cf1cf4cec8c7c3b28917c047cfdcb12f793567d8d37b95dab0727977a172e16f

Sharing

Copy URL

Twitter E-mail

General

Target

cf1cf4cec8c7c3b28917c047cfdcb12f793567d8d37b95dab0727977a172e16f
Size

672KB
MD5

22534f2167bc961a02d7a02507d3523c
SHA1

ef8614344291a80876b033826812cdcc4987e365
SHA256

cf1cf4cec8c7c3b28917c047cfdcb12f793567d8d37b95dab0727977a172e16f
SHA512

b57bb16c86d9d9770c460ffabafae878c8ef9300d714498bf5b84f12fb4e85a2f9e597b2cc4cf867b658ac3fb5676da488693366dba63663ffd0f0b0576e0a81
SSDEEP

12288:/Psy4QttXgJd2BnUnOlstWULvhhoVaYV1sK306AAl5f:sIukBnUnYstjfoVXV1sK306j/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf1cf4cec8c7c3b28917c047cfdcb12f793567d8d37b95dab0727977a172e16f

Files

cf1cf4cec8c7c3b28917c047cfdcb12f793567d8d37b95dab0727977a172e16f
.exe windows:5 windows x86 arch:x86

06e2970397c8ca28bdd6b1d2ea697c9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\devel\kmeleon\Release\k-meleon.pdb

Imports

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z

mfc120u

ord11649
ord3197
ord927
ord6707
ord6389
ord261
ord4839
ord9012
ord1176
ord2711
ord14432
ord3831
ord2952
ord8627
ord4181
ord3147
ord6491
ord11267
ord5327
ord8658
ord6482
ord1139
ord2843
ord11837
ord500
ord3914
ord9007
ord1063
ord4176
ord3103
ord6393
ord1386
ord887
ord12958
ord7890
ord460
ord14336
ord9056
ord12479
ord1105
ord13149
ord450
ord2478
ord5020
ord4842
ord12222
ord5789
ord5036
ord13828
ord2161
ord1682
ord5667
ord10131
ord2303
ord4692
ord4672
ord5491
ord1141
ord503
ord8352
ord7542
ord1467
ord8268
ord12122
ord10314
ord12736
ord4546
ord7881
ord8206
ord5262
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord992
ord6758
ord5274
ord6465
ord1350
ord12511
ord1844
ord821
ord2294
ord2264
ord2215
ord3809
ord5821
ord12114
ord8099
ord12126
ord12094
ord2293
ord2265
ord2280
ord8347
ord290
ord13111
ord5027
ord7956
ord4899
ord3754
ord6005
ord9106
ord3012
ord9134
ord2552
ord12092
ord1406
ord10379
ord1886
ord4065
ord3196
ord919
ord6704
ord3122
ord7515
ord12091
ord10881
ord1403
ord6212
ord11809
ord11808
ord11810
ord11807
ord11050
ord10451
ord11208
ord8923
ord10902
ord11116
ord8858
ord911
ord6703
ord2724
ord13516
ord5753
ord14238
ord8594
ord4984
ord3651
ord3756
ord3766
ord13761
ord2736
ord3732
ord4567
ord12019
ord3650
ord6922
ord4699
ord1469
ord994
ord13159
ord7984
ord4528
ord10768
ord12899
ord2823
ord4128
ord4606
ord5864
ord6398
ord9297
ord7533
ord4904
ord8873
ord11651
ord11591
ord2584
ord2608
ord5042
ord5043
ord5039
ord5744
ord5727
ord3325
ord3219
ord7317
ord8039
ord5558
ord13153
ord3821
ord4838
ord5684
ord1369
ord12758
ord12397
ord850
ord2434
ord6749
ord11590
ord12738
ord12824
ord6763
ord11052
ord5328
ord14458
ord3911
ord8233
ord14188
ord3803
ord14313
ord8367
ord4887
ord4920
ord4879
ord1736
ord1727
ord1731
ord1723
ord1711
ord12132
ord12134
ord13738
ord3224
ord9137
ord10883
ord11508
ord9582
ord10618
ord6875
ord12095
ord8846
ord14447
ord11811
ord3790
ord3795
ord11964
ord9020
ord11601
ord11600
ord5557
ord10169
ord10165
ord10167
ord10168
ord10166
ord1471
ord2719
ord8092
ord10136
ord6766
ord3281
ord3260
ord3263
ord13616
ord6123
ord6032
ord2173
ord6373
ord3100
ord3295
ord1052
ord6392
ord2354
ord6510
ord3889
ord2484
ord14237
ord4184
ord8628
ord6469
ord2480
ord3839
ord2355
ord6702
ord3195
ord3317
ord1400
ord2214
ord6462
ord7889
ord12010
ord11950
ord1773
ord6652
ord266
ord321
ord3806
ord2223
ord6401
ord3106
ord3297
ord7950
ord13505
ord1068
ord4179
ord8626
ord2951
ord3829
ord9009
ord4627
ord4680
ord2343
ord258
ord2262
ord7033
ord514
ord3132
ord8280
ord4943
ord4944
ord6033
ord12331
ord1746
ord5837
ord13560
ord13569
ord5842
ord13567
ord5841
ord2515
ord4452
ord11305
ord5858
ord8713
ord9233
ord1148
ord8091
ord9094
ord11675
ord11670
ord12052
ord3800
ord4544
ord11977
ord9118
ord11956
ord11370
ord10283
ord9183
ord9304
ord10393
ord10628
ord11415
ord8775
ord11509
ord11598
ord7394
ord2336
ord4376
ord2903
ord6736
ord965
ord3216
ord3322
ord13488
ord2902
ord5726
ord5743
ord6186
ord13666
ord13660
ord13664
ord4194
ord1442
ord2606
ord2583
ord14445
ord7517
ord981
ord8358
ord13181
ord1455
ord6452
ord3129
ord1130
ord540
ord3140
ord1168
ord2609
ord1073
ord8871
ord11973
ord11536
ord9245
ord5332
ord8053
ord13333
ord9349
ord3194
ord4813
ord6492
ord5716
ord7946
ord4182
ord1177
ord9013
ord5887
ord14367
ord3773
ord6735
ord3215
ord4193
ord1441
ord9016
ord6434
ord458
ord3359
ord3361
ord3362
ord4442
ord10353
ord11271
ord10896
ord8921
ord12047
ord9091
ord2718
ord13612
ord6121
ord12006
ord7382
ord5871
ord3654
ord3653
ord467
ord1111
ord2347
ord4049
ord1108
ord12430
ord12633
ord4620
ord14277
ord14271
ord5019
ord7916
ord12755
ord14270
ord2572
ord4033
ord7331
ord7543
ord8107
ord5785
ord7020
ord501
ord1140
ord4050
ord6219
ord2308
ord2708
ord13988
ord4621
ord12634
ord8639
ord8242
ord293
ord839
ord1363
ord8636
ord12664
ord2261
ord1648
ord2416
ord14281
ord1520
ord1684
ord2948
ord2954
ord8638
ord8346
ord1506
ord12219
ord14463
ord12276
ord14516
ord2341
ord6870
ord8655
ord2607
ord11996
ord2611
ord8872
ord11650
ord9017
ord7529
ord4841
ord2582
ord4070

