380ddc4cef0849e7b15b53e20140253183e68d7547e7b146ff90c45f344ec7d4

Sharing

Copy URL Twitter E-mail

General

Target

380ddc4cef0849e7b15b53e20140253183e68d7547e7b146ff90c45f344ec7d4
Size

47KB
MD5

f31ca09985fac7e31b858c0e94d0467b
SHA1

221883d0f49c87344aa5e83829d44d8cda2312d5
SHA256

380ddc4cef0849e7b15b53e20140253183e68d7547e7b146ff90c45f344ec7d4
SHA512

319b867716a2a41e32577a5361e8a4e9b46f2cbfea193af3bede83bed44bce9d8bdcc092c09f9d7bb5f4c45baef33f75cc17849ffc64318f6a727f16063c0113
SSDEEP

384:A8pfmWIeWrIzoygoDIwwLEBUqVi+7nB0u3Y6hlhcO2pTxNa1xq3UZU92pZc4LWog:lxJIno+womUqrna67hcOqTxNQZU9f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
380ddc4cef0849e7b15b53e20140253183e68d7547e7b146ff90c45f344ec7d4

Files

380ddc4cef0849e7b15b53e20140253183e68d7547e7b146ff90c45f344ec7d4
.exe windows:5 windows x86 arch:x86

051c579f59b5531940c625ec8bf0066b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
lstrlenW
GetLastError
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
Sleep
GlobalLock
GlobalUnlock
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException

user32

GetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindowTextW
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetWindowsHookExA
CallNextHookEx
EndDialog
PostQuitMessage
OpenClipboard
BeginPaint
DefWindowProcA
DestroyWindow
DialogBoxParamA
RegisterClassExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
LoadAcceleratorsA
TranslateMessage
DispatchMessageA
GetMessageA
LoadStringA
EndPaint
GetKeyState

shell32

SHGetFolderPathA

msvcp90

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ

msvcr90

_encode_pointer
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
??3@YAXPAX@Z
_localtime64
_time64
memcpy_s
memmove_s
free
strcat_s
fopen
strftime
fprintf
fputs
fclose
fseek
ftell
_recalloc
calloc
??2@YAPAXI@Z
memset
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_CxxThrowException
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

051c579f59b5531940c625ec8bf0066b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp90

msvcr90

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 35KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 35KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 2KB - Virtual size: 1KB