768cc5a6b01b7efd12babcbf4cf14d918cf55e734d7faa85e27eb2ef37837cd2

Sharing

Copy URL

Twitter E-mail

General

Target

768cc5a6b01b7efd12babcbf4cf14d918cf55e734d7faa85e27eb2ef37837cd2
Size

144KB
MD5

d73aa04698b8d4cf4b10f2740064294d
SHA1

9154854440e487483c7654794b495a55327e625c
SHA256

768cc5a6b01b7efd12babcbf4cf14d918cf55e734d7faa85e27eb2ef37837cd2
SHA512

72006b4052ed22a53e21e111897bacd7d36dc2b8eee2ee912200a0bd52cca4aa3dd08823dda74a34b5d330266a99459fa8ffad5ba4d5f2fe510592a4c3816802
SSDEEP

3072:TVs3VXwgiYQg72JPEnMiARaba2DIO4Jm6NVO43rby:TVs3VXwgiYQg7gPGb9IO4Jm6PT3ru

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
768cc5a6b01b7efd12babcbf4cf14d918cf55e734d7faa85e27eb2ef37837cd2

Files

768cc5a6b01b7efd12babcbf4cf14d918cf55e734d7faa85e27eb2ef37837cd2
.dll windows:4 windows x86 arch:x86

2ae4e678c045539b1f1d8fbb7924b539

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetUnhandledExceptionFilter
FreeLibrary
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FindNextFileA
OutputDebugStringA
LoadLibraryExA
FindFirstFileA
DisableThreadLibraryCalls
ReleaseSemaphore
CreateSemaphoreA
ReleaseMutex
CreateMutexA
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
VirtualQuery
SetThreadPriority

user32

SendMessageA
CallWindowProcA
SetWindowLongA
GetParent
GetWindowLongA
PostMessageA
GetClientRect

shlwapi

PathAppendA
PathRemoveFileSpecA
PathAddBackslashA

winmm

PlaySoundA

mfc42

ord823
ord825

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_mbsnbcpy
tolower
_mbsnbcat
wcslen
_mbsstr
fread
ftell
strlen
remove
_access
_chmod
__CxxFrameHandler
_mkdir
_errno
sprintf
sscanf
strchr
printf
malloc
?name@type_info@@QBEPBDXZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
atoi
_mbstok
strcmp
free
strncpy
_purecall
_ftol
memcpy
_mbsrchr
memset
strcat
_snprintf
fopen
fwrite
_mbsncpy
fclose
_mbscmp
strcpy
fseek
_strdup

msvcp60

??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??_7bad_cast@std@@6B@
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ae4e678c045539b1f1d8fbb7924b539

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

winmm

mfc42

msvcrt

msvcp60

comdlg32

shell32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB