0871ba8512e30a548081fb691a605feea26f37f459358383b203aa46c4bfd6e3

Sharing

Copy URL

Twitter E-mail

General

Target

0871ba8512e30a548081fb691a605feea26f37f459358383b203aa46c4bfd6e3
Size

5.3MB
MD5

dc69ac35c4b84bda07e20162fde775de
SHA1

a82c88864250ef2150c653d830c27c7d6d2fbf5a
SHA256

0871ba8512e30a548081fb691a605feea26f37f459358383b203aa46c4bfd6e3
SHA512

8d350012e18a232eceeabf7291a117841f4d759239bf7e2950179cb2e4217fe55ce4ada6a006f9e33c9aee9a981ac148a2d20bf54374263ce226f43568b6fe24
SSDEEP

98304:JTy0NFD21fs+hdswY8FfU0i7YZEFLOAkGkzdnEVomFHKnP1kKk8Y3T:7Dm7hu6FfU0i7YZEFLOyomFHKnP1kKD4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0871ba8512e30a548081fb691a605feea26f37f459358383b203aa46c4bfd6e3

Files

0871ba8512e30a548081fb691a605feea26f37f459358383b203aa46c4bfd6e3
.dll windows:6 windows x86 arch:x86

f2b858509288a4fad30c0e97576984ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumKeyA
RegQueryValueA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExW
IsTextUnicode

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExpandEnvironmentStringsA
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
GetSystemInfo
VirtualQuery
IsDebuggerPresent
GetLastError
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
SetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
lstrcpyA
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentThreadId
InitializeCriticalSection
GetACP
DeleteFileA
GetCPInfo
GetOEMCP
MulDiv
VerSetConditionMask
VerifyVersionInfoA
FreeLibrary
CloseHandle
GetTempPathA
CreateFileA
SetFilePointer
Sleep
GetCurrentDirectoryA
lstrcmpA
GetSystemDirectoryW
LoadLibraryExW
DecodePointer
EncodePointer
FindResourceA
GlobalFree
GetTickCount
GetWindowsDirectoryA
lstrcmpiA
SetThreadPriority
GetModuleFileNameA
LocalAlloc
LocalFree
TlsAlloc
TlsFree
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalReAlloc
TlsSetValue
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableA
GetEnvironmentVariableW
GlobalFlags
GlobalFindAtomA
GetSystemTime
LocalUnlock
LocalLock
GlobalGetAtomNameA
GetAtomNameA
SuspendThread
ResumeThread
SetEvent
CopyFileA
WaitForMultipleObjects
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
FormatMessageA
SetFileAttributesA
LocalFileTimeToFileTime
GetFileAttributesExA
GetFileSizeEx
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
GetStringTypeExA
GetThreadLocale
FindClose
FindFirstFileA
GetVolumeInformationA
LoadLibraryExA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
GetProfileIntA
SystemTimeToFileTime
ReplaceFileA
SetFileTime
GetFileTime
GetFullPathNameA
GetDiskFreeSpaceA
GetTempFileNameA
VirtualProtect
RaiseException
lstrcpyW
lstrcmpW
IsDBCSLeadByte
GetUserDefaultLCID
FindResourceExW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalAddAtomA
GetCurrentProcessId
SetErrorMode
GlobalDeleteAtom
CompareStringA
GetVersionExA
GetCurrentThread
GetFileSize
GetSystemDefaultUILanguage
GetFileAttributesA
GlobalSize
SearchPathA
GetLocaleInfoW
GetUserDefaultUILanguage

vcruntime140

_except_handler4_common
wcsstr
wcschr
wcsrchr
memcmp
_purecall
__std_terminate
memmove
memset
memcpy
__CxxFrameHandler3
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_initterm_e
_seh_filter_dll
_beginthread
_initterm
_resetstkoflw
abort
_invalid_parameter_noinfo
_errno
__p___argc
__p___argv
_endthread
__doserrno
_endthreadex
_beginthreadex
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

strcat_s
_strnicmp
wcscmp
wcspbrk
wcscoll
_wcslwr_s
_wcsupr_s
strlen
toupper
strnlen
wcslen
wcscpy_s
strcpy_s
wmemcpy_s
wcscspn
wcsncpy_s
strncpy_s
_wcsicoll
_wcsicmp
_wcsrev
iswspace
wcsspn
wcscat_s
wcsnlen
_strdup

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbsspn
_mbsdec
_ismbcprint
_mbsnbicmp
_mbsinc
_mbsstr
_mbsnbcpy_s
_mbscmp
_mbsrchr
_mbslwr_s
_ismbcspace
_mbspbrk
_mbsicmp
_ismbcalnum
_ismbcalpha
_mbctoupper
_mbscoll
_mbctolower
_mbsicoll
_mbsnbcmp
_mbsrev
_mbsupr_s
_mbscspn
_ismbcdigit
_ismbblead

