b81abc657c7182275245adf7ab790d42

Sharing

Copy URL Twitter E-mail

General

Target

b81abc657c7182275245adf7ab790d42
Size

764KB
MD5

b81abc657c7182275245adf7ab790d42
SHA1

b713e57eb719c8b2273b31f0f9f9f71c13bceb31
SHA256

7c46723710d4c783f6bfd9abe3b1fac1d1cf0764ec90f159e44a0b22f5f582c3
SHA512

42e306b04542db26672549e6b90d8f626a4ebbd18aebf5b442e25c17198d3e070490ade05d5bd66bdfc978c09dedee6ee9c504db5a1d9cd74f04c610338fff4b
SSDEEP

12288:eCIugkjzACYZxdpzVJ4XDZCp8SRoVAwn+nceZMQ9eyPY:9tgkjzzcbzVJyURo6wn+nceZMZGY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b81abc657c7182275245adf7ab790d42

Files

b81abc657c7182275245adf7ab790d42
.exe windows:4 windows x86 arch:x86

fdfde98d1c384f32274c4f307fe5b961

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

frn

??1FarinaButton2@@UAE@XZ
??1FarinaTreeCtrl@@UAE@XZ
??1FarinaDialog2@@UAE@XZ
??0FarinaButton2@@QAE@XZ
??0FarinaTreeCtrl@@QAE@XZ
??0FarinaDialog2@@QAE@IPAVCWnd@@@Z
?Farina@FarinaTreeCtrl@@QAEXXZ
?GetThisMessageMap@FarinaDialog2@@KGPBUAFX_MSGMAP@@XZ
?OnCtlColor@FarinaDialog@@IAEPAUHBRUSH__@@PAVCDC@@PAVCWnd@@I@Z
?GetRuntimeClass@FarinaDialog2@@UBEPAUCRuntimeClass@@XZ
??1FarinaSliderCtrl@@UAE@XZ
??0FarinaGroupBox@@QAE@XZ
??0FarinaSliderCtrl@@QAE@XZ
??1FarinaStatic@@UAE@XZ
??0FarinaStatic@@QAE@XZ
??1FarinaComboBox@@UAE@XZ
??0FarinaComboBox@@QAE@XZ
?OnSize@FarinaDialog2@@QAEXIHH@Z
?OnCreate@AbstractDialog@@IAEHPAUtagCREATESTRUCTW@@@Z
?DoDataExchange@FarinaDialog2@@MAEXPAVCDataExchange@@@Z
?Farina@FarinaEdit@@QAEXXZ
??0FarinaEdit@@QAE@XZ
??0FarinaCheckBox@@QAE@XZ
?OnInitDialog@AbstractDialog@@MAEHXZ
?GetThisMessageMap@FarinaDialog@@KGPBUAFX_MSGMAP@@XZ
?FarinaMessageBox@@YAHABV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@0IPAVCWnd@@@Z
??1FarinaEdit@@UAE@XZ
?DoDataExchange@FarinaDialog@@MAEXPAVCDataExchange@@@Z
??0FarinaDialog@@QAE@IPAVCWnd@@@Z
??0FarinaButton@@QAE@XZ
?WindowProc@AbstractDialog@@MAEJIIJ@Z
?EnableLuna@FarinaAPI@@SA_N_N@Z
??1FarinaButton@@UAE@XZ
??1FarinaCheckBox@@UAE@XZ
??1FarinaDialog@@UAE@XZ
??1FarinaGroupBox@@UAE@XZ
?FarinaMessageBox@@YAHIABV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@IPAVCWnd@@@Z

shlwapi

PathFileExistsW
PathFindExtensionW

winmm

timeGetTime
mciSendStringW

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

gdiplus

GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdiplusShutdown
GdipCreateFont
GdipFillPath
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipAddPathStringI
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipGetPathWorldBoundsI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdiplusStartup
GdipDrawPath

mfc71u

ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2856
ord4480
ord4256
ord3176
ord1785
ord4314
ord2366
ord3204
ord1925
ord2362
ord3198
ord1271
ord1270
ord4094
ord2085
ord3238
ord1946
ord1274
ord2365
ord1894
ord6086
ord4743
ord709
ord501
ord4347
ord2002
ord1331
ord2124
ord6140
ord5609
ord6232
ord4574
ord689
ord605
ord458
ord354
ord2159
ord6271
ord931
ord5638
ord347
ord4112
ord1784
ord4755
ord3678
ord3296
ord5911
ord1393
ord3331
ord760
ord572
ord589
ord330
ord5210
ord2155
ord4394
ord5527
ord2847
ord2936
ord3163
ord468
ord694
ord5373
ord3910
ord2781
ord590
ord4195
ord3758
ord2846
ord467
ord2086
ord4234
ord2985
ord3311
ord741
ord2861
ord5829
ord3157
ord5727
ord2648
ord5965
ord4558
ord5119
ord334
ord593
ord3590
ord870
ord283
ord577
ord2311
ord293
ord776
ord899
ord4101
ord2895
ord6171
ord6165
ord6173
ord3990
ord774
ord4100
ord2260
ord2444
ord3927
ord6167
ord2271
ord280
ord1476
ord5558
ord5524
ord1472
ord6096
ord4076
ord1479
ord6111
ord282
ord2926
ord896
ord5705
ord5485
ord4026
ord894
ord5414
ord261
ord5712
ord1003
ord258
ord970
ord3849
ord971
ord2266
ord1002
ord2745
ord2461
ord4320
ord2009
ord1007
ord5096
ord566
ord1110
ord4078
ord1542
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord1765
ord1883
ord5398
ord2460
ord1058
ord2310
ord6166
ord6063
ord1156
ord2121
ord2282
ord3756
ord1582
ord5864
ord3877
ord2261
ord5118
ord1236
ord1235
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord3635
ord3599
ord1121
ord1049
ord5113
ord2011
ord1908
ord2239
ord1064
ord1093
ord371
ord1123
ord1139
ord1178
ord1182
ord757
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677
ord4535
ord6282
ord5316
ord3925
ord557
ord745
ord5443
ord558
ord746
ord762
ord1176
ord6293
ord5327
ord2340
ord3249
ord1571
ord2279
ord1086
ord386
ord1431
ord631
ord265
ord1021
ord1051
ord266
ord764
ord4119
ord1079
ord602
ord1198

