d4af0fab7c01fcbe6bbcc2b954617f98

Sharing

Copy URL Twitter E-mail

General

Target

d4af0fab7c01fcbe6bbcc2b954617f98
Size

96KB
MD5

d4af0fab7c01fcbe6bbcc2b954617f98
SHA1

ba3e7bef6f3cfb36db497d600ebdd0b740d0055f
SHA256

e4a82c170ab5f14f0ec03fc336c60766aa82bcd76ae75882208a4a0ffc283728
SHA512

1f164e687ffe19d030a4a3effe37d5b2f97d4e8e626dccd57258cae9f32e344b8a28f54d668d894d341c03fc33f9714c607e46c75dd39c15d28b332b4aa94112
SSDEEP

1536:MfdZF/mdr0Oo/+CTtM1k8WsFefPwtwHUgo9iNppf3348Nb7bR55XXHn7gccXJwiQ:cbaPo/HiAsFiw2o9iNppf33TNb7bR557

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4af0fab7c01fcbe6bbcc2b954617f98

Files

d4af0fab7c01fcbe6bbcc2b954617f98
.exe windows:4 windows x86 arch:x86

41ea33b300b85d3483c7baa9299cfa13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
GlobalFree
GlobalAlloc
WaitForSingleObject
CreateEventA
SetEvent
CreateMutexA
ExpandEnvironmentStringsA
GetSystemDirectoryA
CreateProcessA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateSemaphoreA
DeleteCriticalSection
ReleaseSemaphore
DeviceIoControl
LocalFree
CopyFileA
lstrcatA
HeapAlloc
GetProcessHeap
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
HeapReAlloc
SetLastError
WideCharToMultiByte
FreeLibrary
GetStartupInfoA
RaiseException
InterlockedExchange
LocalAlloc
SetConsoleCtrlHandler
GetModuleHandleA
ExitProcess
GetModuleFileNameA
GetLastError
GetVersionExA
OutputDebugStringA
WriteFile
GetStdHandle
FreeConsole
EnterCriticalSection
AllocConsole
GetTempPathA
GetTempFileNameA
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetTickCount
ReadFile
Sleep
lstrcpynA
GetFullPathNameA
MultiByteToWideChar
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileSize
CreateDirectoryA
GetLocalTime
CreateFileA
CloseHandle
HeapFree
DeleteFileA

user32

DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
IsCharAlphaNumericA
DestroyWindow
DefWindowProcA
CreateWindowExA
RegisterClassA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
RegCreateKeyA
RegDeleteValueA
RegCloseKey
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
GetUserNameA
LookupAccountNameA
IsValidSid
GetLengthSid
CopySid
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

msvcrt

atol
_controlfp
__set_app_type
__p__fmode
__p__commode
malloc
free
strlen
__CxxFrameHandler
??2@YAPAXI@Z
sprintf
_beginthreadex
strcat
printf
_purecall
strcpy
_snprintf
_vsnprintf
strftime
localtime
time
memset
_mbslen
_mbscmp
setvbuf
_fdopen
_open_osfhandle
_iob
__p___argv
__p___argc
strcmp
strerror
_errno
sscanf
_CxxThrowException
_stricmp
memmove
memcmp
_ftol
fclose
_filelength
strncmp
fread
fseek
fopen
wcslen
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41ea33b300b85d3483c7baa9299cfa13

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp60

msvcrt

version

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 952B

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 952B