActiveWindow
IsCharUpperA
GetCapture
IsMenu
GetInputState
GetFocus
CharUpperA
CreateWindowExA

ole32

CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun

oleaut32

SysStringByteLen
GetErrorInfo
SysAllocString
VariantClear
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringLen

msvcp60

?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??1?$ctype@D@std@@UAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??0?$ctype@D@std@@QAE@PBF_NI@Z
??_7bad_cast@std@@6B@
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0locale@std@@QAE@PBDH@Z
??1locale@std@@QAE@XZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Xran@std@@YAXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z

msvcrt

strcpy
_strdup
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
??0exception@@QAE@ABQBD@Z
atoi
wcslen
strncat
strcat
_strnicmp
_stricmp
strstr
strchr
strncpy
_itoa
free
sprintf
malloc
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strlen
__CxxFrameHandler
_except_handler3
rand
srand
memset
??2@YAPAXI@Z
memcpy
wcscmp
pow
_ftol
memcmp

ws2_32

htons
setsockopt
socket
gethostbyname
WSAStartup
connect
getsockopt
send
recv
WSACleanup
closesocket

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 946B - Virtual size: 946B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 720B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccc49825d44e7c9cdc82aeb5ed25c333

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

msvcp60

msvcrt

ws2_32

shell32

Sections

.text Size: 144KB - Virtual size: 144KB

.data Size: 96KB - Virtual size: 96KB

.bss Size: 6KB - Virtual size: 6KB

.idata Size: 946B - Virtual size: 946B

.rsrc Size: 720B - Virtual size: 720B

.text
Size: 144KB - Virtual size: 144KB

.data
Size: 96KB - Virtual size: 96KB

.bss
Size: 6KB - Virtual size: 6KB

.idata
Size: 946B - Virtual size: 946B

.rsrc
Size: 720B - Virtual size: 720B