3067a1991d194280912ab0867d972e73d969688ac5fe7d4052aec4adef2b3c91

Sharing

Copy URL

Twitter E-mail

General

Target

3067a1991d194280912ab0867d972e73d969688ac5fe7d4052aec4adef2b3c91
Size

176KB
MD5

9791ff15f7925b0974f9230d0fbd68b5
SHA1

bf9834a79b39017817d4c9571ed2147af78548c6
SHA256

3067a1991d194280912ab0867d972e73d969688ac5fe7d4052aec4adef2b3c91
SHA512

40116747e3dc15e58d62f18a6eebff19aa80901966bbb485b0a048073510430ed2afa97a623d40e5c70ece15520745806f614e4cd31cc18662fef720c816b5bb
SSDEEP

3072:Ut6mUdUMawW/uyPaJHcF0chh70GUGNOS0DfEPgw4:UrGmO20m70cNO5EP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3067a1991d194280912ab0867d972e73d969688ac5fe7d4052aec4adef2b3c91

Files

3067a1991d194280912ab0867d972e73d969688ac5fe7d4052aec4adef2b3c91
.exe windows:4 windows x86 arch:x86

8ff0f7732348646eeb8420ec7deab871

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\documents and settings\david\my documents\visual studio 2005\projects\texteditor1\debug\TextEditor1.pdb

Imports

mfc80d

ord632
ord900
ord5656
ord8233
ord1403
ord1492
ord1499
ord5319
ord386
ord4495
ord1680
ord2795
ord5949
ord6187
ord4007
ord7004
ord2163
ord2232
ord2233
ord2591
ord6976
ord1875
ord6738
ord4663
ord8674
ord5288
ord8676
ord2075
ord3003
ord3013
ord3294
ord3276
ord3274
ord3292
ord3304
ord3281
ord3297
ord3302
ord3285
ord3287
ord3289
ord3283
ord3299
ord3279
ord1189
ord1185
ord1187
ord1183
ord1178
ord7056
ord7058
ord8200
ord2164
ord5969
ord6463
ord4783
ord1813
ord3005
ord7007
ord5864
ord8672
ord6849
ord2519
ord6952
ord5930
ord1927
ord5507
ord2187
ord2190
ord8123
ord9163
ord2111
ord2112
ord2255
ord2256
ord2657
ord6286
ord6646
ord6476
ord5892
ord6983
ord714
ord2645
ord1569
ord1565
ord1563
ord5060
ord4878
ord871
ord747
ord652
ord641
ord432
ord5952
ord5964
ord1812
ord3004
ord7009
ord6948
ord1928
ord5506
ord8126
ord9164
ord2119
ord1228
ord3314
ord3315
ord4199
ord7246
ord1199
ord6660
ord4146
ord5803
ord6000
ord6783
ord6780
ord3652
ord2525
ord3089
ord880
ord2639
ord2966
ord2965
ord8012
ord5666
ord5989
ord6966
ord1694
ord2815
ord5057
ord4862
ord400
ord5951
ord6183
ord8348
ord8164
ord5532
ord8100
ord3853
ord4271
ord5905
ord2541
ord6480
ord6607
ord5944
ord7476
ord3824
ord7376
ord1893
ord7585
ord6957
ord2688
ord2653
ord8630
ord3659
ord3651
ord6272
ord725
ord8397
ord3902
ord6446
ord7705
ord1687
ord2802
ord5058
ord6173
ord6172
ord4867
ord408
ord7686
ord5960
ord1872
ord4662
ord7018
ord6951
ord5556
ord6616
ord6619
ord6073
ord6078
ord6075
ord6094
ord6096
ord6080
ord6517
ord6297
ord5860
ord5851
ord6751
ord6081
ord6531
ord6141
ord6189
ord6591
ord6589
ord6728
ord2542
ord730
ord6965
ord6522
ord5882
ord6138
ord1690
ord2805
ord1363
ord5518
ord1589
ord2984
ord7286
ord360
ord6901
ord7041
ord701
ord8430
ord8653
ord2706
ord910
ord888
ord908
ord5663
ord5621
ord8675
ord5287
ord8673
ord6017
ord2700
ord2655
ord7576
ord5295
ord1346
ord6881
ord893
ord8607
ord7282
ord5321
ord2533
ord4122
ord7040
ord7042
ord3091
ord5511
ord6274
ord7052
ord7017
ord7559
ord3516
ord3811
ord3980
ord5998
ord3788
ord3983
ord3519
ord3692
ord3511
ord5159
ord5160
ord5150
ord3690
ord5514
ord6182
ord5948
ord2902
ord1768
ord7691
ord4646
ord662
ord6168
ord6170
ord6174
ord5095
ord5053
ord5632
ord901
ord1442

msvcr80d

_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_initterm_e
_initterm
_CrtSetCheckCount
_acmdln
_ismbblead
exit
_cexit
_XcptFilter
__CxxFrameHandler3
_resetstkoflw
_CrtDbgReportW
wcslen
wcscpy_s
_exit
__getmainargs
malloc
free
_amsg_exit
_snprintf_s
_errno
_CxxThrowException
_CrtDbgReport
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcsncpy_s
strcpy_s
memcmp
_wcsicmp
memmove_s
_setmbcp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CRT_RTC_INITW
??_V@YAXPAX@Z
_recalloc
calloc
memset
_invoke_watson

kernel32

GetStartupInfoA
InterlockedCompareExchange
Sleep
GetLastError
lstrlenA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
RaiseException
GetVersion
GetEnvironmentVariableW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
InterlockedExchange
DebugBreak
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
CloseHandle
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
MulDiv
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
GetProcAddress
LoadLibraryA
HeapFree
GetCurrentProcess
TerminateProcess

user32

IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
CopyRect
IntersectRect
UnionRect
SubtractRect
CharUpperA
CharUpperW
CharLowerA
CharLowerW
OffsetRect

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ff0f7732348646eeb8420ec7deab871

Headers

File Characteristics

PDB Paths

Imports

mfc80d

msvcr80d

kernel32

user32

comctl32

oleaut32

advapi32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 44KB - Virtual size: 40KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 44KB - Virtual size: 40KB