b95b2ac1be1977238f38f72f00b9b35294c81e26374ffcdf5f4cf09a482feced

Sharing

Copy URL Twitter E-mail

General

Target

b95b2ac1be1977238f38f72f00b9b35294c81e26374ffcdf5f4cf09a482feced
Size

208KB
MD5

aed715b33cf1c302d5857ba676aaaeeb
SHA1

272895e4299f02c625a9e73026db93a42ca61758
SHA256

b95b2ac1be1977238f38f72f00b9b35294c81e26374ffcdf5f4cf09a482feced
SHA512

309a59d84c357d4df55eb137cc24577487eda671de5ffc0fb0e4001ec86856af178d99d35f1d279ea8a1a6c26c7c66e83d9384bf5379f277ec86c8cb5bab3e3f
SSDEEP

3072:6qjLxm79lTE1LOIOiZyAgXARJ9WP5VKyms4gsUGbdBIhAw+zxwx5MH/0KwzcwvmN:tElUSI7gCJu5wpk1Kd8AwE+x5dtzre

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b95b2ac1be1977238f38f72f00b9b35294c81e26374ffcdf5f4cf09a482feced

Files

b95b2ac1be1977238f38f72f00b9b35294c81e26374ffcdf5f4cf09a482feced
.exe windows:4 windows x86 arch:x86

e0fa2295b022213ff23cc03b0685c74f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2641
ord1658
ord4430
ord4421
ord798
ord823
ord533
ord6879
ord3870
ord2644
ord3297
ord1662
ord665
ord1971
ord5438
ord3313
ord5180
ord354
ord6451
ord4400
ord5286
ord4418
ord3724
ord567
ord804
ord4262
ord6193
ord6375
ord6211
ord6777
ord2078
ord2371
ord4532
ord3621
ord2406
ord283
ord4279
ord3658
ord1787
ord4270
ord800
ord538
ord5871
ord2854
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord5939
ord942
ord858
ord2084
ord5480
ord4155
ord540
ord4847
ord1143
ord1165
ord2294
ord6195
ord755
ord470
ord922
ord925
ord4124
ord4272
ord2756
ord537
ord1938
ord3614
ord815
ord561
ord5677
ord1131
ord1202
ord2717
ord2810
ord5679
ord1634
ord861
ord1795
ord4225
ord3566
ord3568
ord6150
ord4358
ord4051
ord5467
ord4116
ord2381
ord1702
ord5230
ord6365
ord5244
ord2436
ord620
ord501
ord298
ord773
ord2444
ord1083
ord5596
ord6597
ord4370
ord4078
ord1834
ord2859
ord4448
ord1709
ord6218
ord4198
ord5777
ord2746
ord2561
ord2706
ord2705
ord2558
ord6871
ord4469
ord2538
ord5057
ord5278
ord3810
ord4753
ord5977
ord5275
ord6105
ord291
ord640
ord2442
ord5785
ord1633
ord323
ord2559
ord2745
ord686
ord696
ord699
ord384
ord394
ord397
ord2397
ord5781
ord2855
ord2400
ord5586
ord5589
ord912
ord4183
ord4180
ord2836
ord2440
ord2858
ord2755
ord2862
ord816
ord562
ord2036
ord2099
ord5446
ord5830
ord5436
ord6379
ord6390
ord4215
ord2576
ord3649
ord2430
ord2447
ord927
ord2606
ord5568
ord2914
ord1637
ord3871
ord1808
ord3792
ord860
ord4282
ord4237
ord674
ord366
ord5248
ord1229
ord1150
ord2619
ord4451
ord4407
ord4493
ord4584
ord4718
ord5047
ord4331
ord5048
ord5024
ord4787
ord700
ord542
ord398
ord802
ord5597
ord5590
ord3433
ord2910
ord4197
ord535
ord940
ord4184
ord913
ord5603
ord2754
ord998
ord4273
ord6565
ord5706
ord2236
ord941
ord6266
ord6153
ord4199
ord924
ord2385
ord536
ord4229
ord641
ord825
ord324
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord5233
ord1768
ord4072
ord6051
ord4146
ord2873
ord2874
ord3398
ord5468
ord975
ord5006
ord3345
ord4298
ord4461
ord5097
ord5094
ord3054
ord2382
ord2715
ord6667
ord3281
ord1197
ord4470
ord3084
ord4704
ord3991
ord3087
ord3993
ord6003
ord4118
ord6898
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord1172
ord5261
ord1569