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
fclose
__stdio_common_vsprintf_s
__stdio_common_vsprintf
fflush
ftell
fseek
fgets
fputs
fwrite
clearerr_s
ferror
feof
_get_osfhandle
fread
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
_open_osfhandle
_fileno
__stdio_common_vsscanf
__stdio_common_vsnprintf_s

api-ms-win-crt-heap-l1-1-0

_expand
_msize
calloc
malloc
_recalloc
free
realloc

api-ms-win-crt-utility-l1-1-0

abs
labs
ldiv
rand_s

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
atol
wcstombs_s
strtod
_itoa_s
_ltoa_s
strtol
_ultoa_s

api-ms-win-crt-math-l1-1-0

exp
_fdopen
sin
cos
ceil
fabs
atan2
sqrt
floor

api-ms-win-crt-time-l1-1-0

clock
_time64
_mktime64
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_fullpath
_makepath_s
_splitpath_s

user32

GetDesktopWindow
GetAsyncKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawStateA
GetCapture
LoadAcceleratorsW
TranslateAcceleratorA
GetSystemMetrics
DestroyMenu
LoadMenuW
RedrawWindow
PostThreadMessageA
GetClassInfoA
DefWindowProcA
GetWindow
GetMenuItemCount
GetMenuItemID
IsIconic
GetForegroundWindow
DrawIcon
GetMonitorInfoA
MonitorFromPoint
SystemParametersInfoA
LoadCursorA
ValidateRect
SetLayeredWindowAttributes
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetUpdateRect
UnionRect
SetWindowPos
LockWindowUpdate
GetKeyState
BeginDeferWindowPos
EndDeferWindowPos
AppendMenuA
CreatePopupMenu
IntersectRect
SetScrollPos
EnableMenuItem
GetNextDlgTabItem
GetSystemMenu
IsMenu
IsZoomed
ModifyMenuA
DeleteMenu
SetWindowRgn
DestroyAcceleratorTable
GetTopWindow
DestroyWindow
MonitorFromRect
EnumDisplayMonitors
GetSysColor
GetClassLongA
IsClipboardFormatAvailable
DestroyCursor
CreateAcceleratorTableA
CopyAcceleratorTableA
GetKeyboardState
ToAsciiEx
MapVirtualKeyA
CharUpperA
LoadImageW
LoadIconW
SetWindowTextA
GetMenuState
CheckMenuItem
SetFocus
GetMenuItemInfoA
DrawFrameControl
SubtractRect
GetLastActivePopup
GetMessageA
UpdateLayeredWindow
EnableScrollBar
GetScrollPos
GetMenuDefaultItem
SetMenuDefaultItem
HideCaret
InvertRect
EnumChildWindows
GetWindowTextA
GetDoubleClickTime
GetDC
ReleaseDC
GetWindowRgn
FrameRect
ShowScrollBar
IsWindowEnabled
InsertMenuA
WaitMessage
GetComboBoxInfo
CharUpperBuffA
DrawEdge
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
GetWindowThreadProcessId
MessageBoxA
SetWindowLongA
SetMenuItemBitmaps
SetMenuItemInfoA
GetMenuCheckMarkDimensions
CallWindowProcA
SetActiveWindow
CreateMenu
MoveWindow
InvalidateRgn
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowTextLengthA
GetTabbedTextExtentW
GetDlgItem
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
GetPropA
RemovePropA
SetPropA
MapDialogRect
GetMessageTime
GetMessagePos
GetDialogBaseUnits
GetDCEx
RemoveMenu
MsgWaitForMultipleObjectsEx
CharNextA
SetWindowContextHelpId
IsDialogMessageA
ClipCursor
SendNotifyMessageA
InSendMessage
GetMenuStringA
WindowFromDC
SetScrollRange
AdjustWindowRectEx
GetTabbedTextExtentA
CountClipboardFormats
LoadBitmapA
GetMenu
SetMenu
GetClassInfoExA
CreateWindowExA
SetWindowPlacement
TrackPopupMenuEx
RegisterClassA
WinHelpA
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
MonitorFromWindow
BeginPaint
EndPaint
SendDlgItemMessageA
LoadAcceleratorsA
LoadMenuA
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
GetMenuBarInfo
GetWindowDC
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
RealChildWindowFromPoint
CharToOemBuffA
OemToCharBuffA
IsWindow
SetRect
EnableWindow
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
DispatchMessageA
TranslateMessage
PeekMessageA
SetForegroundWindow
LoadCursorW
GetFocus
IsChild
TrackPopupMenu
LoadIconA
GetNextDlgGroupItem
DrawFocusRect
SetCursor
GetWindowLongA
CopyImage
GetIconInfo
FillRect
LoadImageA
NotifyWinEvent
CopyRect
LoadBitmapW
MapWindowPoints
MessageBeep
SetCursorPos
WindowFromPoint
ClientToScreen
SetCapture
ReleaseCapture
CopyIcon
BringWindowToTop
RegisterWindowMessageA
DestroyIcon
GetClassNameA
SetParent
ShowWindow
GetWindowPlacement
IsRectEmpty
GetDlgCtrlID
PostMessageA
DeferWindowPos
EqualRect
GetSysColorBrush
SetClassLongA
GetParent
DrawIconEx
InflateRect
OffsetRect
PtInRect
UpdateWindow
SetTimer
TrackMouseEvent
ScreenToClient
GetCursorPos
IsWindowVisible
GetClientRect
KillTimer
SetRectEmpty
GetWindowRect
SendMessageA
RegisterClipboardFormatA
InvalidateRect
GetSubMenu
GetKeyboardLayout