msvcr71

?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
calloc
strtod
_wcsupr
fflush
fwrite
strcpy
strlen
pow
_ftol
fabs
fread
memcpy
abort
_iob
fprintf
strncpy
??1type_info@@UAE@XZ
memset
memcmp
modf
floor
ceil
wcstoul
_wtoi64
_strnicmp
__CxxLongjmpUnwind
_setjmp3
longjmp
_wcsdup
wcsrchr
wcsstr
wcschr
_wcsicoll
wcscoll
_wcsicmp
wcscat
_beginthreadex
_purecall
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_wtol
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
_wfopen
fgetws
fclose
realloc
wcsncpy
_except_handler3
_stricmp
__dllonexit
_onexit
__security_error_handler
_controlfp
sprintf
malloc
__CxxFrameHandler
_wsplitpath
wcscpy
wcslen
wcsncmp
_wtoi
wcscmp
_wcsnicmp
_ltow
free

kernel32

GetFileAttributesW
DeleteFileW
GetExitCodeThread
ExpandEnvironmentStringsW
GetProcAddress
FreeLibrary
GetTickCount
Sleep
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetLastError
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
lstrcpynW
lstrcatW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetCommandLineW
GetCurrentThreadId
SetCurrentDirectoryW
CreateMutexW
ProcessIdToSessionId
GetCurrentProcessId
FindClose
FindFirstFileW
GetVolumeInformationW
SetErrorMode
GlobalUnlock
GlobalLock
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GetCurrentProcess
GetPrivateProfileIntW
GetPrivateProfileSectionW
TerminateThread
WaitForSingleObject
SetEvent
SuspendThread
ResumeThread
CreateEventW
LoadLibraryA
GetVersionExA
WideCharToMultiByte
GetShortPathNameW
ReadFile
CreateFileW
GetFileInformationByHandle
GetFileSize
LockResource
UnmapViewOfFile
MapViewOfFile
MulDiv
CreateSemaphoreW
ReleaseSemaphore
ReleaseMutex
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemInfo
CreateFileMappingW
LocalAlloc
LocalFree
FormatMessageW
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
GetDiskFreeSpaceW
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDriveTypeW
CreateDirectoryW
GetPrivateProfileStringW
GetModuleFileNameW
lstrlenW
lstrcpyW
CloseHandle
RaiseException
InitializeCriticalSection
LoadLibraryW
DeleteCriticalSection

user32

EnableWindow
LoadIconW
ReleaseCapture
SendMessageW
SetCursor
LoadCursorW
RemovePropW
PostQuitMessage
GetAsyncKeyState
SetPropW
WindowFromPoint
ShowWindow
EnumChildWindows
ReleaseDC
UpdateLayeredWindow
GetDC
RegisterClipboardFormatW
OffsetRect
EqualRect
IntersectRect
InvalidateRect
DrawIconEx
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
CharUpperW
wsprintfW
SetWindowRgn
SetCapture
ClientToScreen
GetWindowRect
MoveWindow
UpdateWindow
GetCursorPos
SubtractRect
CopyRect
SetRectEmpty
PtInRect
DefWindowProcW
SetTimer
SetWindowPos
SetForegroundWindow
KillTimer
SetLayeredWindowAttributes
IsRectEmpty
ScreenToClient
GetClientRect
IsIconic
GetSystemMenu
PostMessageW
LoadMenuW
GetSubMenu
SetMenuDefaultItem
CheckMenuItem
AppendMenuW
CreatePopupMenu
DrawIcon
RegisterHotKey
UnregisterHotKey
GetParent
LockWindowUpdate
RedrawWindow
EnumWindows
GetPropW
CharNextW
DestroyIcon
LoadStringW
GetIconInfo
RegisterWindowMessageW
IsWindowVisible
GetWindow
FindWindowW
GetKeyState
MessageBoxW
InflateRect
GetDesktopWindow

gdi32

SetStretchBltMode
StretchBlt
LPtoDP
GetPixel
SetPixel
StretchDIBits
GetDeviceCaps
CreateDIBitmap
SetDIBColorTable
GetDIBColorTable
GdiFlush
GetClipBox
GetDCOrgEx
GetObjectW
BitBlt
SetBkColor
CreateSolidBrush
DeleteDC
CreateDIBSection
SelectObject
GetTextExtentPoint32W
GetTextFaceW
CreateCompatibleDC
CreateFontW
DeleteObject
CreateRectRgn
ExtTextOutW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegQueryInfoKeyW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

DragQueryFileW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHFileOperationW
ShellExecuteW
SHAppBarMessage
SHGetPathFromIDListW
SHGetMalloc
ExtractIconExW
ShellExecuteExW
SHGetFileInfoW

comctl32

_TrackMouseEvent

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantChangeType
VariantTimeToSystemTime
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantClear
SysStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
LoadTypeLi

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 624KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdfde98d1c384f32274c4f307fe5b961

Headers

File Characteristics

Imports

frn

shlwapi

winmm

wtsapi32

gdiplus

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp71

Sections

.text Size: 624KB - Virtual size: 622KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 36KB - Virtual size: 96KB

.text
Size: 624KB - Virtual size: 622KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 36KB - Virtual size: 96KB