msvcr120

memcpy
_snprintf
_CIsqrt
_CxxThrowException
floor
fgets
getenv
_strnicmp
_itoa
_strdup
_stricmp
__CxxFrameHandler3
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
strpbrk
setlocale
_wtof
_wcsicmp
_itoa_s
_time64
_i64tow
srand
rand
swscanf
wcscpy_s
tolower
wcsncat
strncat
isalpha
isspace
_wfullpath
wcsrchr
realloc
malloc
_wtoi
strrchr
atoi
ldiv
_localtime64
strftime
_recalloc
strncpy
calloc
_wcsdup
fclose
_wfopen
wcsncpy
_create_locale
_wtof_l
wcsncmp
wcsstr
memcpy_s
_itow
_wcsnicmp
memmove
memmove_s
_purecall
strchr
strstr
free
strncmp
sprintf
wcschr
memcmp

kernel32

LockResource
GlobalUnlock
MulDiv
WaitForSingleObject
GlobalLock
LoadResource
GlobalAlloc
FindResourceW
DeleteCriticalSection
DecodePointer
OutputDebugStringW
LoadLibraryExW
CreateFileW
ReadFile
SetFilePointerEx
GetLastError
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
ReleaseMutex
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetSystemTime
SystemTimeToFileTime
lstrcpyW
lstrlenW
LocalFree
GetVersion
FindNextFileW
MoveFileW
InterlockedExchange
WritePrivateProfileStringW
CreateDirectoryW
GetCurrentProcess
CreateMutexW
GetCommandLineW
FindClose
FindFirstFileW
GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary
GetPrivateProfileIntW
GetModuleFileNameW
GetPrivateProfileStringW
GetWindowsDirectoryA
DeleteFileW
CloseHandle
GetTempPathW
CreateProcessW
GetTempFileNameW
GlobalFree
WideCharToMultiByte

