7c5189ce8bb683d5a9dc377a3ff8ffc04eef917aee468efa633e5bded96cfeaf

Sharing

Copy URL Twitter E-mail

General

Target

7c5189ce8bb683d5a9dc377a3ff8ffc04eef917aee468efa633e5bded96cfeaf
Size

750KB
MD5

52d574524d15137c7be7f05e70d00b5d
SHA1

589b5e4e9b1da1dd93356eef8c70d517a18d1e49
SHA256

7c5189ce8bb683d5a9dc377a3ff8ffc04eef917aee468efa633e5bded96cfeaf
SHA512

b1ace5e1747d797b10517d728b9db00d3541ce5b06ad786cc614124bd4ba0b289db442e3804fb2566d591b84c2bed0575774feaa426f0fc5a9142ade753dc481
SSDEEP

3072:Uhs+QQHpTNMCgnQmlcOArbI/wPeNyM6/bBMcpKEhb2l4oMBZ/qVaOrzZdS5xt7f:RENJgangr6+c4lBc/qr5dy7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c5189ce8bb683d5a9dc377a3ff8ffc04eef917aee468efa633e5bded96cfeaf

Files

7c5189ce8bb683d5a9dc377a3ff8ffc04eef917aee468efa633e5bded96cfeaf
.exe windows:6 windows x86 arch:x86

e1e9547d0a90207eb0e144c1ae5ebf96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\00\mt-1477\bin\Debug\LogShow.pdb

Imports

exctrl

?Clear@CMyListCtrl@@QAEXXZ
?InsertItemInt@CMyListCtrl@@QAEHHH@Z
?SetColSelectMode@CMyListCtrl@@QAEX_N@Z
?InsertColumn@CMyListCtrl@@QAEHHPBDIH@Z
?SetFont@CMyListCtrl@@QAEXHHHHPBD@Z
?SetHeadTextColor@CMyListCtrl@@QAEXKH@Z
?SetHeadFont@CMyListCtrl@@QAEXHHHHPBD@Z
?SetRowHeigt@CMyListCtrl@@QAEXH@Z
?SetColTextColor@CMyListCtrl@@QAEXHK@Z
?SetRowColor@CMyListCtrl@@QAEXHK@Z
?SetHeadBKColor@CMyListCtrl@@QAEXKHH@Z
??0CMyListCtrl@@QAE@XZ
?SetBitmaps@CXULButtonEX@@QAEKHKHK@Z
??0CXULButtonEX@@QAE@XZ
??1CMyListCtrl@@UAE@XZ
??1CXULButtonEX@@UAE@XZ
?ClearHead@CMyListCtrl@@QAEXXZ
?SetBarColour@C3DBar@@QAEXK@Z

common

?execDML@CppSQLite3DB@@QAEHPBD@Z
?close@CppSQLite3DB@@QAEXXZ
?open@CppSQLite3DB@@QAEXPBD@Z
??1CppSQLite3DB@@UAE@XZ
?execQuery@CppSQLite3DB@@QAE?AVCppSQLite3Query@@PBD@Z
?finalize@CppSQLite3Query@@QAEXXZ
?nextRow@CppSQLite3Query@@QAEXXZ
?eof@CppSQLite3Query@@QAE_NXZ
?getStringField@CppSQLite3Query@@QAEPBDHPBD@Z
??1CppSQLite3Query@@UAE@XZ
??0CppSQLite3DB@@QAE@XZ

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateMutexA
MultiByteToWideChar
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameA
HeapDestroy
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
SetLastError
WideCharToMultiByte
CreateEventW
IsDebuggerPresent
GetStartupInfoW
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
VirtualQuery
FreeLibrary
OutputDebugStringW
GetLastError
GetProcessHeap
InitializeCriticalSectionAndSpinCount

user32

GetForegroundWindow
AttachThreadInput
OffsetRect
FindWindowA
GetWindowThreadProcessId
IsWindow
UnregisterClassA
GetSystemMetrics
GetClassInfoA
PostQuitMessage
SetForegroundWindow
PeekMessageA

