e7a971d93c3a424e16f6aec5042714b4375b3b55a2b5bd906e247969f226e3e1

Sharing

Copy URL Twitter E-mail

General

Target

e7a971d93c3a424e16f6aec5042714b4375b3b55a2b5bd906e247969f226e3e1
Size

78KB
MD5

97a5ba7e5f6d94a59498ede9dddbc5ed
SHA1

935c3a0bf0e0676ad26476edfe4bcf1a993e6a21
SHA256

e7a971d93c3a424e16f6aec5042714b4375b3b55a2b5bd906e247969f226e3e1
SHA512

b59e8ee56ed12ac4dace4375ff3c87ff3cebf9d75fba4879ab46b1a8e0b8191112add1e31e650a15e802d3aa284949e9ca158272cd927ed51161b80dec5da0f3
SSDEEP

1536:Cw7Whs68t11DYeaUWiiuws8ohcd24mOMFCvJgZP1aWmeV3zFa+:CmW6xt11DlQ24muEPgeFw+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7a971d93c3a424e16f6aec5042714b4375b3b55a2b5bd906e247969f226e3e1

Files

e7a971d93c3a424e16f6aec5042714b4375b3b55a2b5bd906e247969f226e3e1
.exe windows:6 windows x86 arch:x86

5b0c88a4b2607eaf3f9d90f90556a7a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Q:\10_Source\PRG\AST080100\Prg\IDSet\VS2017\Release\IDSet.pdb

Imports

mfc140

ord12194
ord8180
ord12182
ord5894
ord3844
ord6831
ord993
ord13830
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11927
ord11928
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord14509
ord12484
ord12485
ord2484
ord10330
ord5336
ord8285
ord7961
ord4580
ord12806
ord12869
ord10383
ord12190
ord11671
ord1468
ord7618
ord8429
ord2297
ord2200
ord2460
ord5096
ord300
ord1526
ord2986
ord12705
ord4655
ord12863
ord4807
ord2241
ord890
ord1389
ord3689
ord1000
ord14149
ord13475
ord14421
ord12163
ord2759
ord13681
ord6195
ord6104
ord6505
ord10986
ord6806
ord3250
ord4227
ord9092
ord6523
ord2210
ord3669
ord6464
ord12074
ord4210
ord1064
ord9083
ord11672
ord9096
ord12032
ord3830
ord11881
ord14502
ord8922
ord6947
ord12162
ord9213
ord3259
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord1751
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord5769
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord8713
ord6848
ord11663
ord13628
ord5911
ord14054
ord5401
ord2680
ord12067
ord3933
ord3363
ord3364
ord3258
ord12111
ord5228
ord5528
ord5739
ord9305
ord5504
ord5231
ord5390
ord5210
ord7687
ord7688
ord7677
ord5388
ord8182
ord3808
ord1131
ord1443
ord5898
ord5742
ord10202
ord9166
ord1529
ord6193
ord13677
ord2758
ord9167
ord12115
ord1109
ord8997
ord10963
ord11343
ord10421
ord4084
ord458
ord3395
ord3396
ord3159
ord7076
ord3298
ord3295
ord10207
ord8173
ord14699
ord1044
ord310
ord10237
ord10239
ord10238
ord10236
ord305
ord3005
ord316
ord14238
ord10950
ord7459
ord10240
ord3140
ord5631
ord8347
ord1698
ord1509
ord2407

kernel32

RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DecodePointer
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileIntA
OutputDebugStringA
SetLastError
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
InitializeCriticalSectionEx
OutputDebugStringW
GetModuleHandleA
GetModuleHandleW
LoadLibraryW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter

user32

SendMessageA
IsIconic
LoadAcceleratorsA
TranslateAcceleratorA
EnableWindow
DrawIcon
GetClientRect
LoadIconW
UnregisterClassA
GetSystemMetrics

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

ws2_32

WSAStartup

vcruntime140

memmove
__std_type_info_destroy_list
__std_terminate
memset
__CxxFrameHandler3
memcpy
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_recalloc
free

api-ms-win-crt-string-l1-1-0

strcat
strcpy
strlen

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_controlfp_s
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_onexit_table
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_c_exit
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_seh_filter_dll

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_setmbcp

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b0c88a4b2607eaf3f9d90f90556a7a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

user32

comctl32

oleaut32

ws2_32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 5KB - Virtual size: 5KB