msvcrt

_controlfp
_stricmp
sprintf
wcscat
wcscpy
__CxxFrameHandler
wcscmp
wcslen
wcsrchr
wcsstr
swprintf
_wcsicmp
wcschr
_wcsdup
toupper
swscanf
iswdigit
wcsncpy
iswalnum
iswspace
_wcsnicmp
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ

kernel32

GetFileSize
ReadFile
CreateFileW
MultiByteToWideChar
GetTickCount
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GetModuleHandleW
GetSystemDefaultLangID
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcess
FreeLibrary
GetVersionExW
CreateMutexW
lstrlenW
GetModuleFileNameW
FindFirstFileW
GetLastError
FindNextFileW
CreateDirectoryW
LoadLibraryW
GetProcAddress
CloseHandle
GetStartupInfoW

user32

GetPropW
GetClassNameW
CallWindowProcW
AdjustWindowRectEx
GetMenuStringW
GetMenuItemID
IsMenu
AppendMenuW
GetWindow
RemoveMenu
WindowFromPoint
SetWindowRgn
LoadImageW
RedrawWindow
SetClassLongW
GetClassLongW
IsZoomed
GetForegroundWindow
GetMonitorInfoW
GetAsyncKeyState
GetSystemMenu
IsIconic
GetSystemMetrics
DrawIcon
LoadIconW
LoadCursorW
SetCursor
CopyRect
FillRect
InvalidateRect
GetClientRect
EnableWindow
SendMessageW
GetWindowLongW
SetPropW
SetWindowLongW
RemovePropW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
WindowFromDC
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
GetSubMenu
GetSysColor
ReleaseCapture
PostMessageW
SetCapture
GetCursorPos
ScreenToClient
KillTimer
SetTimer
EqualRect
GetFocus
IsWindowVisible
PtInRect
OffsetRect
SetRect
GetWindowRect
GetParent
UpdateWindow
InflateRect
TrackPopupMenuEx
SystemParametersInfoW
GetDC
GetIconInfo
DrawIconEx
CreateIconIndirect
ReleaseDC
SetWindowPos
CharLowerW

gdi32

CreateRoundRectRgn
CreateEllipticRgnIndirect
CombineRgn
StretchBlt
CreateRectRgnIndirect
CreateFontIndirectW
AddFontResourceW
RemoveFontResourceW
GetStockObject
ExtTextOutW
GetTextExtentPoint32W
CreateFontW
CreateCompatibleDC
DeleteDC
DeleteObject
CreateCompatibleBitmap
CreateBitmap
SelectObject
BitBlt
GetObjectW
SetBkColor
CreateSolidBrush
TextOutW

advapi32

CloseServiceHandle
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExW
OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteValueA
RegSetValueExA

comctl32

ImageList_GetIcon
ImageList_DrawEx
ImageList_Draw

ole32

CoFreeUnusedLibraries

gdiplus

GdipDisposeImage
GdipCreateBitmapFromFile
GdiplusShutdown
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdiplusStartup

shlwapi

SHDeleteKeyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 646KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0fa2295b022213ff23cc03b0685c74f

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

ole32

gdiplus

shlwapi

version

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 646KB

.rsrc Size: 100KB - Virtual size: 98KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 646KB

.rsrc
Size: 100KB - Virtual size: 98KB