8e586caeaee62d6806471bd993bab0ea59eac4cb3a1cb80ae167c9a9ce28737f

Sharing

Copy URL Twitter E-mail

General

Target

8e586caeaee62d6806471bd993bab0ea59eac4cb3a1cb80ae167c9a9ce28737f
Size

236KB
MD5

ff4b4b04b09eb8e1b30d7f25fc4a61a1
SHA1

1c72d574f868830c10a6c63f1d64f180d8272183
SHA256

8e586caeaee62d6806471bd993bab0ea59eac4cb3a1cb80ae167c9a9ce28737f
SHA512

9098ef8276f73cc73530058ceb2b355e39bd9c029ff9da7cee8be0b87b5bf826fb90758c8bf5849ed8a96293a38019edfe124f904b5ae20d5397cbcba2b6682d
SSDEEP

3072:fP+ePOjTQKKme293Ex2ohvtC8GuVa1+oU2eFnYQ7fj7+6v2yRJQuIwvFkji+IIX5:ueWjTQH29UlhvtHrtWJBL8qw1/TGB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e586caeaee62d6806471bd993bab0ea59eac4cb3a1cb80ae167c9a9ce28737f

Files

8e586caeaee62d6806471bd993bab0ea59eac4cb3a1cb80ae167c9a9ce28737f
.dll windows:4 windows x86 arch:x86

a2a4745f9ae221ed1e545a02c4b8b126

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4431
ord4899
ord4370
ord4892
ord5076
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4108
ord1776
ord5240
ord4837
ord3748
ord5260
ord4432
ord1641
ord3626
ord3663
ord2414
ord4241
ord1908
ord4715
ord1690
ord2528
ord6055
ord5288
ord4439
ord4589
ord4588
ord771
ord1008
ord496
ord4259
ord3619
ord773
ord702
ord686
ord812
ord501
ord400
ord384
ord559
ord2863
ord5621
ord6144
ord5596
ord2408
ord3571
ord2452
ord5862
ord915
ord4191
ord2096
ord1146
ord2066
ord816
ord5789
ord562
ord640
ord2450
ord535
ord5875
ord1640
ord323
ord5710
ord2763
ord998
ord2762
ord2614
ord940
ord939
ord2054
ord5678
ord5736
ord4220
ord2584
ord3654
ord2438
ord6109
ord291
ord1644
ord1195
ord5787
ord283
ord5785
ord5290
ord4424
ord3742
ord567
ord818
ord4275
ord3693
ord5788
ord4615
ord4612
ord4610
ord4299
ord2086
ord617
ord5301
ord5214
ord296
ord1175
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord815
ord561
ord986
ord520
ord4159
ord6117
ord1134
ord4376
ord4853
ord2514
ord3597
ord324
ord4234
ord2725
ord5289
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord4823
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord5794
ord1841
ord652
ord2379
ord3711
ord783
ord6129
ord5768
ord5148
ord4694
ord1945
ord4273
ord2575
ord4396
ord3402
ord3574
ord470
ord4890
ord4964
ord4961
ord1726
ord609
ord813
ord560
ord2078
ord4284
ord2123
ord2100
ord6442
ord2152
ord1233
ord6197
ord6379
ord4160
ord3495
ord2864
ord2818
ord4723
ord613
ord289
ord6172
ord5873
ord6270
ord922
ord924
ord4508
ord5450
ord6394
ord5440
ord6383
ord6453
ord4476
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord807
ord796
ord674
ord554
ord529
ord366
ord2884
ord2494
ord2627
ord2626
ord4163
ord2120
ord4457
ord1193
ord5252
ord975
ord5030
ord4467
ord2919
ord4224
ord3452
ord6929
ord4202
ord3499
ord1941
ord3398
ord3733
ord810
ord4271
ord2862
ord1200
ord1848
ord3370
ord3640
ord2582
ord4402
ord693
ord3998
ord4243
ord2289
ord2370
ord6199
ord6334
ord1949
ord1176
ord4185
ord3643
ord394
ord696
ord909
ord5628
ord2302
ord2301
ord2645
ord2135
ord4034
ord2688
ord1907
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord5161
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord489
ord692
ord4258
ord5162
ord3803
ord5160
ord4976
ord2642
ord3610
ord656
ord3874
ord6283
ord6282
ord3721
ord809
ord795
ord556
ord1088
ord2122
ord3797
ord2859
ord6880
ord926
ord2860
ord4852
ord4375
ord5265
ord5016
ord4608
ord4750
ord4716
ord4607
ord4635
ord5067
ord429
ord1647
ord3216
ord2457
ord5510
ord3303
ord3287
ord3914
ord5683
ord4129
ord858
ord6467
ord1168
ord439
ord736
ord6877
ord2915
ord5572
ord941
ord540
ord860
ord4204
ord537
ord2764
ord800
ord823
ord825
ord1151
ord3092
ord5802
ord755
ord5981
ord6215
ord5953
ord641
ord4710
ord4229
ord4425
ord355
ord3615
ord3079
ord4627
ord4080
ord3830
ord3825
ord3831
ord2985
ord2976
ord3081
ord4465
ord3262
ord3136
ord2982
ord3259
ord3147
ord2446
ord5277
ord2124
ord5065
ord5261
ord1727
ord2055
ord3749
ord6376
ord4834
ord2648
ord4441
ord4353
ord3798
ord5280
ord2385
ord6374
ord5163
ord1775
ord5241
ord4407
ord2515
ord4078
ord6052
ord4341
ord4998
ord4349
ord1825
ord4238
ord1232
ord600
ord826
ord1578
ord1243
ord1575
ord1577
ord1182
ord342
ord269
ord1197
ord1570
ord1253
ord1255
ord1116

