e8720fc7095b7d6b2f6db8844ad97584509c0a3b58158c5917cd204e4a8d5761

Sharing

Copy URL Twitter E-mail

General

Target

e8720fc7095b7d6b2f6db8844ad97584509c0a3b58158c5917cd204e4a8d5761
Size

548KB
MD5

bbe030ad829cfc66fb4aeb569f154b6d
SHA1

584298ef3ae0bb27da70c2696ef9baec340c8ce6
SHA256

e8720fc7095b7d6b2f6db8844ad97584509c0a3b58158c5917cd204e4a8d5761
SHA512

9131cb75688604ff532316655ddd7e1cb2345be6cc492178b7edaccf132ead43cfde2d7175502f479e53ad963a569a3b938e9eabe14c5e3ce48244a076381c2d
SSDEEP

6144:re+Z3M6Rzf5qa1zOIWX3euUsdPjaPZJ9bS+kkF2NBLoV/O3TZzPHRHbn19wE6OYI:VFDN0a1z2HeulPGH9qkFT0PxrDwEv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8720fc7095b7d6b2f6db8844ad97584509c0a3b58158c5917cd204e4a8d5761

Files

e8720fc7095b7d6b2f6db8844ad97584509c0a3b58158c5917cd204e4a8d5761
.exe windows:5 windows x86 arch:x86

ba2d59cd355bf754d533a8418c7ca213

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

siusbxp

ord6
ord7
ord1
ord2
ord10
ord4
ord3

mfc100

ord11461
ord7487
ord7876
ord2067
ord2063
ord2061
ord1315
ord7837
ord1483
ord7832
ord14119
ord14116
ord2626
ord13045
ord305
ord5242
ord2611
ord1929
ord5830
ord2184
ord4344
ord4340
ord1900
ord6060
ord2819
ord2932
ord976
ord415
ord6098
ord8234
ord2841
ord11488
ord3758
ord1271
ord6824
ord12962
ord12865
ord11882
ord7933
ord5432
ord1892
ord1854
ord4144
ord4498
ord940
ord5799
ord2751
ord1267
ord869
ord2147
ord3406
ord4073
ord7193
ord1479
ord3839
ord2679
ord12095
ord3404
ord11744
ord13345
ord325
ord420
ord909
ord11314
ord4925
ord4464
ord367
ord12720
ord12096
ord1713
ord4198
ord422
ord5539
ord5627
ord7399
ord7871
ord11781
ord788
ord1210
ord10030
ord7581
ord7322
ord4499
ord11439
ord870
ord1313
ord300
ord5837
ord3439
ord1982
ord5774
ord4078
ord1224
ord1268
ord1890
ord1288
ord7584
ord7510
ord11726
ord13767
ord4724
ord2163
ord11420
ord11421
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord11806
ord7091
ord1732
ord14075
ord10922
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord7355
ord9449
ord11184
ord11153
ord11787
ord5098
ord9281
ord6112
ord888
ord9399
ord6835
ord10357
ord4143
ord6836
ord968
ord5821
ord1294
ord265
ord266
ord2058
ord11766
ord11772
ord310
ord5203
ord5201
ord11028
ord12684
ord2412
ord3539
ord10429
ord10393
ord11668
ord3408
ord13193
ord3833
ord1633
ord2437
ord12686
ord7905
ord2534
ord10912
ord832
ord1237
ord6578
ord5207
ord3429
ord2613
ord7861
ord3741
ord2744
ord8224
ord5784
ord3738
ord2742
ord5534
ord12535
ord2417
ord8222
ord11154
ord5444
ord8304
ord5777
ord895
ord3390
ord3970
ord11107
ord6970
ord4283
ord1448
ord4785
ord12868
ord9475
ord6678
ord3254
ord3373
ord3234
ord11067
ord8137
ord10007
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2881
ord2878
ord7349
ord2416
ord14059
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord8235
ord11025
ord3395
ord10883
ord13294
ord8070
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8305
ord5803
ord381
ord316
ord1316
ord946
ord919
ord915
ord901
ord1296
ord2939
ord2088

msvcr100

__CxxFrameHandler3
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
memmove
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fgetc
memcpy_s
ungetc
fputc
_unlock_file
_lock_file
_CxxThrowException
sprintf
strcmp
abort
strcpy
strlen
mbstowcs
wcscmp
wcscpy
wcslen
wcstombs
_vsnprintf
_setmbcp
fread
fopen
fwrite
fclose
memset
memcpy
atol
??0bad_cast@std@@QAE@PBD@Z
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
atoi
_localtime64_s
_time64
printf
fprintf
_beginthread
strstr
strchr
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z

kernel32

GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
ResetEvent
SetEvent
LeaveCriticalSection
PurgeComm
SetCommState
BuildCommDCBA
GetCommState
SetCommMask
SetCommTimeouts
EnterCriticalSection
InitializeCriticalSection
CreateEventA
GetCommMask
WaitForMultipleObjects
ClearCommError
WaitCommEvent
LocalFree
CreateFileA
GetOverlappedResult
WriteFile
ReadFile
WaitForSingleObject
ResumeThread
SuspendThread
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
CloseHandle
GetLastError
Sleep
CopyFileA
GetCurrentDirectoryA
MultiByteToWideChar
FormatMessageA
GetCurrentProcessId
WideCharToMultiByte

user32

DispatchMessageA
GetWindowRect
PeekMessageA
SetRect
LoadIconW
KillTimer
SetTimer
GetDC
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
GetSystemMetrics
MessageBoxA
SendMessageA
TranslateMessage
EnableWindow
LoadStringA

gdi32

CreateFontA

advapi32

RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA

msvcp100

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?fail@ios_base@std@@QBE_NXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??0_Lockit@std@@QAE@H@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Xlength_error@std@@YAXPBD@Z

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba2d59cd355bf754d533a8418c7ca213

Headers

DLL Characteristics

File Characteristics

Imports

siusbxp

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

msvcp100

setupapi

Sections

.text Size: 393KB - Virtual size: 392KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 36KB

Shared Size: 512B - Virtual size: 4B

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 393KB - Virtual size: 392KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 36KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 24KB - Virtual size: 23KB