824b417e231390ab7b45b0ad2b6554ff6caea44dcee66b0fb84f03570328285d

Sharing

Copy URL Twitter E-mail

General

Target

824b417e231390ab7b45b0ad2b6554ff6caea44dcee66b0fb84f03570328285d
Size

476KB
MD5

8dc49102798ea1796add8d15e7a2dd57
SHA1

70391ca0fb6ca9905d6b0c51aa7fa130480b16cc
SHA256

824b417e231390ab7b45b0ad2b6554ff6caea44dcee66b0fb84f03570328285d
SHA512

be42c772e1d9c2be4ae05063700cb30caf7a56c25926dea12dea328dad8cb6b6a3cd28cee2527ea80415ed6730ee2f97477e0f621389c087fe31b791424309b7
SSDEEP

12288:usf3RwfJEW6199o0efe0WjJkMZI33J/h542aTjh:1wfJEW6199o0em0G+31428jh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
824b417e231390ab7b45b0ad2b6554ff6caea44dcee66b0fb84f03570328285d

Files

824b417e231390ab7b45b0ad2b6554ff6caea44dcee66b0fb84f03570328285d
.exe windows:4 windows x86 arch:x86

9e960ec1056a66fc99155be312cf065a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsdbmap

??0CDsDataBaseMap@@QAE@PAE@Z
?GetBlockIndexFromTagName@CDsDataBaseMap@@QAEHEPAD@Z
?SetBlockCurrentDblValue@CDsDataBaseMap@@QAEHEIN@Z
?DisableDataMapAccess@CDsDataBaseMap@@QAEXXZ
?ScanDatabaseMap@CDsDataBaseMap@@QAEHXZ
?GetDataMapAccess@CDsDataBaseMap@@QAEHK@Z
??1CDsDataBaseMap@@QAE@XZ
?SetVtBlockText@CDsDataBaseMap@@QAEHIPAD@Z

iphlpapi

GetAdaptersInfo

devtable

??0CDevdataTable@@QAE@VCString@@@Z
??1CDevdataTable@@QAE@XZ

dog_windows_3148214

ord15
ord17
ord13
ord6
ord4
ord14

mfc42d

ord3201
ord459
ord2324
ord2435
ord4811
ord3573
ord2790
ord877
ord3598
ord450
ord3170
ord454
ord2760
ord4457
ord1639
ord316
ord1295
ord684
ord880
ord901
ord1087
ord413
ord1631
ord736
ord492
ord487
ord485
ord2168
ord4195
ord3629
ord4017
ord1862
ord4753
ord1364
ord4208
ord3658
ord1952
ord1228
ord2875
ord317
ord574
ord1756
ord1761
ord3524
ord3948
ord4896
ord418
ord4951
ord4934
ord4676
ord3432
ord1808
ord3070
ord3831
ord4061
ord3400
ord2995
ord4566
ord3697
ord5056
ord558
ord298
ord1772
ord4932
ord5082
ord4655
ord5072
ord1757
ord4784
ord734
ord4653
ord812
ord2640
ord824
ord823
ord721
ord3803
ord3552
ord5077
ord3702
ord1880
ord1860
ord4415
ord3231
ord1033
ord4130
ord1789
ord2661
ord4227
ord4229
ord3366
ord3826
ord4239
ord4215
ord4408
ord3784
ord2021
ord1285
ord2986
ord706
ord1660
ord3403
ord349
ord717
ord4381
ord3481
ord5019
ord5016
ord3554
ord2129
ord3483
ord528
ord903
ord945
ord1549
ord2052
ord4630
ord813
ord2104
ord737
ord2255
ord4258
ord1510
ord2636
ord590
ord4123
ord899
ord342
ord5086
ord489
ord3393
ord4405
ord2423
ord2409
ord3163
ord4053
ord3960
ord1906
ord3365
ord3934
ord4028
ord3923
ord3862
ord711
ord4475
ord943
ord2291
ord3655
ord4291
ord1727
ord1100
ord879
ord668
ord4864
ord4978
ord1799
ord573
ord646
ord3553
ord556
ord728
ord478
ord293
ord680
ord2965
ord4492
ord1288
ord2024
ord3657
ord3786
ord3367
ord2431
ord3142
ord3144
ord3143
ord2339
ord2432
ord2341
ord2585
ord2473
ord3691
ord2584
ord2481
ord2340
ord4205
ord1830
ord4191
ord1344
ord4064
ord3002
ord5078
ord1566
ord2076
ord3670
ord3944
ord3069
ord1857
ord1310
ord2078
ord4216
ord3618
ord5076
ord4118
ord1781
ord4176
ord3651
ord1365
ord3362
ord4756
ord1190
ord1041
ord1743