msvcrt

_ftol
_mbschr
_mbstok
strncmp
fgets
_access
strstr
_mbsstr
_stat
__dllonexit
_onexit
?terminate@@YAXXZ
_adjust_fdiv
_strupr
realloc
strlen
__CxxFrameHandler
_purecall
memcmp
_mbsnbcpy
atol
strcpy
toupper
_mbsrchr
_mbsnbcmp
_mbsupr
sprintf
atoi
_strnicmp
fclose
fread
fseek
fopen
memset
_stricmp
_mbscmp
_except_handler3
strncpy
_initterm
free
_strdup
memcpy
malloc
time
strcat
_mbsicmp
_mbsnbcat
strcmp
_strlwr
strrchr
ftell
rand
??1type_info@@UAE@XZ

kernel32

GetDriveTypeA
lstrcmpiA
WritePrivateProfileStringA
SetFilePointer
ReadFile
GetCurrentProcessId
OpenMutexA
lstrcpyA
IsBadStringPtrA
GlobalAlloc
GetEnvironmentVariableA
GlobalLock
GetCurrentDirectoryA
GlobalUnlock
LoadResource
GetVersion
FindResourceA
GetModuleFileNameA
FindNextFileA
GlobalFree
FindFirstFileA
FindClose
GetLastError
CreateFileA
GetFileSize
lstrcpynA
LoadLibraryA
FreeLibrary
CloseHandle
InterlockedIncrement
IsBadReadPtr
InterlockedDecrement
GetProcAddress
GetPrivateProfileIntA
IsBadWritePtr
OutputDebugStringA
WideCharToMultiByte
lstrlenW
SetCurrentDirectoryA
Sleep
GetWindowsDirectoryA
WinExec
CreateDirectoryA
InterlockedExchange
GetTimeZoneInformation
lstrcatA
GetVolumeInformationA
GetVersionExA
GetSystemDirectoryA
LocalAlloc
LocalFree
SetEnvironmentVariableA
GetPrivateProfileStringA

user32

MoveWindow
EnumChildWindows
RedrawWindow
CreateWindowExA
DestroyWindow
IsZoomed
GetMenuState
GetMenuStringA
CheckMenuItem
SetWindowPos
CreateMenu
MessageBoxA
GetClassInfoA
LoadIconA
RemoveMenu
InvalidateRect
SetWindowLongA
MessageBeep
GetCursorPos
SetRect
IsWindowVisible
GetMenu
GetSubMenu
DeleteMenu
AppendMenuA
GetMessageA
TranslateMessage
DispatchMessageA
SetCapture
LoadCursorA
SetCursor
ReleaseCapture
IsWindow
UpdateWindow
SetTimer
GetParent
GetMessageTime
CallWindowProcA
KillTimer
CreatePopupMenu
PostMessageA
GetClientRect
GetWindowRect
GetDC
ReleaseDC
CopyIcon
PtInRect
LoadImageA
MapVirtualKeyA
GetKeyNameTextA
GetMenuItemCount
SetMenuItemInfoA
CopyAcceleratorTableA
LoadBitmapA
InflateRect
CopyRect
DrawEdge
OffsetRect
DrawStateA
DestroyIcon
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
GetSysColor
EnableWindow
ScreenToClient
RegisterClipboardFormatA
FindWindowA
SendMessageA
ClientToScreen
DestroyCursor
SendMessageTimeoutA

gdi32

DeleteObject
CreateFontA
StretchDIBits
CreateCompatibleBitmap
GetDeviceCaps
ExtTextOutA
Ellipse
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
CreateFontIndirectA
CreatePen
Rectangle
CreateBitmap
PatBlt
GetStockObject
GetTextExtentPoint32A

comdlg32

GetFileTitleA

advapi32

RegEnumKeyA
RegQueryValueA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHGetMalloc

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetImageInfo

ole32

CoInitialize
CoUninitialize
CoCreateInstance
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoLockObjectExternal

msvcp60

??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Lockit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

ChangeToPlayerMode
ExitFullScreen
Initialize
ShowFullScreen
UpdateVolume

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2a4745f9ae221ed1e545a02c4b8b126

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

msvcp60

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 32KB - Virtual size: 105KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 32KB - Virtual size: 105KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 20KB - Virtual size: 16KB