97d07fac07ba1058487f3ef5cc3d3f04b6f437ff618261de0f98baebbaa19480

Sharing

Copy URL Twitter E-mail

General

Target

97d07fac07ba1058487f3ef5cc3d3f04b6f437ff618261de0f98baebbaa19480
Size

2.2MB
MD5

3711c565239296f9134034702b081489
SHA1

874490e604437381893b7644c75689f26b4e2092
SHA256

97d07fac07ba1058487f3ef5cc3d3f04b6f437ff618261de0f98baebbaa19480
SHA512

b95b7ce8b2fbb66b5567b152691c56c19d09a14629de13de5a78a4ad6609e2ea831592ca19b1a4229cbfab719080a01eedfde6f9a8a19dfdd4c8c0a804caa5ed
SSDEEP

24576:w/w6O4z9El8rYDOfH851KG6XFT4xEO3/VQrj6by4v3f60c5MRrDTWEOgcNuU2OAs:9GrYCfH8GFcTkj6Lvi0v9TgNuDLyHn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97d07fac07ba1058487f3ef5cc3d3f04b6f437ff618261de0f98baebbaa19480

Files

97d07fac07ba1058487f3ef5cc3d3f04b6f437ff618261de0f98baebbaa19480
.dll windows:5 windows x86 arch:x86

d197200ff328bcee46bd58692a737fc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc100

ord2611
ord8554
ord6207
ord6098
ord5432
ord8234
ord2841
ord2939
ord3758
ord1271
ord4343
ord7214
ord5803
ord8776
ord6213
ord3241
ord13045
ord1437
ord11781
ord7487
ord5242
ord305
ord2626
ord10852
ord5007
ord13048
ord7206
ord12440
ord4554
ord5176
ord3365
ord7211
ord3744
ord8228
ord5302
ord5858
ord7871
ord1012
ord3251
ord3361
ord3250
ord3354
ord12344
ord6971
ord7927
ord7491
ord12168
ord4553
ord11107
ord381
ord9318
ord7859
ord3739
ord2743
ord8223
ord1495
ord4371
ord4413
ord4404
ord5278
ord5780
ord1011
ord2409
ord13280
ord3431
ord2614
ord7862
ord3743
ord2776
ord8227
ord5857
ord1251
ord2935
ord2828
ord6083
ord11949
ord6090
ord8231
ord3755
ord2838
ord1263
ord6601
ord7933
ord2067
ord2063
ord6288
ord6678
ord13219
ord6969
ord385
ord4785
ord322
ord13518
ord9475
ord12868
ord12962
ord3254
ord3253
ord11067
ord8137
ord10007
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2416
ord8330
ord8305
ord948
ord946
ord968
ord8235
ord5821
ord8465
ord4782
ord6314
ord310
ord995
ord2916
ord2763
ord8226
ord6352
ord11882
ord2061
ord6070
ord4131
ord11939
ord11940
ord3486
ord12790
ord341
ord11941
ord917
ord1900
ord4341
ord6054
ord1929
ord3970
ord6295
ord4345
ord5204
ord7322
ord788
ord3421
ord943
ord1210
ord3429
ord2613
ord2744
ord8224
ord919
ord6836
ord4340
ord12128
ord374
ord337
ord6970
ord5207
ord1316
ord3738
ord5444
ord895
ord3390
ord11924
ord2183
ord2184
ord5774
ord5776
ord3439
ord316
ord4283
ord1448
ord1982
ord5837
ord7889
ord11103
ord11060
ord2846
ord1313
ord2742
ord5534
ord12535
ord2881
ord2878
ord7349
ord2417
ord14059
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord8222
ord11025
ord3395
ord10883
ord13294
ord8070
ord11154
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord3484
ord2945
ord2944
ord1297
ord3356
ord9445
ord12438
ord12170
ord11108
ord3357
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8304
ord5777
ord901
ord915
ord1294
ord265
ord906
ord2090
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord2087
ord1940
ord1867
ord323
ord1296

msvcr100

?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_strdate
atof
_crt_debugger_hook
fabs
strchr
fseek
fwrite
strcpy
fflush
fread
fgets
__iob_func
fputs
_localtime64
_i64toa
_atoi64
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strtol
__clean_type_info_names_internal
strcat
fopen
_itoa
fclose
_strtime
sqrt
strtok
memmove
strcmp
strstr
_resetstkoflw
_recalloc
calloc
memcpy_s
free
malloc
srand
rand
memcpy
atoi
sprintf
_time64
labs
memset
__CxxFrameHandler3
strlen
strftime

