6d43373c1e2e69fae94970829652f6de95d940315f83e90258eacc3ce419a401

Sharing

Copy URL Twitter E-mail

General

Target

6d43373c1e2e69fae94970829652f6de95d940315f83e90258eacc3ce419a401
Size

1.1MB
MD5

496409b6b2a4ddedce772fe2bf5d0a89
SHA1

1de52a24667b974d3e03ac9e269d9cbecb5dda6c
SHA256

6d43373c1e2e69fae94970829652f6de95d940315f83e90258eacc3ce419a401
SHA512

eb37cd41390bc25ef9a759b694ca96c8d3bc9c35577283d380c8b83860a03f84cac2305b86ff894b367f9a52b823099ee67608363abee759cf37bb9a5db7739f
SSDEEP

24576:x2uLJ7O+V4d9CeJ2p9873qRUdpcwgH4S8YByGU:M9tJzqRUhM4bYcz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d43373c1e2e69fae94970829652f6de95d940315f83e90258eacc3ce419a401

Files

6d43373c1e2e69fae94970829652f6de95d940315f83e90258eacc3ce419a401
.exe windows:4 windows x86 arch:x86

df72337eb0d7776aa3a15a049067a701

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1168
ord535
ord2864
ord4220
ord2584
ord3654
ord2863
ord2438
ord1644
ord541
ord801
ord2763
ord6930
ord6928
ord2820
ord3811
ord2721
ord6883
ord6143
ord3171
ord926
ord6648
ord2764
ord5308
ord4779
ord5811
ord5482
ord2032
ord4335
ord4863
ord4975
ord5797
ord5479
ord1995
ord967
ord3717
ord802
ord791
ord542
ord523
ord1175
ord4411
ord4919
ord4447
ord5683
ord5442
ord665
ord1979
ord6385
ord5186
ord354
ord3318
ord5829
ord941
ord5970
ord5968
ord703
ord603
ord2454
ord1969
ord273
ord1643
ord403
ord5861
ord6929
ord2614
ord3880
ord3425
ord3054
ord5933
ord635
ord317
ord5440
ord6383
ord5450
ord6394
ord2065
ord3337
ord3169
ord4204
ord798
ord1997
ord5465
ord5194
ord533
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord4424
ord817
ord565
ord2393
ord3500
ord1639
ord1081
ord2726
ord5605
ord2761
ord4226
ord5810
ord5481
ord2031
ord5796
ord5478
ord1971
ord966
ord3570
ord278
ord605
ord2449
ord1106
ord5823
ord3664
ord6055
ord1776
ord5290
ord3742
ord3584
ord818
ord415
ord543
ord567
ord715
ord803
ord4275
ord2077
ord2152
ord1233
ord2827
ord2379
ord2370
ord1768
ord3092
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3402
ord3639
ord692
ord2302
ord3626
ord3797
ord3803
ord5875
ord2414
ord283
ord2859
ord2298
ord2301
ord6334
ord6453
ord1146
ord755
ord6880
ord470
ord1567
ord268
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3738
ord815
ord561
ord2621
ord1978
ord5200
ord6215
ord6407
ord4202
ord1601
ord668
ord3310
ord2781
ord2770
ord356
ord2582
ord4402
ord3370
ord3640
ord807
ord796
ord686
ord693
ord3521
ord554
ord529
ord384
ord5572
ord2915
ord2086
ord4299
ord6069
ord3998
ord3996
ord6900
ord2862
ord2096
ord5655
ord2011
ord6067
ord3288
ord6000
ord2117
ord4284
ord5871
ord4163
ord2120
ord613
ord289
ord3571
ord2528
ord1641
ord3089
ord1980
ord3181
ord3178
ord6402
ord616
ord3719
ord793
ord2363
ord4476
ord6197
ord2642
ord3619
ord3721
ord795
ord640
ord5794
ord2567
ord6172
ord5789
ord2754
ord5785
ord1640
ord323
ord6270
ord4224
ord1816
ord6907
ord879
ord2801
ord882
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord551
ord3317
ord3693
ord5788
ord5873
ord6696
ord1949
ord5620
ord6905
ord6007
ord3286
ord3301
ord4055
ord6571
ord2740
ord6602
ord4715
ord6592
ord5288
ord4439
ord2054
ord3663
ord6529
ord6489
ord4259
ord6568
ord6601
ord5161
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord6485
ord768
ord4258
ord4976
ord5162
ord5981
ord3876
ord1871
ord1261
ord5705
ord695
ord393
ord5708
ord503
ord775
ord5192
ord1994
ord4291
ord6123
ord1787
ord1006
ord2609
ord6322
ord2395
ord5658
ord5010
ord2490
ord1774
ord6121
ord5242
ord3314
ord3316
ord1911
ord3097
ord6282
ord6283
ord6877
ord4278
ord5710
ord4129
ord1200
ord924
ord858
ord860
ord922
ord939
ord823
ord4710
ord540
ord2818
ord5953
ord6199
ord800
ord4234
ord641
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord928
ord5934
ord834
ord6672
ord537
ord825
ord1576
ord6335
ord4431

