cbedf6e30399cfea0fadba112d9a0c66

Sharing

Copy URL

Twitter E-mail

General

Target

cbedf6e30399cfea0fadba112d9a0c66
Size

1.1MB
MD5

cbedf6e30399cfea0fadba112d9a0c66
SHA1

fd055eccf4754d8874c2f08393e207eb83b431d0
SHA256

5387050f88406e9e3e4fbc76490cec9ded6a6e10b30103699e1b387036337f2a
SHA512

bb379db7ae1bff282c8bb00f442159eb79c72dac4258c77094719ae27dbe5eb9622840718d07a9e4fc6551a2b4705a42814174f60d9f00e1d8659e41b7431084
SSDEEP

12288:cUqGfLYoNC7PI7xqobbyrbxJnCA3vLMpepBSFTLEn0jzY4WwZ8cZ6EX9dPR2EB0K:GnPK8jMrYkzkwZ8cFPR2DtIoOFdT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbedf6e30399cfea0fadba112d9a0c66

Files

cbedf6e30399cfea0fadba112d9a0c66
.exe windows:4 windows x86 arch:x86

028a8f974294fe43f9596aa12cc54ebc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80u

ord5178
ord354
ord577
ord1118
ord870
ord3756
ord293
ord3635
ord283
ord1079
ord572
ord3311
ord4255
ord2985
ord5210
ord4234
ord1393
ord5911
ord6721
ord1582
ord2086
ord741
ord1883
ord762
ord776
ord4109
ord2311
ord1872
ord3189
ord620
ord4574
ord1472
ord3204
ord1925
ord2362
ord3198
ord1271
ord1006
ord563
ord6227
ord1545
ord2260
ord3224
ord2952
ord4232
ord2083
ord658
ord3873
ord1785
ord5869
ord3869
ord1562
ord3158
ord4226
ord1536
ord2077
ord587
ord266
ord265
ord3176
ord2942
ord1784
ord630
ord2741
ord2012
ord385
ord4119
ord774
ord3460
ord742
ord635
ord562
ord553
ord395
ord4259
ord4271
ord1297
ord2164
ord5201
ord5144
ord3939
ord1548
ord4013
ord2418
ord2419
ord2986
ord5352
ord940
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord1904
ord2237
ord751
ord5855
ord4293
ord5161
ord5889
ord5890
ord4244
ord3642
ord287
ord1086
ord3677
ord4461
ord4463
ord6086
ord593
ord5221
ord5113
ord334
ord956
ord547
ord4025
ord5971
ord566
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord757
ord2239
ord760
ord3331
ord3444
ord4699
ord1479
ord2895
ord6111
ord282
ord6700
ord280
ord1299
ord2167
ord1156
ord896
ord1906
ord2261
ord899
ord5923
ord5925
ord2547
ord3678
ord616
ord368
ord4258
ord4476
ord6039
ord5930
ord2762
ord4206
ord4216
ord1913
ord4733
ord4846
ord4251
ord5491
ord2736
ord5408
ord1370
ord5588
ord5152
ord2042
ord2007
ord6234
ord2615
ord2608
ord4560
ord4074
ord5558
ord3927
ord278
ord1908
ord629
ord1430
ord6284
ord5083
ord384
ord5484
ord5524
ord1443
ord744
ord5342
ord555
ord1476
ord6161
ord3990
ord3639
ord3459
ord5170
ord4929
ord1351
ord3238
ord2085
ord4094
ord1946
ord2365
ord1274
ord1058
ord2361
ord5862
ord2876
ord2788
ord6140
ord6764
ord393
ord4267
ord1547
ord3338
ord5200
ord5147
ord5910
ord6763
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4172
ord4165
ord4382
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord2413
ord2414
ord2415
ord2412
ord2411
ord3641
ord4754
ord631
ord1431
ord2745
ord2279
ord2271
ord386
ord5518
ord3079
ord4581
ord3165
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord591
ord3309
ord1580
ord1638
ord739
ord5803
ord4112
ord1864
ord1876
ord1871
ord1781
ord2648
ord2159
ord3286
ord1572
ord1634
ord715
ord5636
ord326
ord5727
ord5637
ord502
ord3995
ord4117
ord4743
ord3306
ord1579
ord1637
ord736
ord2366
ord5965
ord1178
ord1176
ord1182
ord4729
ord4884
ord2011
ord1198
ord1662
ord1661
ord1542
ord6720
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord557
ord745
ord5711
ord6002
ord2347
ord894
ord3395
ord5829
ord4347
ord2121
ord1066
ord1155
ord1183
ord1894
ord3753
ord5091
ord860
ord556
ord2460
ord5398
ord5485
ord6061
ord3752
ord5416
ord5480
ord6293
ord5327
ord6282
ord1571
ord5316
ord1172
ord3249
ord6173
ord2340
ord6167
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord605
ord2651
ord6063
ord3435
ord3034
ord764

