2229c3b0fe712fcfcd846736129950aa38552c08796f183e992bc2bb6311087d

Sharing

Copy URL Twitter E-mail

General

Target

2229c3b0fe712fcfcd846736129950aa38552c08796f183e992bc2bb6311087d
Size

505KB
MD5

93feb32d5153a91ac6573cc97663fdfa
SHA1

5208beeb81afed833ba6db3c70c23c16cabf19e6
SHA256

2229c3b0fe712fcfcd846736129950aa38552c08796f183e992bc2bb6311087d
SHA512

f894f1af3facd37b174e7cfd51028e7009fc9085c0417320ac49c39da9d91881b43cf125f5f06f2d9ec04dbc4505e5274b7e73bf7e76bbaa19e025802c66b5fa
SSDEEP

6144:AlrJYNVxqqReDF+YWp7v7nFDMpZaGYlGEUGG5CAxlBqahqlN9PFgYcyTFVPcwXB+:+dYnReDFWp7v7nFDMpA9+CQGLTpW3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2229c3b0fe712fcfcd846736129950aa38552c08796f183e992bc2bb6311087d

Files

2229c3b0fe712fcfcd846736129950aa38552c08796f183e992bc2bb6311087d
.exe windows:5 windows x86 arch:x86

f1d643b93f9ce5616ed7973ba86d5166

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\소스 백업\raven 2015-05-15\Raven\Release\Raven.pdb

Imports

mfc120

ord2842
ord503
ord1139
ord4662
ord301
ord5005
ord12374
ord500
ord1108
ord11782
ord12860
ord12165
ord2838
ord8204
ord12697
ord8554
ord6366
ord1106
ord1174
ord4041
ord13690
ord7175
ord13238
ord949
ord2158
ord7845
ord990
ord7507
ord10211
ord1463
ord12834
ord13900
ord12831
ord13889
ord8720
ord13892
ord13479
ord13826
ord13090
ord12899
ord12907
ord12679
ord12765
ord12392
ord12372
ord13559
ord13062
ord6405
ord980
ord14320
ord1980
ord3813
ord3782
ord4822
ord8614
ord12840
ord1063
ord4827
ord362
ord7508
ord9536
ord1061
ord997
ord6367
ord9047
ord10088
ord8064
ord5293
ord7565
ord7575
ord7574
ord6007
ord5119
ord5295
ord5139
ord5672
ord5409
ord9186
ord5643
ord5433
ord10844
ord11986
ord3216
ord3321
ord3322
ord3890
ord11942
ord2638
ord5814
ord13488
ord11538
ord6745
ord14367
ord7771
ord14369
ord3008
ord4442
ord9528
ord305
ord4893
ord4858
ord4851
ord4889
ord4916
ord4867
ord4900
ord4912
ord4875
ord4879
ord4883
ord4871
ord4904
ord4863
ord1731
ord1722
ord1726
ord1718
ord1706
ord12075
ord12077
ord13658
ord3217
ord9094
ord10831
ord6844
ord12038
ord8803
ord14361
ord11756
ord11218
ord3354
ord3353
ord6096
ord13537
ord2716
ord8977
ord9073
ord9048
ord6410
ord11991
ord5303
ord2162
ord2123
ord9201
ord13908
ord14009
ord3117
ord7667
ord13914
ord266
ord265
ord1691
ord5761
ord4425
ord9254
ord4823
ord5306
ord8595
ord10867
ord1384
ord887
ord10302
ord7350
ord3646
ord2199
ord2168
ord6465
ord8969
ord3787
ord11907
ord8964
ord11547
ord11546
ord5536
ord10121
ord10117
ord10119
ord10120
ord10118
ord2717
ord8055
ord3253
ord3256
ord13541
ord6098
ord3098
ord13904
ord12882
ord2478
ord5101
ord3142
ord4172
ord8586
ord2947
ord2476
ord6443
ord3831
ord6363
ord3823
ord14346
ord5801
ord2963
ord1687
ord13681
ord11815
ord1170
ord545
ord13335
ord8016
ord6973
ord12577
ord4613
ord8561
ord8599
ord11949
ord4450
ord8878
ord2709
ord462
ord4272
ord2341
ord2345
ord8311
ord8229
ord12677
ord8167
ord5241
ord2442
ord12355
ord12356
ord14368
ord7770
ord14366
ord9234
ord4100
ord4039
ord12759
ord7789
ord1985
ord11802
ord11803
ord14240
ord12345
ord7848
ord14440
ord6225
ord14442
ord6227
ord14441
ord6226
ord3801
ord5797
ord12057
ord12065
ord8062
ord10264
ord12069
ord1103
ord450
ord1502
ord2256
ord2944
ord310
ord300
ord1656
ord13267
ord12037
ord12740
ord5646
ord10083
ord6729
ord5136
ord4537
ord4764
ord1521
ord1524
ord1041
ord316
ord1137
ord2365
ord1504

