MFCMapi 1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MFCMapi 1.exe
Size

5.4MB
MD5

9e894916321b8c557f36b7576c4d7451
SHA1

e9fa2356670d40201e6f2a5567b08d12765b12d1
SHA256

55a5e75a6d2d67330cc9888b4d710330809a83c052be0437975da08dc3ed3cd8
SHA512

e38653c68e4d36fd7088a6ac6b58e3a9b5603d05d684cf1abdc8d5843b56e50918ab687e97aac7e57ada779d695369d5f0c2981cd3d0b961ae3bc7c61e5c5696
SSDEEP

49152:fHh1jBV+wMASpiqjr6t5abemgsPzeAFRxUY35i1z+1Do9l2rChx0lLgDrFHW13lB:fvXtIzhFsBhRrFH1XuAGBthQA

Score

1^/10

Malware Config

Signatures

Files

MFCMapi 1.exe
.exe windows:6 windows x64 arch:x64

572b2300eb10aebb47bb0ac75997b1d1

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:a4:32:1f:d4:d3:a1:26:aa:d9:1f:4d:0b:00:d7:2a:47:37:37:01:05:c6:19:35:5e:86:50:1e:ca:8b:e0:e4
Signer

Actual PE Digest

70:a4:32:1f:d4:d3:a1:26:aa:d9:1f:4d:0b:00:d7:2a:47:37:37:01:05:c6:19:35:5e:86:50:1e:ca:8b:e0:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\a\1\s\bin\x64\Release Unicode\MFCMapi.pdb

Imports

kernel32

SearchPathW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetTempPathW
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlPcToFileHeader
RtlUnwindEx
GetProfileIntW
GetUserDefaultLCID
VerifyVersionInfoW
VerSetConditionMask
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetWindowsDirectoryW
FindResourceExW
lstrcpyW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateFileW
DeleteFileW
GetCurrentDirectoryW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetTempFileNameW
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
lstrcmpA
GetVersionExW
GetCurrentThread
CopyFileW
GlobalSize
CompareStringW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleExW
SetLastError
OutputDebugStringA
GetCPInfo
GetTickCount64
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
EncodePointer
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeThread
Sleep
WaitForSingleObjectEx
CloseHandle
CompareStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
CreateDirectoryW
GetTickCount
GetModuleFileNameW
GetShortPathNameW
FindClose
FindNextFileW
LoadLibraryExW
FindFirstFileW
GetCurrentThreadId
GetSystemTimeAsFileTime
GetSystemTime
OutputDebugStringW
lstrcmpiW
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
LocalFree
FormatMessageW
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
LocalAlloc
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
WritePrivateProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetProcAddress
GetConsoleOutputCP
MulDiv

user32

CreateDialogIndirectParamW
TabbedTextOutW
GrayStringW
DrawTextExW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageW
IsWindowEnabled
CheckDlgButton
MapVirtualKeyW
GetKeyNameTextW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongW
EqualRect
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
SetActiveWindow
UpdateWindow
SetFocus
GetDlgCtrlID
IsIconic
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsWindow
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
RegisterWindowMessageW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
LoadStringW
UnionRect
DeferWindowPos
EnumWindows
GetWindow
DestroyIcon
DrawIconEx
LoadImageW
GetWindowLongW
DrawFrameControl
IsMenu
GetWindowLongA
GetClassNameW
GetWindowTextW
GetPropW
SetPropW
FrameRect
IsRectEmpty
IntersectRect
SetWindowLongPtrW
GetWindowLongPtrW
InflateRect
EndDialog
GetWindowDC
GetSysColor
GetSysColorBrush
RemoveMenu
GetMenuItemID
GetMenuState
RealChildWindowFromPoint
SetMenuItemInfoW
GetMenuItemCount
TrackPopupMenu
WindowFromPoint
GetCursorInfo
SetCursor
GetCapture
SetRect
LoadCursorW
DestroyCursor
ShowScrollBar
SystemParametersInfoW
GetAsyncKeyState
MapDialogRect
DeleteMenu
GetTabbedTextExtentW
ScrollWindowEx
SetScrollInfo
GetScrollInfo
AppendMenuW
CreatePopupMenu
InsertMenuW
GetMenuItemInfoW
GetMenu
GetActiveWindow
GetMenuBarInfo
GetSystemMenu
IsZoomed
ReleaseCapture
SetCapture
MapWindowPoints
PtInRect
GetWindowThreadProcessId
GetForegroundWindow
DispatchMessageW
PeekMessageW
CopyRect
InvalidateRect
DrawMenuBar
SetMenuInfo
GetSubMenu
SetMenu
CreateMenu
LoadMenuW
DestroyMenu
GetDesktopWindow
LoadIconW
CheckMenuItem
SetDlgItemTextW
MoveWindow
OffsetRect
GetSystemMetrics
GetDlgItem
SetTimer
KillTimer
IsClipboardFormatAvailable
CharUpperW
GetMenuDefaultItem
GetNextDlgGroupItem
DrawFocusRect
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
UpdateLayeredWindow
NotifyWinEvent
GetNextDlgTabItem
GetDlgItemTextW
EnableMenuItem
ScreenToClient
ClientToScreen
GetMessagePos
GetWindowRect
PostQuitMessage
GetMessageW
TranslateMessage
ShowOwnedPopups
CopyImage
SendDlgItemMessageA
DrawTextW
SetRectEmpty
EnableWindow
CreateWindowExW
SetWindowPos
SendMessageW
TrackMouseEvent
GetCursorPos
PostMessageW
SendMessageA
LoadBitmapW
GetKeyState
GetFocus
GetClassInfoExW
DefWindowProcW
RegisterClassExW
SetWindowTextW
BeginPaint
GetClientRect
FillRect
EndPaint
BeginDeferWindowPos
ShowWindow
EndDeferWindowPos
IsWindowVisible
GetDC
ReleaseDC
RedrawWindow
GetParent
CharNextW
UnhookWinEvent
SetWinEventHook
UnregisterClassW
MessageBeep
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawStateW
SetClassLongPtrW
SetWindowRgn
SetParent
DrawEdge
BringWindowToTop
SetCursorPos
CopyIcon
DrawIcon
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
GetWindowRgn
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
ReuseDDElParam
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
MonitorFromPoint
GetMenuStringW
GetUpdateRect