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetCurrentThreadId
SetWaitableTimer
CopyFileA
GetVersionExA
GetCurrentProcess
ActivateActCtx
DeactivateActCtx
SetLastError
LoadLibraryA
SetProcessWorkingSetSize
CreateWaitableTimerA
GetModuleFileNameA
VirtualQueryEx
VirtualProtectEx
GetProcAddress
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentDirectoryA
CreateDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
DeleteCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteProcessMemory
GlobalFree
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
lstrlenA
MultiByteToWideChar
FindClose
EnterCriticalSection
LeaveCriticalSection
GetLastError
ReadProcessMemory
GetCurrentProcessId
OpenProcess
CloseHandle
TerminateProcess
WritePrivateProfileStringA
CreateThread
GetPrivateProfileStringA
GetModuleHandleA
GetTickCount
Sleep
InterlockedExchange
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

user32

SendMessageA
LoadBitmapW
GetParent
CallWindowProcA
SetWindowLongA
DrawIconEx
LoadImageA
GetWindowRect
GetSystemMetrics
GetWindow
DispatchMessageA
TranslateMessage
GetMessageA
SetForegroundWindow
MoveWindow
IsWindowVisible
GetWindowThreadProcessId
GetTopWindow
MapWindowPoints
SetTimer
GetClientRect
IsWindow
RedrawWindow
GetKeyNameTextA
MapVirtualKeyA
GetWindowTextA
EnumWindows
FindWindowA
GetKeyState
GetForegroundWindow
ShowWindow
PostMessageA
SetWindowTextA
CallNextHookEx
SetWindowRgn
ExitWindowsEx
PostQuitMessage
DestroyWindow
GetDlgItem
PeekMessageA
MsgWaitForMultipleObjects
SetWindowsHookExA
GetSysColor
EnableWindow
PtInRect
InvalidateRect
FillRect
OffsetRect
KillTimer
CopyRect
FrameRect

gdi32

SelectObject
GetTextColor
Rectangle
BitBlt
GetTextMetricsA
GetStockObject
DeleteDC
GetDIBColorTable
CreateSolidBrush
DeleteObject
CreateDIBSection
RoundRect
TextOutA
GetTextExtentPoint32A
CreateBitmap
SetBkMode
Ellipse
CreatePatternBrush
StretchBlt
CreatePen
CreateCompatibleDC
GetObjectA
SetDIBColorTable
CreateCompatibleBitmap
CreateRoundRectRgn

msimg32

TransparentBlt
AlphaBlend

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shlwapi

PathIsDirectoryA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

urlmon

URLDownloadToFileA

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

wininet

DeleteUrlCacheEntry

winmm

PlaySoundA
timeGetTime

psapi

GetProcessMemoryInfo

ws2_32

closesocket
recv
send
connect
htons
socket
gethostbyname
WSAStartup
WSAAsyncSelect
WSACleanup

Exports

Exports

Out1
Out2
hook

Sections

.text
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d197200ff328bcee46bd58692a737fc3

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

msimg32

advapi32

shlwapi

ole32

oleaut32

urlmon

gdiplus

wininet

winmm

psapi

ws2_32

Exports

Exports

Sections

.text Size: 544KB - Virtual size: 544KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 2KB - Virtual size: 3.0MB

.data0 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 68KB - Virtual size: 68KB

.rsrc Size: 78KB - Virtual size: 78KB

.text
Size: 544KB - Virtual size: 544KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 2KB - Virtual size: 3.0MB

.data0
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 78KB - Virtual size: 78KB