msvcr80

_localtime64_s
mbstowcs_s
_purecall
memcpy_s
_time64
memset
clock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
wcsftime
_initterm
_wcmdln
_XcptFilter
wcschr
_wfopen
fwprintf
fclose
wcscmp
floor
fabs
iswalpha
wcstod
_wsplitpath_s
wcsncat_s
wcscpy_s
memmove
wcslen
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_invalid_parameter_noinfo
_wcsupr_s
_wtoi
_wtof
__CxxFrameHandler3
_CIlog
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_initterm_e
_crt_debugger_hook
iswspace
wcscat_s
_vsnwprintf_s
_wcsicmp
wcsstr
wcsrchr
ceil
abs
malloc
free
memcpy
labs
sqrt
_CIsqrt
wcsnlen
_exit
_cexit
__wgetmainargs
_amsg_exit
strncpy
exit
srand
memcmp
fseek
fgets
strtod
fopen
fprintf
qsort
pow
printf
log
exp
strlen
sprintf
strcmp
rand
_snwprintf_s
wcsncpy_s

kernel32

FindFirstFileW
GetFileAttributesExW
FindNextFileW
FindClose
GetFullPathNameW
GetFileAttributesW
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
CloseHandle
IsDebuggerPresent
GetLastError
ReadFile
CreateFileW
WaitForSingleObject
SetEvent
GetExitCodeThread
CreateThread
CreateEventW
InterlockedExchange
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
IsBadStringPtrW
GetModuleFileNameW
OutputDebugStringW
MultiByteToWideChar
lstrlenA
HeapFree
GetProcessHeap
lstrlenW
GetVersionExA
DeleteCriticalSection
UnhandledExceptionFilter
CopyFileW
ReleaseMutex
Sleep
InterlockedCompareExchange
GetCurrentProcess
SetUnhandledExceptionFilter
GetLocalTime
GetComputerNameW
GetStartupInfoW

user32

LoadBitmapW
GetSubMenu
InsertMenuW
GetMenuItemID
GetMenuItemCount
EnableMenuItem
CheckMenuItem
AppendMenuW
DeleteMenu
RegisterWindowMessageW
IsWindow
UpdateWindow
EnableWindow
GetClientRect
PostMessageW
SendMessageW
DrawMenuBar
ReleaseDC
GetDC
UnregisterClassA
GetMenu
LoadMenuW
CopyRect
MessageBeep
FlashWindow
SetRectEmpty
SubtractRect
IsWindowVisible
RedrawWindow
GetSysColorBrush
LoadCursorW
GetClassInfoW
GetSystemMetrics
GetWindowLongW
DestroyWindow
GetParent
LoadImageW

gdi32

CreateFontIndirectW
GetStockObject
SetStretchBltMode
CreateDIBSection
StretchBlt
DeleteObject
GetDIBColorTable
SetDIBColorTable
DeleteDC
CreateCompatibleDC
SelectObject
Rectangle
GetObjectW
GetTextMetricsW

msimg32

GradientFill
TransparentBlt
AlphaBlend

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoInitialize
OleRun
CoCreateInstance

oleaut32

VariantCopy
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
GetErrorInfo
VariantChangeType
VariantClear
SysStringLen

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

gdiplus

GdiplusShutdown

advapi32

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

028a8f974294fe43f9596aa12cc54ebc

Headers

File Characteristics

Imports

mfc80u

msvcr80

kernel32

user32

gdi32

msimg32

shell32

ole32

oleaut32

msvcp80

gdiplus

advapi32

Sections

.text Size: 596KB - Virtual size: 595KB

.rdata Size: 224KB - Virtual size: 222KB

.data Size: 8KB - Virtual size: 25KB

.rsrc Size: 36KB - Virtual size: 33KB

.tc Size: 244KB - Virtual size: 244KB

.text
Size: 596KB - Virtual size: 595KB

.rdata
Size: 224KB - Virtual size: 222KB

.data
Size: 8KB - Virtual size: 25KB

.rsrc
Size: 36KB - Virtual size: 33KB

.tc
Size: 244KB - Virtual size: 244KB