gdi32

GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
CombineRgn
SetRectRgn
GetPixel
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetObjectType
Escape
GetClipBox
CreatePatternBrush
CreateHatchBrush
SetBkColor
GetClipRgn
SelectClipRgn
CreateRectRgn
ExcludeClipRect
CreateBitmap
CreateRectRgnIndirect
Polygon
CreatePen
SetBkMode
SetTextColor
StretchBlt
GetObjectW
ExtCreatePen
CreateSolidBrush
CreateFontW
EnumFontFamiliesExW
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
GetTextMetricsW
LineTo
MoveToEx
DeleteDC
BitBlt
GetCurrentObject
OffsetWindowOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
PatBlt
DPtoLP
DeleteObject
SelectObject

msimg32

TransparentBlt
AlphaBlend
GradientFill

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

GetSidSubAuthorityCount
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyW
IsValidSecurityDescriptor
GetSecurityDescriptorLength
RegEnumKeyExW
RegQueryValueW
RegDeleteKeyW
GetAce
GetAclInformation
GetSecurityDescriptorDacl
LookupAccountSidW
GetSidSubAuthority
RegCloseKey
GetSidIdentifierAuthority
IsValidSid
RegFlushKey
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
MapGenericMask
MakeSelfRelativeSD

shell32

SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
DragFinish
SHBrowseForFolderW
DragQueryFileW
SHAppBarMessage

comctl32

ImageList_AddMasked
ord412
ord413
ord410
ImageList_Create

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

GetThemePartSize
GetThemeSysColor
IsAppThemed
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

ole32

CoInitializeEx
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoDisconnectObject
CoInitialize
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
WriteClassStg
StgCreateDocfile
StgOpenStorage
CoCreateInstance

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadTypeLi
VariantChangeType
VariantCopy
VarBstrFromDate
VariantInit
SysAllocString
VariantClear
SysFreeString
SysAllocStringLen

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

AddInLog
ComplexDialog
FreeDialogResult
GetMAPIModule
SimpleDialog

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

572b2300eb10aebb47bb0ac75997b1d1

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:ccCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

70:a4:32:1f:d4:d3:a1:26:aa:d9:1f:4d:0b:00:d7:2a:47:37:37:01:05:c6:19:35:5e:86:50:1e:ca:8b:e0:e4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

version

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 219KB - Virtual size: 267KB

.pdata Size: 142KB - Virtual size: 141KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 417KB - Virtual size: 417KB

.reloc Size: 95KB - Virtual size: 94KB

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

70:a4:32:1f:d4:d3:a1:26:aa:d9:1f:4d:0b:00:d7:2a:47:37:37:01:05:c6:19:35:5e:86:50:1e:ca:8b:e0:e4
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 219KB - Virtual size: 267KB

.pdata
Size: 142KB - Virtual size: 141KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 417KB - Virtual size: 417KB

.reloc
Size: 95KB - Virtual size: 94KB