f709202c340b9ce64f9399cdcc4f17d07c69adbe059517596a609fd49e6198e6

Sharing

Copy URL

Twitter E-mail

General

Target

f709202c340b9ce64f9399cdcc4f17d07c69adbe059517596a609fd49e6198e6
Size

1.2MB
MD5

68e487a4626f43683078f650589f2bd0
SHA1

8cde27a375807d83c9a14c66a0ff4bbf12b63786
SHA256

f709202c340b9ce64f9399cdcc4f17d07c69adbe059517596a609fd49e6198e6
SHA512

4b99848a7d5cc87f3f518275584ca731a30233c0e95c586091f1154f1235be113e35edfb6d7633f14699b8a1dddf4488c80cb81f7ef711f04c399a94b56d2ded
SSDEEP

6144:HRAw3Cp1TAHAlEZWqih0qd6G68EX9SrUXXda8xzZ0rFDOPZBO7p7chAjQzNyT+Q3:x3xt0RmByp7chAjQzNyT+uG6vEc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f709202c340b9ce64f9399cdcc4f17d07c69adbe059517596a609fd49e6198e6

Files

f709202c340b9ce64f9399cdcc4f17d07c69adbe059517596a609fd49e6198e6
.exe windows:5 windows x86 arch:x86

897dd13bc3cb2dad8b03c480b6232c93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\project\ViDown2.0\trunk\src\VdInfo\Release\VdInfo.pdb

Imports

mfc90

ord5349
ord5639
ord4771
ord5127
ord3952
ord3065
ord5584
ord4784
ord367
ord636
ord1357
ord3627
ord1183
ord2106
ord3534
ord1358
ord5808
ord4292
ord3049
ord306
ord6154
ord4760
ord2592
ord3856
ord491
ord729
ord4337
ord3935
ord4785
ord4790
ord4805
ord4807
ord4787
ord3485
ord3227
ord3126
ord5965
ord4792
ord4030
ord404
ord663
ord5520
ord3179
ord320
ord1265
ord5753
ord2084
ord1555
ord6809
ord6810
ord3413
ord3412
ord1668
ord4679
ord3480
ord611
ord586
ord789
ord3477
ord4513
ord2587
ord4116
ord6170
ord2470
ord2097
ord1045
ord6760
ord6788
ord5167
ord744
ord524
ord2069
ord4533
ord4529
ord6787
ord6557
ord1938
ord1137
ord1108
ord777
ord595
ord3643
ord3277
ord5608
ord3218
ord6356
ord5385
ord5647
ord5585
ord4646
ord4331
ord1720
ord2283
ord3987
ord639
ord374
ord899
ord2481
ord4506
ord4507
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord4333
ord4981
ord5663
ord5646
ord6001
ord3110
ord4890
ord4667
ord3659
ord2447
ord2539
ord798
ord817
ord310
ord601
ord316
ord820
ord4970
ord5339
ord2445
ord2079
ord2855
ord5432
ord5435
ord4716
ord4539
ord3224
ord5323
ord3221
ord6359
ord3222
ord6361
ord978
ord5786
ord3278
ord2646
ord2645
ord4415
ord1684
ord3346
ord6391
ord1755
ord1752
ord4330
ord1497
ord4650
ord5581
ord2074
ord5497
ord6780
ord4589
ord5638
ord2369
ord1384
ord3732
ord5139
ord4683
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord6048
ord6615
ord3996
ord781
ord580
ord683
ord430
ord3819
ord265
ord1252
ord2327
ord1254
ord266
ord1607
ord4993
ord5615
ord4617
ord5152
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1496
ord5636
ord4668
ord3506
ord4536
ord2194
ord1380
ord4535
ord5382
ord4918
ord5367
ord5064
ord5386
ord5476
ord5224
ord5215
ord4783
ord4693
ord5213
ord5369
ord4927
ord5393
ord4889
ord4940
ord5392
ord5264
ord4912
ord4775
ord4846
ord5472
ord4972
ord5341
ord4931
ord4930
ord5334
ord4095
ord4851
ord4850
ord5209
ord4608
ord5199
ord4796
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6355
ord3217
ord1446
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord5403
ord4575
ord4582
ord5194
ord4793
ord4808
ord4806
ord2888
ord2759
ord4066
ord4788
ord4791
ord4786
ord5281
ord4067
ord4057
ord2886
ord4334
ord5278
ord4364
ord3345
ord6390
ord1754
ord2638
ord2639
ord2642
ord2640
ord2641
ord3670
ord6584
ord4516
ord5552
ord617
ord341
ord6462
ord1098
ord1182
ord1186
ord1444
ord5599
ord4688
ord1689
ord4895
ord4671
ord4197
ord793
ord589
ord4029
ord4952
ord4638
ord300
ord1222
ord5598
ord4706
ord670
ord415
ord3994
ord3808
ord800
ord1276

msvcr90

__CxxFrameHandler3
_CxxThrowException
memset
_except_handler3
_setmbcp
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
_beginthreadex
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
fflush
fprintf
_vsnprintf
sprintf
fclose
_mbsnbicmp
_mbsicmp
atoi
memcpy

kernel32

SetLastError
VirtualAlloc
SuspendThread
VirtualFree
HeapFree
GetProcessHeap
VirtualQuery
VirtualProtect
FlushInstructionCache
GetThreadContext
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentProcess
GetLastError
ResetEvent
SetEvent
WaitForSingleObject
ResumeThread
MulDiv
CloseHandle
CreateEventA
GetLocalTime
DeleteFileA
GetCurrentThread
GetVersion
FreeLibrary
LoadLibraryA
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
ExitProcess
GetTickCount
Sleep
GetCommandLineA
SetThreadContext

user32

GetWindowLongA
MoveWindow
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
DrawFocusRect
OffsetRect
DrawEdge
WindowFromPoint
GetCursorPos
GetCapture
SetWindowPlacement
IsZoomed
GetWindowPlacement
SetWindowPos
SetWindowLongA
GetForegroundWindow
GetSysColor
FillRect
SetRect
GetParent
GetWindowTextA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetClassNameA
ShowWindow
MessageBoxIndirectW
MessageBoxIndirectA
SetWindowRgn
LoadBitmapA
CopyRect
InvalidateRect
PostMessageA
PtInRect
ReleaseDC
GetDC
CharLowerA
ScreenToClient
GetDesktopWindow
IsWindow
GetWindowRect
KillTimer
SystemParametersInfoA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
ShowScrollBar
SendMessageA
LoadIconA
EnableWindow
UpdateWindow

gdi32

CreateRectRgn
CombineRgn
CreateSolidBrush
CreateRoundRectRgn
StretchBlt
DeleteDC
BitBlt
SelectObject
GetObjectA
CreateCompatibleDC
DeleteObject
GetDeviceCaps
CreateCompatibleBitmap

shell32

ShellExecuteA

comctl32

InitCommonControlsEx
_TrackMouseEvent

ole32

CoTaskMemFree
StringFromCLSID
CoGetClassObject
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysFreeString
OleLoadPicture
SysAllocStringLen
VariantClear
VariantInit

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

winmm

waveOutWrite
midiStreamOpen
waveOutSetVolume

dsound

ord1

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

897dd13bc3cb2dad8b03c480b6232c93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90

msvcr90

kernel32

user32

gdi32

shell32

comctl32

ole32

oleaut32

msvcp90

winmm

dsound

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 13KB - Virtual size: 12KB