cadf0e0ecd864df195b0c57b8b9eac2a

Sharing

Copy URL Twitter E-mail

General

Target

cadf0e0ecd864df195b0c57b8b9eac2a
Size

144KB
MD5

cadf0e0ecd864df195b0c57b8b9eac2a
SHA1

7c325ecbfb9cdf033f115146507fe1aa49e5adef
SHA256

786190bdb9f8fb81f6602b81d2872e904ef19a2cca0c9d45be4513a4624f8674
SHA512

6d4767fe8338748be9a7f80752f5fe4d4175d6cb51ddc21c024b1db81c3a8b94e54eb2d4f9ffd6cd947ee111239f3a814717ccc5628163e5f009635197598033
SSDEEP

3072:Wm9Xelr6tz/y2u1p6scC93vPqSGlgTmQ9BAPBIH1diS8Y5d7J94fOhAM:Wm9XA7FLvSSXmIH1pv5p42hj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cadf0e0ecd864df195b0c57b8b9eac2a

Files

cadf0e0ecd864df195b0c57b8b9eac2a
.exe windows:5 windows x86 arch:x86

9838773c8dfe91171e7d28f5dcd7b507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
RegisterClassW
DefWindowProcW

lz32

GetExpandedNameA
LZStart
CopyLZFile
LZSeek
LZInit
LZOpenFileA
LZCloseFile
LZClose
LZCopy
LZOpenFileW
LZDone
LZRead

gdi32

GetClipRgn
DdEntry20
GetRelAbs
GetBrushAttributes
BRUSHOBJ_ulGetBrushColor
EngDeletePath
CopyEnhMetaFileW
WidenPath
EnumFontFamiliesA
SetVirtualResolution
BeginPath
DdEntry0
DdEntry1
GetRasterizerCaps
SetColorAdjustment
EngTextOut
GetTextCharset
SetViewportOrgEx
GetAspectRatioFilterEx
GdiInitSpool
DdEntry27
GetNearestPaletteIndex
DdEntry26
UnrealizeObject
DdEntry7
InvertRgn
DeleteEnhMetaFile
EnableEUDC
GdiReleaseDC
GetKerningPairsA
Chord

msdart

?GetSpinCount@CReaderWriterLock3@@QBEGXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
MpHeapReAlloc
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?Unlock@CLockedDoubleList@@QAEXXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?_H0@CLKRLinearHashTable@@CGKKK@Z
?Unlock@CLockedSingleList@@QAEXXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?ReadUnlock@CSpinLock@@QAEXXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?SetSpinCount@CCritSec@@QAE_NG@Z
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?CheckTable@CLKRHashTable@@QBEHXZ
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
?WriteLock@CReaderWriterLock2@@QAEXXZ
MpHeapDestroy
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
??4CSpinLock@@QAEAAV0@ABV0@@Z
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?WriteUnlock@CSpinLock@@QAEXXZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock@@1NA
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
??4CDoubleList@@QAEAAV0@ABV0@@Z

msvcirt

?pword@ios@@QBEAAPAXH@Z
?unlockbuf@ios@@QAAXXZ
?put@ostream@@QAEAAV1@D@Z
??0strstreambuf@@QAE@PAEH0@Z
?out_waiting@streambuf@@QBEHXZ
??4istream@@IAEAAV0@ABV0@@Z
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
??0istream_withassign@@QAE@XZ
?unbuffered@streambuf@@IBEHXZ
??7ios@@QBEHXZ
?write@ostream@@QAEAAV1@PBEH@Z
?setmode@fstream@@QAEHH@Z
??_7fstream@@6B@
??4ostrstream@@QAEAAV0@ABV0@@Z
??_Efilebuf@@UAEPAXI@Z
??_Gstreambuf@@UAEPAXI@Z
??_8fstream@@7Bistream@@@
?flush@ostream@@QAEAAV1@XZ
??0ostrstream@@QAE@PADHH@Z
?overflow@filebuf@@UAEHH@Z
??_Elogic_error@@UAEPAXI@Z
?eatwhite@istream@@QAEXXZ
?sh_write@filebuf@@2HB
??1istream@@UAE@XZ
?eof@ios@@QBEHXZ
??5istream@@QAEAAV0@AAM@Z
??6ostream@@QAEAAV0@PBC@Z
?get@istream@@QAEHXZ
??6ostream@@QAEAAV0@K@Z
??_7iostream@@6B@
?dbp@streambuf@@QAEXXZ
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?getint@istream@@AAEHPAD@Z
??_Eifstream@@UAEPAXI@Z
??_Distrstream@@QAEXXZ
?x_curindex@ios@@0HA
??_Efstream@@UAEPAXI@Z

msvcrt

ferror
_chsize
_adj_fdivr_m16i
_wcmdln
_ismbblead
fsetpos
wcstoul
qsort
strtol
_ltow
__getmainargs
_wspawnlpe
?unexpected@@YAXXZ
_chmod
_mbctype
_mbclen
modf
__set_app_type
_wgetdcwd
_adjust_fdiv
_mbsupr
_execvp
_findclose
_wstati64
_utime64
_chdir
??0bad_cast@@QAE@ABQBD@Z
_wexecl
__p__commode
exit
__p___initenv
_wspawnvpe

kernel32

SignalObjectAndWait
GetNumaNodeProcessorMask
WaitForSingleObjectEx
CallNamedPipeW
LZOpenFileW
LeaveCriticalSection
GetLogicalDriveStringsA
VirtualAlloc
GetNextVDMCommand
GetSystemDefaultLCID
AttachConsole
WriteFileGather
GetLocalTime
FormatMessageA
_lwrite
GetUserDefaultLCID
GetCommModemStatus
GetEnvironmentStringsA
WaitForMultipleObjectsEx
IsValidCodePage
lstrcatA
CreateActCtxA
QueueUserAPC
HeapSetInformation
ConvertThreadToFiber
ReadDirectoryChangesW
IsValidLocale
IsDebuggerPresent
RtlCaptureStackBackTrace
IsSystemResumeAutomatic
GetPrivateProfileStructA
GetVolumeInformationA
InterlockedIncrement
lstrcpyA
FillConsoleOutputCharacterW
AddConsoleAliasA
InitializeCriticalSectionAndSpinCount
GlobalAddAtomA
LoadLibraryA
GetPrivateProfileSectionNamesW
GetExitCodeThread
EnterCriticalSection
ShowConsoleCursor

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9838773c8dfe91171e7d28f5dcd7b507

Headers

DLL Characteristics

File Characteristics

Imports

user32

lz32

gdi32

msdart

msvcirt

msvcrt

kernel32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 59KB - Virtual size: 223KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 59KB - Virtual size: 223KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB