e23bd96cc9ea1a604b088f47cf84ceeb

Sharing

Copy URL

Twitter E-mail

General

Target

e23bd96cc9ea1a604b088f47cf84ceeb
Size

87KB
MD5

e23bd96cc9ea1a604b088f47cf84ceeb
SHA1

de194881aef3ef73cd49a61d6c7afb46c261e70c
SHA256

370f9489112269c396d7a67be8005e215896280ef94f5d7a22468ff45a2c8767
SHA512

1dd2437b189a73765547fdea2e225abad3eba441408d0ec3db53427d6472f93ac4ac77cabc506f587068b71b3b0fc29f41cbefc0c0e267ae9f4d2035ce5c8c42
SSDEEP

1536:h4L4o5hGnhwHJiJQXXMO+BHc3xBKdW+yochm9NCpIpqyDJY:h4LHkhwEJ6XMOFBcdW+yxSRY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e23bd96cc9ea1a604b088f47cf84ceeb

Files

e23bd96cc9ea1a604b088f47cf84ceeb
.exe windows:5 windows x86 arch:x86

f47bc854b19afe7ffdc6deebe3865383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__mbctype
_mbscoll
__p__wpgmptr
vwprintf
ldiv
_fstat
?raw_name@type_info@@QBEPBDXZ
_tzname
_copysign
_adj_fdiv_m16i
_ismbcspace
acos
_cwait
_ismbblead
_fcvt
_fmode
_adj_fpatan
__uncaught_exception
_wputenv
_assert
vfwprintf
_mbctombb
?name@type_info@@QBEPBDXZ
_adj_fdiv_m64
_statusfp

hhsetup

?SetOrder@CFolder@@QAEXK@Z
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?RemoveAll@CFIFOString@@QAEXXZ
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
??4CFolder@@QAEAAV0@ABV0@@Z
?SetPath@CLocation@@QAEXPBD@Z
?CheckTitleRef@CCollection@@AAEKPBGG@Z
??4CPointerList@@QAEAAV0@ABV0@@Z
?Dirty@CCollection@@QAEXXZ
?GetCollectionFileName@CCollection@@QAEPBDXZ
?GetNextTitle@CTitle@@QAEPAV1@XZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z
?WriteFolders@CCollection@@AAEHPAPAVCFolder@@@Z
?HandleCollection@CCollection@@AAEKPAVCParseXML@@PAD@Z
??0CCollection@@QAE@XZ

crtdll

iswgraph
_statusfp
_initterm
wcsncmp
strtol
div
getc
_osmode_dll
_j1
_strspnp
_y1
_basemajor_dll
_mbsnextc
memcmp
_stricoll
_except_handler2
_putw
_chsize
_ismbcalpha

dbghelp

SymLoadModuleEx
SymUnloadModule64
SymGetSearchPath
srcfiles
DbgHelpCreateUserDumpW
ImagehlpApiVersionEx
SymGetSymFromAddr64
SymSetSearchPath
SymMatchString
SymGetSymPrev64
SymGetLineFromAddr64
SymGetLineNext
dbghelp
UnDecorateSymbolName
SymCleanup
SymInitialize
SymGetLineFromName
MakeSureDirectoryPathExists
vc7fpo
SymEnumerateSymbolsW
UnmapDebugInformation

kernel32

SetFileTime
GetTickCount
SetProcessShutdownParameters
GetCurrentThreadId
HeapLock
LoadLibraryA
GetStartupInfoA
ExitThread
DebugActiveProcess
GetProfileIntW
HeapCreate
VirtualAlloc
Process32FirstW
FindFirstFileExA
CreateRemoteThread
GetLastError
TlsFree
SetFileShortNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
FileTimeToSystemTime

msdart

??4CCritSec@@QAEAAV0@ABV0@@Z
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?_ExtractKey@CLKRLinearHashTable@@ABE?BKPBX@Z
?_Unlock@CSpinLock@@AAEXXZ
SetMemHook
?GetSpinCount@CReaderWriterLock@@QBEGXZ
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
??0CLockedSingleList@@QAE@XZ
?_CurrentThreadId@CSmallSpinLock@@CGJXZ
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z

user32

DefWindowProcA
RegisterClassA
PostQuitMessage

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f47bc854b19afe7ffdc6deebe3865383

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

hhsetup

crtdll

dbghelp

kernel32

msdart

user32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 300B