user32

EnableWindow
SendMessageW
IsWindowVisible
GetSystemMetrics
AdjustWindowRectEx
IsWindow
RegisterHotKey
UnregisterHotKey
CreatePopupMenu
EnumChildWindows
GetCursorPos
SetWindowPos
GetSysColor
DestroyAcceleratorTable
MapVirtualKeyW
DestroyIcon
GetSysColorBrush
GetPropW
UnregisterClassW
DialogBoxParamW
CharLowerBuffW
CreateAcceleratorTableW
EndDialog
GetKeyNameTextW
SetDlgItemTextW
SetWindowTextW
GetActiveWindow
CopyRect
GetCaretPos
FlashWindow
GetAsyncKeyState
InflateRect
SetCursorPos
ShowWindow
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
OffsetRect
IntersectRect
EqualRect
PostThreadMessageW
CheckMenuItem
GetMessageW
RegisterWindowMessageW
TranslateMessage
LoadIconW
PeekMessageW
DefWindowProcW
DispatchMessageW
SetPropW
GetWindowDC
FillRect
DrawTextW
GetSubMenu
CreateMenu
DrawEdge
GetMenuItemInfoW
DrawMenuBar
GetMenuItemCount
RemoveMenu
InsertMenuW
DrawFrameControl
SetMenuItemInfoW
VkKeyScanA
PostQuitMessage
FindWindowExW
GetLastActivePopup
MapDialogRect
SetRect
BringWindowToTop
MessageBoxW
SetCursor
SetTimer
SetCapture
KillTimer
ReleaseCapture
CloseClipboard
LoadCursorW
EmptyClipboard
GetDlgItem
OpenClipboard
GetDlgItemTextW
SetClipboardData
ScreenToClient
GetClientRect
SetForegroundWindow
SetWindowLongW
RegisterClipboardFormatW
ClientToScreen
GetWindowRect
IsMenu
SetActiveWindow
IsIconic
IsChild
LoadImageW
PostMessageW
IsZoomed
GetKeyState
GetFocus
GetParent
MessageBeep
SubtractRect
IsWindowEnabled
SetFocus
PtInRect
GetIconInfo
GetDC
InvalidateRect
GetWindowLongW
AppendMenuW
SystemParametersInfoW
GetClassNameW
ReleaseDC
RedrawWindow
GetDesktopWindow

gdi32

Rectangle
GetBkColor
GetTextColor
CreateDCW
SetTextColor
SetBkColor
SetBkMode
GetBitmapBits
BitBlt
CreateDIBSection
CreateBitmap
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
GetDeviceCaps
DeleteObject
GetObjectW
DeleteDC

msimg32

AlphaBlend

comdlg32

GetSaveFileNameW

advapi32

OpenProcessToken
CreateRestrictedToken
CreateProcessAsUserW
GetTokenInformation

shell32

SHGetFolderPathW
SHFileOperationW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
CommandLineToArgvW
SHGetPathFromIDListA
SHAppBarMessage
SHGetSpecialFolderLocation

comctl32

ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_Remove
InitCommonControlsEx
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Add
ImageList_DrawEx
ImageList_GetImageCount
ImageList_GetIcon

shlwapi

ord12
SHCreateStreamOnFileW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize

gdiplus

GdiplusShutdown
GdiplusStartup
GdipFree
GdipGetImageHeight
GdipDrawImageRectRectI
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipSetImageAttributesRemapTable
GdipBitmapUnlockBits
GdipDrawImageI
GdipDisposeImageAttributes
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipCreateImageAttributes
GdipBitmapGetPixel
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth

mozjs

??1CompileOptions@JS@@QAE@XZ
??0CompileOptions@JS@@QAE@PAUJSContext@@W4JSVersion@@@Z
?Evaluate@JS@@YA_NPAUJSContext@@ABVReadOnlyCompileOptions@1@PB_WIV?$MutableHandle@VValue@JS@@@1@@Z
?StringToLinearStringSlow@js@@YAPAVJSLinearString@@PAUJSContext@@PAVJSString@@@Z
?JS_ReportPendingException@@YA_NPAUJSContext@@@Z
?JS_GetRuntime@@YAPAUJSRuntime@@PAUJSContext@@@Z
?JS_EndRequest@@YAXPAUJSContext@@@Z
?JS_GetStringLength@@YAIPAVJSString@@@Z
??0JSAutoNullableCompartment@@QAE@PAUJSContext@@PAVJSObject@@@Z
??1JSAutoNullableCompartment@@QAE@XZ
?JS_BeginRequest@@YAXPAUJSContext@@@Z
?JS_GetCompartmentPrincipals@@YAPAUJSPrincipals@@PAUJSCompartment@@@Z

Exports

Exports

NSModule

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06e2970397c8ca28bdd6b1d2ea697c9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp120

mfc120u

msvcr120

kernel32

user32

gdi32

msimg32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

gdiplus

mozjs

Exports

Exports

Sections

.text Size: 321KB - Virtual size: 321KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 7KB - Virtual size: 180KB

.rsrc Size: 180KB - Virtual size: 179KB

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 321KB - Virtual size: 321KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 7KB - Virtual size: 180KB

.rsrc
Size: 180KB - Virtual size: 179KB

.reloc
Size: 40KB - Virtual size: 40KB