msvcr120

_setmbcp
__CxxFrameHandler3
_CxxThrowException
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
memset
_beginthreadex
strcpy_s
sprintf_s
_splitpath_s
strtok_s
_purecall
free
vsprintf_s
_mktime64
_localtime64_s
atoi
_time64
srand
memchr
isalnum
memmove
rand
memcpy

kernel32

GlobalAlloc
LoadResource
LockResource
SizeofResource
GlobalLock
GlobalFree
GlobalUnlock
CloseHandle
CreateProcessA
FindResourceA
GetCurrentDirectoryA
CreatePipe
GetLocalTime
Sleep
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
_lclose
WriteFile
OpenFile
OutputDebugStringA
GetPrivateProfileIntA
FindNextFileA
GetModuleHandleA
GetProcAddress
CreateDirectoryA
ReadFile
PeekNamedPipe
GetVolumeInformationA
FindClose
FindFirstFileA
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionAndSpinCount
SetLastError
GetPrivateProfileStringA
WritePrivateProfileStringA
WaitForSingleObject
TerminateThread
GetExitCodeThread
GetLastError
CreateThread
VerifyVersionInfoA
VerSetConditionMask
GetTickCount

user32

wsprintfA
EqualRect
EnableWindow
GetClientRect
GetParent
InvalidateRect
IsWindow
SendMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
LoadIconW
SetTimer
DispatchMessageA
SetWindowPos
DrawIcon
KillTimer
GetDC
ReleaseDC
UnregisterHotKey
MoveWindow
GetMonitorInfoA
EnumDisplayMonitors
EnumWindows
GetWindowTextA
LoadImageA
MessageBoxA
PostMessageA
CreateWindowExA
GetWindowRect
FindWindowA
GetSystemMetrics
wvsprintfA
TranslateMessage
IsIconic
PeekMessageA

gdi32

GetTextExtentPoint32A
SetBitmapBits
TextOutA
CreateDCA
GetBitmapBits
Escape
GetDIBits
ExtTextOutA
RectVisible
CreateCompatibleDC
PtVisible
BitBlt
CreateCompatibleBitmap

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
InitCommonControlsEx

ole32

CreateStreamOnHGlobal

gdiplus

GdiplusStartup
GdipDrawImageRectRect
GdipGetImageHeight
GdipGetImageWidth
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown

ws2_32

WSAGetLastError
getpeername
WSASetLastError
WSASocketA
closesocket
bind
connect
recvfrom
recv
send
getsockopt
WSAStartup
WSACleanup
shutdown
ntohs
gethostbyname
gethostname
getaddrinfo
freeaddrinfo
getnameinfo

msvcp120

?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z

wininet

DeleteUrlCacheEntry

netapi32

NetApiBufferFree
NetWkstaGetInfo

d2d1

ord1

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1d643b93f9ce5616ed7973ba86d5166

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc120

msvcr120

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

gdiplus

ws2_32

msvcp120

wininet

netapi32

d2d1

iphlpapi

Sections

.text Size: 297KB - Virtual size: 296KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 2KB - Virtual size: 226KB

.rsrc Size: 117KB - Virtual size: 117KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 297KB - Virtual size: 296KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 2KB - Virtual size: 226KB

.rsrc
Size: 117KB - Virtual size: 117KB

.reloc
Size: 32KB - Virtual size: 32KB