msvcrt

__CxxFrameHandler
memmove
_CxxThrowException
exit
atoi
sprintf
printf
putc
getc
rewind
fwrite
fseek
fclose
_mbscmp
atof
atol
free
wcscmp
malloc
_ftol
_mbsrev
_mbsdec
_mbsinc
_ui64toa
_mbsicmp
_endthreadex
_beginthreadex
qsort
strncpy
calloc
_setmbcp
_splitpath
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
ftell
_controlfp

kernel32

EnterCriticalSection
TerminateProcess
OpenProcess
GlobalAlloc
GlobalLock
GlobalUnlock
Sleep
GetComputerNameA
DeleteFileA
GetTickCount
GetVersion
lstrcpyA
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
ResumeThread
GetStartupInfoA
ReadFile
CreateSemaphoreA
ReleaseSemaphore
CreateFileA
SetFilePointer
WriteFile
FormatMessageA
LocalFree
CreateThread
InitializeCriticalSection
DeleteCriticalSection
SetThreadPriority
LeaveCriticalSection
GetModuleFileNameA
WinExec
CreateDirectoryA
GetLastError
CreateMutexA
FileTimeToLocalFileTime
MultiByteToWideChar
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
GetModuleHandleA
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
SizeofResource
LockResource
LoadResource
FindResourceA
CopyFileA
WaitForSingleObject
SetFileAttributesA
RemoveDirectoryA
GetCurrentProcess
GetVersionExA
MulDiv
ReleaseMutex
OpenMutexA
GetLocalTime

user32

IsWindow
LoadIconA
SendMessageA
GetMenuItemID
TrackPopupMenu
SetForegroundWindow
GetCursorPos
CheckMenuItem
SetMenuDefaultItem
GetSubMenu
MessageBoxA
PostThreadMessageA
SetTimer
KillTimer
PostMessageA
wsprintfA
IsCharAlphaNumericA
GetDlgItem
CopyRect
GetSysColor
FillRect
LoadMenuA
EnableWindow
FindWindowA
DrawFocusRect
GetSystemMetrics
GetWindowRect
RegisterWindowMessageA
GetClientRect
OffsetRect
GetWindow
IsWindowVisible
DestroyIcon
UpdateWindow
LoadBitmapA
LoadImageA
IsCharAlphaA
ScreenToClient
MsgWaitForMultipleObjects
MoveWindow
EnumDisplaySettingsA
DrawTextA
PeekMessageA
PtInRect
GetParent
InflateRect
DrawTextExA
RedrawWindow
GetKeyState
ExitWindowsEx
PostQuitMessage
FindWindowExA
InvalidateRect

gdi32

CreatePen
Ellipse
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
Polygon
BitBlt
GetStockObject
GetTextExtentPoint32A
StretchBlt

advapi32

RegCloseKey
CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptDeriveKey
CryptHashData
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
CryptReleaseContext
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_ReplaceIcon
ImageList_Replace
ImageList_SetImageCount
ImageList_GetImageCount
ord17
ImageList_Remove

ole32

CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysFreeString

wsock32

select
gethostname
inet_addr
gethostbyname
WSAGetLastError
ntohl
ntohs
recv
__WSAFDIsSet
htonl
htons
listen

gdiplus

GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipCloneBrush
GdipCreateFromHDC
GdipFillRectangleI
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipLoadImageFromStream
GdipAlloc
GdipImageRotateFlip
GdipGetAllPropertyItems
GdipGetPropertySize
GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDisposeImage
GdipGetImageThumbnail
GdipFree
GdipCloneImage
GdipDeleteBrush
GdipCreateHBITMAPFromBitmap

msvcp60

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??1strstreambuf@std@@UAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??1_Lockit@std@@QAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0ios_base@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??1strstream@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1locale@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
??0locale@std@@QAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
?clear@ios_base@std@@QAEXH_N@Z
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@

netapi32

NetShareGetInfo
NetApiBufferFree

shlwapi

PathFileExistsA

Sections

.text
Size: 796KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df72337eb0d7776aa3a15a049067a701

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

wsock32

gdiplus

msvcp60

netapi32

shlwapi

Sections

.text Size: 796KB - Virtual size: 793KB

.rdata Size: 144KB - Virtual size: 141KB

.data Size: 56KB - Virtual size: 82KB

.rsrc Size: 144KB - Virtual size: 140KB

.text
Size: 796KB - Virtual size: 793KB

.rdata
Size: 144KB - Virtual size: 141KB

.data
Size: 56KB - Virtual size: 82KB

.rsrc
Size: 144KB - Virtual size: 140KB