gdi32

DeleteDC

shell32

SHAppBarMessage
SHFileOperationA

mfc140d

ord1240
ord14097
ord14147
ord9825
ord14129
ord7159
ord4483
ord2604
ord8222
ord1090
ord15650
ord16241
ord7685
ord17126
ord7686
ord17127
ord7684
ord17125
ord9535
ord14513
ord16915
ord13837
ord13838
ord2371
ord9476
ord15029
ord4747
ord4808
ord11139
ord17051
ord9454
ord17053
ord14523
ord14524
ord2884
ord12131
ord6440
ord9960
ord9532
ord5490
ord14942
ord15010
ord12187
ord14137
ord10043
ord1599
ord3021
ord5142
ord9109
ord10143
ord2558
ord1220
ord1036
ord1646
ord7110
ord9771
ord16747
ord3582
ord311
ord312
ord1673
ord1938
ord1942
ord7163
ord3563
ord5575
ord10466
ord15002
ord10140
ord532
ord17064
ord3451
ord1250
ord538
ord1253
ord7814
ord5624
ord5646
ord8116
ord879
ord2343
ord14666
ord6832
ord7443
ord15254
ord5086
ord2976
ord322
ord6350
ord2348
ord2347
ord14672
ord6834
ord7447
ord8230
ord4524
ord378
ord4240
ord543
ord3972
ord3971
ord4214
ord7150
ord8232
ord15446
ord4884
ord963
ord1512
ord2878
ord4445
ord4326
ord8398
ord14046
ord3847
ord3967
ord3966
ord4586
ord13999
ord3217
ord6518
ord15206
ord16538
ord1218
ord6768
ord7186
ord15975
ord9198
ord9824
ord16531
ord9322
ord6208
ord15111
ord16643
ord10004
ord13554
ord6523
ord15661
ord8244
ord5696
ord15821
ord16960
ord17052
ord9455
ord17054
ord3628
ord5380
ord11437
ord6986
ord5394
ord5928
ord5867
ord5852
ord5914
ord5959
ord5882
ord5937
ord5953
ord5894
ord5900
ord5906
ord5888
ord5943
ord5876
ord2027
ord2006
ord2020
ord1994
ord1972
ord14155
ord14159
ord16191
ord3848
ord10994
ord12807
ord11036
ord11118
ord13355
ord13474
ord13513
ord8405
ord4729
ord3086
ord5382
ord10692
ord17046
ord13785
ord4467
ord13963
ord10874
ord13563
ord13562
ord6798
ord12039
ord12035
ord12037
ord12038
ord12036
ord17243
ord9816
ord12005
ord3890
ord3893
ord7896
ord3745
ord3744
ord4007
ord4006
ord489
ord12225
ord13218
ord12821
ord10769
ord2925
ord5026
ord14050
ord10947
ord3309
ord16040
ord7506
ord14006
ord12844
ord8950
ord1056
ord520
ord2581
ord10084
ord2680
ord15437
ord7013
ord7067
ord15915
ord6831
ord8281
ord6183
ord15509
ord7012
ord7003
ord7898
ord493
ord14051
ord10973
ord8952
ord17058
ord2610
ord13966
ord1880
ord2724
ord4749
ord9661
ord6274
ord6678
ord6956
ord11091
ord6648
ord6959
ord6277
ord6506
ord6256
ord9208
ord15760
ord6504
ord9829
ord15253
ord1655
ord1645
ord1653
ord2777
ord2773
ord270
ord267
ord12000
ord10946
ord1257
ord9209
ord1171
ord1577
ord1471
ord2875
ord5752
ord5574
ord1939
ord1674
ord1671
ord1141
ord316
ord8414
ord306
ord1065
ord2801

comctl32

InitCommonControlsEx

gdiplus

GdiplusShutdown

vcruntime140d

memmove
__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
memcpy
__CxxFrameHandler3
memset

ucrtbased

_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_controlfp_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
_configthreadlocale
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
atoi
fputs
fopen
fgets
fclose
strlen
_CrtDbgReportW
_CrtDbgReport
_time64
strftime
_localtime64_s
malloc
free
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
__stdio_common_vswprintf_s
_ismbblead
wcslen
wcscpy_s
_setmbcp
_cexit