msvcrtd

__CxxFrameHandler
_ftol
memset
pow
free
malloc
fabs
cos
_controlfp
sin
wcslen
_CxxThrowException
_setmbcp
??1type_info@@UAE@XZ
_CrtSetBreakAlloc
_CrtIsMemoryBlock
fmod
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
atoi
memcpy

kernel32

Process32First
OpenProcess
TerminateProcess
Process32Next
GetVersionExA
GetModuleHandleA
GetCurrentProcess
LocalAlloc
CreateMutexA
GetLastError
OpenMutexA
CloseHandle
WinExec
FindClose
SetErrorMode
LocalFree
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLocalTime
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Sleep
GetWindowsDirectoryA
SetCurrentDirectoryA
TerminateThread
FindNextFileA
GetTickCount
MultiByteToWideChar
InterlockedDecrement
SuspendThread
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrlenA
CreateFileA
GlobalFree
DeviceIoControl
GlobalAlloc
GetSystemTime
GetStartupInfoA
FreeLibrary
GetVolumeInformationA
FindFirstFileA
GetDiskFreeSpaceExA
ResumeThread
WideCharToMultiByte
SetPriorityClass
CreateThread
OpenFileMappingA
CreateProcessA

user32

DispatchMessageA
SetWindowRgn
GetSystemMetrics
LoadImageA
GetCursorPos
SetWindowLongA
GetDlgItem
IsWindowEnabled
SetWindowTextA
PostMessageA
RegisterHotKey
UnregisterHotKey
IsWindow
GetWindowLongA
GetClassNameA
GetDoubleClickTime
SetDoubleClickTime
GetKeyState
PeekMessageA
TranslateMessage
GetPropA
IsWindowVisible
BringWindowToTop
FindWindowA
SendMessageTimeoutA
ShowWindow
ExitWindowsEx

gdi32

GetStockObject

advapi32

OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExA
SetSecurityDescriptorDacl
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
RegCloseKey

shell32

ShellExecuteA

mfco42d

ord648
ord741
ord333
ord1892
ord1741
ord1637
ord335
ord1550
ord737
ord1940
ord734
ord720
ord1941
ord1929
ord1638
ord1547
ord1758
ord2663
ord709
ord719
ord1942
ord327
ord1415
ord552
ord646
ord325
ord332
ord283
ord1141
ord2955
ord724
ord334
ord728
ord329
ord1987

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CLSIDFromString
CoInitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocString
SysFreeString
GetErrorInfo
SysAllocStringLen

mfcd42d

ord420
ord646
ord645
ord951
ord831
ord929
ord405
ord515
ord808
ord841
ord956
ord541
ord310
ord408
ord931
ord790
ord436
ord829
ord305
ord280
ord855
ord845
ord862
ord893
ord796
ord273
ord830
ord298
ord828
ord745
ord741
ord774
ord792
ord435
ord850
ord857
ord847
ord537
ord365
ord495

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_BSS
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e960ec1056a66fc99155be312cf065a

Headers

File Characteristics

Imports

dsdbmap

iphlpapi

devtable

dog_windows_3148214

mfc42d

msvcrtd

kernel32

user32

gdi32

advapi32

shell32

mfco42d

ole32

oleaut32

mfcd42d

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 60KB - Virtual size: 57KB

_BSS Size: 4KB - Virtual size: 16B

.rsrc Size: 124KB - Virtual size: 123KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 60KB - Virtual size: 57KB

_BSS
Size: 4KB - Virtual size: 16B

.rsrc
Size: 124KB - Virtual size: 123KB