gdi32

CreateFontA
StretchDIBits
RoundRect
CreateEllipticRgn
CreateHatchBrush
ExtTextOutA
Polyline
GetDIBits
SelectPalette
SetBkColor
CreateBitmap
SetDIBColorTable
StretchBlt
EnumFontFamiliesExA
CreateRoundRectRgn
SetRectRgn
FillRgn
GetBoundsRect
CombineRgn
CreateRectRgn
PatBlt
GetCurrentObject
EndDoc
EndPage
StartPage
ExtFloodFill
SetPaletteEntries
CreateDIBitmap
CreatePatternBrush
CreatePen
EnumFontFamiliesA
GetTextCharsetInfo
GetDeviceCaps
CreateFontIndirectA
GetBkColor
Ellipse
SetPixel
CreateDIBSection
OffsetRgn
CreateRectRgnIndirect
GetRgnBox
BitBlt
SetPixelV
CreateCompatibleBitmap
FrameRgn
PtInRegion
CreatePolygonRgn
GetPixel
GetSystemPaletteEntries
GetNearestPaletteIndex
RealizePalette
CreatePalette
GetPaletteEntries
GetStockObject
Rectangle
Polygon
GetTextColor
GetObjectType
SelectObject
DeleteObject
CreateCompatibleDC
CreateSolidBrush
GetObjectA
GetTextExtentPoint32A
GetTextMetricsA
DeleteDC
LPtoDP
GetCharWidthA
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
GetViewportOrgEx
PtVisible
RectVisible
TextOutA
Escape
GetClipBox
GetTextAlign
GetCurrentPositionEx
MoveToEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SaveDC
RestoreDC
GetROP2
GetBkMode
GetPolyFillMode
GetStretchBltMode
GetNearestColor
GetTextFaceA
GetWindowExtEx
GetViewportExtEx
SetTextColor
SetMapMode
SetWindowExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
GetTextExtentPointA
GetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreateDCA
SetBrushOrgEx
SetAbortProc
StartDocA
DPtoLP
AbortDoc
CopyMetaFileA
UnrealizeObject
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
OffsetWindowOrgEx
SelectClipRgn
ExcludeClipRect
OffsetClipRgn
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
SelectClipPath
GetClipRgn
ExtSelectClipRgn
PlayMetaFileRecord
PlayMetaFile
EnumMetaFile
ExtCreatePen
CreateDIBPatternBrushPt
GetMapMode

ole32

CoTreatAsClass
SetConvertStg
WriteFmtUserTypeStg
OleDuplicateData
WriteClassStg
GetRunningObjectTable
OleTranslateAccelerator
IsAccelerator
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoGetMalloc
StgOpenStorage
StgIsStorageFile
StgCreateDocfile
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleSetClipboard
OleGetClipboard
OleRegGetUserType
GetClassFile
CreateBindCtx
CreateFileMoniker
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
OleSetMenuDescriptor
CreateGenericComposite
CoDisconnectObject
OleRegEnumVerbs
CreateItemMoniker
OleRegGetMiscStatus
OleGetIconOfClass
GetHGlobalFromILockBytes
ReadClassStg
OleLoad
OleSave
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSetContainedObject
StringFromCLSID
OleLockRunning
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
PropVariantCopy
CoInitializeEx
CoGetClassObject
StringFromGUID2
ReadFmtUserTypeStg
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReadClassStm
OleSaveToStream
CreateOleAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
ReleaseStgMedium
CreateDataAdviseHolder
CreateDataCache
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
PropVariantClear
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
WriteClassStm
CoCreateInstance
OleDraw
DoDragDrop
OleRun

oleaut32

SafeArrayUnaccessData
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VarParseNumFromStr
SafeArrayCreateVector
VarBstrFromDec
VarDecFromStr
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
SafeArrayRedim
SafeArrayCreate
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
VariantCopy
VarBstrCmp
DispCallFunc
VariantInit
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
OleLoadPicture
OleCreatePictureIndirect
OleCreateFontIndirect
OleTranslateColor
OleCreatePropertyFrame

shlwapi

StrFormatKBSizeA
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
UrlUnescapeA

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

uxtheme

DrawThemeParentBackground
GetWindowTheme
DrawThemeBackground
GetThemeColor
OpenThemeData
CloseThemeData
GetCurrentThemeName
GetThemeSysColor
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
IsAppThemed

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2b858509288a4fad30c0e97576984ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

user32

gdi32

ole32

oleaut32

shlwapi

imm32

uxtheme

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.data Size: 40KB - Virtual size: 55KB

.idata Size: 21KB - Virtual size: 21KB

.didat Size: 1024B - Virtual size: 676B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 40KB - Virtual size: 55KB

.idata
Size: 21KB - Virtual size: 21KB

.didat
Size: 1024B - Virtual size: 676B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 1.0MB - Virtual size: 1.0MB