oleaut32

SysFreeString

Exports

Exports

??0?$CExArray@U_CELLVALUE@@@@QAE@ABV0@@Z
??0?$CExArray@U_CELLVALUE@@@@QAE@H@Z
??0CBaseObject@@QAE@$$QAV0@@Z
??0CBaseObject@@QAE@ABV0@@Z
??0axis@@QAE@$$QAV0@@Z
??0axis@@QAE@ABV0@@Z
??0axis@@QAE@XZ
??0legend@@QAE@$$QAV0@@Z
??0legend@@QAE@ABV0@@Z
??0legend@@QAE@XZ
??0timeaxis@@QAE@$$QAV0@@Z
??0timeaxis@@QAE@ABV0@@Z
??0timeaxis@@QAE@XZ
??1?$CExArray@U_CELLVALUE@@@@UAE@XZ
??1CBaseObject@@QAE@XZ
??1axis@@QAE@XZ
??1legend@@QAE@XZ
??1timeaxis@@QAE@XZ
??4?$CExArray@U_CELLVALUE@@@@QAEAAV0@ABV0@@Z
??4CBaseObject@@QAEAAV0@$$QAV0@@Z
??4CBaseObject@@QAEAAV0@ABV0@@Z
??4axis@@QAEAAV0@$$QAV0@@Z
??4axis@@QAEAAV0@ABV0@@Z
??4legend@@QAEAAV0@$$QAV0@@Z
??4legend@@QAEAAV0@ABV0@@Z
??4serie@@QAEAAV0@ABV0@@Z
??4timeaxis@@QAEAAV0@$$QAV0@@Z
??4timeaxis@@QAEAAV0@ABV0@@Z
??_7?$CExArray@U_CELLVALUE@@@@6B@
??_F?$CExArray@U_CELLVALUE@@@@QAEXXZ
?Display@CStaticCounter@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?DisplayFloat@CStaticCounter@@QAEXM_NV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?DisplayInt@CStaticCounter@@QAEXH_NV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?DisplayTime@CStaticCounter@@QAEXIIIIV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?DisplayTime@CStaticCounter@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetCoefficient@CNumEdit@@QAENXZ
?GetLedMode@CLed@@QAEHXZ
?GetMax@CNumEdit@@QAENXZ
?GetMaxNumofDecimalPlaces@CNumEdit@@QAEHXZ
?GetMin@CNumEdit@@QAENXZ
?GetName@CBaseObject@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetPos@CStaticCounter@@QAEMXZ
?GetVersionC@CXULButton@@SAPBDXZ
?GetVersionC@CXULButtonEX@@SAPBDXZ
?GetVersionI@CXULButton@@SAFXZ
?GetVersionI@CXULButtonEX@@SAFXZ
?SetAllowInteraction@CStaticCounter@@QAEX_N@Z
?SetBKColor@CMultiLayerView@@QAEXK@Z
?SetBarHeight@CStaticCounter@@QAEXH@Z
?SetBlankPadding@CStaticCounter@@QAEXH@Z
?SetCoefficient@CNumEdit@@QAEXN@Z
?SetColourFaded@CStaticCounter@@QAEXK@Z
?SetColours@CStaticCounter@@QAEXKKK@Z
?SetDraw3DBar@CStaticCounter@@QAEX_N@Z
?SetDrawFaded@CStaticCounter@@QAEX_N@Z
?SetFitIn@CMultiLayerView@@QAEXH@Z
?SetFormatString@CStaticCounter@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetID@CStaticCounter@@QAEXI@Z
?SetMax@CNumEdit@@QAEXN@Z
?SetMaxNumofDecimalPlaces@CNumEdit@@QAEXH@Z
?SetMin@CNumEdit@@QAEXN@Z
?SetName@CBaseObject@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetPos@CStaticCounter@@QAEXH_NMM@Z
?SetPos@CStaticCounter@@QAEXM_NMM@Z
?SetRange@CStaticCounter@@QAEXMM@Z
?SetTransparent@CNumEdit@@QAEX_N@Z
?Update@CStaticCounter@@IAEXXZ

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1e9547d0a90207eb0e144c1ae5ebf96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

exctrl

common

kernel32

user32

gdi32

shell32

mfc140d

comctl32

gdiplus

vcruntime140d

ucrtbased

oleaut32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 438KB - Virtual size: 437KB

.data Size: 2KB - Virtual size: 13KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 111KB - Virtual size: 110KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 438KB - Virtual size: 437KB

.data
Size: 2KB - Virtual size: 13KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 15KB - Virtual size: 14KB