f6431067753083af9325b41df49d49198a482e1f8b1ad8fc03ae36ecd4466d68

Sharing

Copy URL Twitter E-mail

General

Target

f6431067753083af9325b41df49d49198a482e1f8b1ad8fc03ae36ecd4466d68
Size

1.4MB
MD5

fb7f69b6989a3903d675ba27f24b1049
SHA1

de01226085a64ff55b244560526ce4bb73389fe3
SHA256

f6431067753083af9325b41df49d49198a482e1f8b1ad8fc03ae36ecd4466d68
SHA512

620168df0b4b7f3e09581f5f22dc8f77b8e948d9a39d2cbb97bfd35343186b8b56959302e9e6f29fa48b45684d88fb4138247fda74be770dfb4fc0e6052aabf7
SSDEEP

24576:SNO2pyL6ppbgQtFZ9fRL1jxcId/VqewbhT8OHtP9F:InpyGX0fewbhTXHtP9F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6431067753083af9325b41df49d49198a482e1f8b1ad8fc03ae36ecd4466d68

Files

f6431067753083af9325b41df49d49198a482e1f8b1ad8fc03ae36ecd4466d68
.exe windows:4 windows x86 arch:x86

77ef3c29eef6e8930b55459a5b5a3db1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rsacrypt

?WFSHA256String@@YAXPAD0@Z
?WFRSAEncryptString@@YAXPAD00@Z
?WFRSADecryptString@@YAXPAD00@Z

ws2_32

recvfrom
select
recv
getpeername
getsockname
WSASetLastError
__WSAFDIsSet
sendto
ntohl
htons
inet_ntoa
closesocket
socket
WSAStartup
WSACleanup
gethostbyname
gethostbyaddr
getsockopt
htonl
WSAGetLastError
setsockopt
ntohs
send
inet_addr
listen
accept
connect
bind

advapi32

OpenSCManagerW
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyA

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA

wfbooklistdll

GetBookListFromExcel

msvcrt

_controlfp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_XcptFilter
_exit
fgets
_wtoi
localtime
_beginthreadex
strchr
srand
wcsrchr
wcscat
towupper
towlower
swprintf
clearerr
strerror
fputc
_vsnprintf
_fdopen
ftell
calloc
_iob
exit
wcsstr
iswspace
_wcsnicmp
iswalnum
wcscpy
wcsncpy
iswdigit
swscanf
abs
toupper
wcscmp
_wcsdup
wcschr
_wcsicmp
strncpy
wcslen
_itoa
fprintf
time
rand
malloc
free
perror
_wsplitpath
printf
_ftol
_purecall
fflush
strstr
__CxxFrameHandler
strcmp
fwrite
atoi
??2@YAPAXI@Z
fread
??3@YAXPAX@Z
fopen
_setmode
fclose
fseek
fgetpos
strcpy
strcat
sscanf
sprintf
strrchr
_unlink
_stricmp
_errno
memset
memcpy
strlen

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

mfc42u

ord470
ord3296
ord3693
ord765
ord4166
ord2141
ord2350
ord4050
ord6661
ord1761
ord5887
ord5261
ord4370
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord800
ord861
ord540
ord641
ord2281
ord2362
ord2294
ord6330
ord925
ord942
ord535
ord4847
ord858
ord810
ord686
ord1172
ord922
ord4124
ord4272
ord2756
ord1562
ord537
ord1193
ord1165
ord1938
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord4418
ord815
ord561
ord1131
ord1202
ord2717
ord4269
ord2810
ord5679
ord3614
ord3621
ord3658
ord2406
ord1634
ord1662
ord2644
ord5677
ord1795
ord4225
ord6150
ord4358
ord4051
ord5467
ord4116
ord2381
ord1702
ord6051
ord1768
ord5230
ord6365
ord5244
ord2436
ord773
ord620
ord501
ord298
ord6193
ord2444
ord3989
ord2768
ord1083
ord2915
ord807
ord2112
ord554
ord5596
ord6597
ord4078
ord1834
ord4448
ord1709
ord6218
ord4198
ord2746
ord5777
ord2561
ord6211
ord2706
ord3087
ord2705
ord2558
ord6871
ord4469
ord2538
ord5057
ord4118
ord3810
ord4753
ord5977
ord5275
ord3084
ord6105
ord291
ord640
ord2442
ord5785
ord1633
ord323
ord5871
ord2559
ord2745
ord3568
ord3566
ord2859
ord2371
ord4158
ord696
ord699
ord384
ord394
ord397
ord2397
ord2855
ord2400
ord5586
ord5589
ord4183
ord4180
ord2088
ord909
ord912
ord1143
ord5781
ord3516
ord538
ord2755
ord2862
ord816
ord562
ord2854
ord5446
ord5830
ord6390
ord2836
ord2440
ord5436
ord6379
ord2036
ord2099
ord2858
ord2447
ord927
ord1637
ord3871
ord4215
ord2576
ord3649
ord2430
ord2606
ord5568
ord2914
ord6655
ord1808
ord4229
ord324
ord4279
ord3792
ord860
ord4470
ord4282
ord4704
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord674
ord366
ord5248
ord1229
ord1150
ord2619
ord4451
ord4407
ord4493
ord4584
ord4718
ord5047
ord4331
ord5048
ord5024
ord4787
ord700
ord542
ord398
ord802
ord5597
ord5590
ord3433
ord2910
ord4197
ord4155
ord940
ord4184
ord6195
ord5603
ord2754
ord998
ord4273
ord913
ord6565
ord6166
ord5706
ord926
ord2236
ord941
ord6266
ord6153
ord4199
ord879
ord882
ord5852
ord6279
ord6278
ord924
ord2385
ord536
ord5286
ord3728
ord4266
ord755
ord1569
ord3747
ord4128
ord4292
ord5784
ord4120
ord3292
ord3298
ord4688
ord6125
ord3748
ord3749
ord3282
ord5142
ord3995
ord2626
ord6124
ord3688
ord3393
ord567
ord1920
ord6228
ord6226
ord6144
ord2560
ord6264
ord6267
ord3220
ord3252
ord3907
ord2536
ord2535
ord2503
ord978
ord1724
ord5847
ord2878
ord2390
ord2410
ord6220
ord6222
ord2421
ord2242
ord4726
ord4535
ord5473
ord2251
ord4830
ord4434
ord527
ord794
ord4259
ord1940
ord4221
ord5299
ord4693
ord5711
ord565
ord817
ord2718
ord2078
ord1197
ord2084
ord5480
ord6511
ord1921
ord795
ord4270
ord6168
ord3397
ord3716
ord1934
ord4583
ord4582
ord4893
ord4364
ord4886
ord4526
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord4426
ord3909
ord4267
ord5255
ord4501
ord5869
ord6004
ord3394
ord3729
ord303
ord813
ord6376
ord3476
ord4901
ord6205
ord2486
ord2618
ord692
ord4219
ord616
ord693
ord2809
ord3494
ord355
ord2857
ord2244
ord6688
ord2248
ord1836
ord2572
ord4394
ord682
ord3625
ord1841
ord2575
ord4397
ord4239
ord3991
ord3281
ord6896
ord6898
ord5249
ord6238
ord6003
ord3993
ord3366
ord3636
ord2287
ord2356
ord2293
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord2574
ord4396
ord3365
ord3635
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord5949
ord3092
ord2284
ord2357
ord2634
ord6451
ord1787
ord4390
ord609
ord3870
ord2567
ord3569
ord6735
ord6160

kernel32

lstrlenA
GetStartupInfoW
DefineDosDeviceA
FlushFileBuffers
lstrcpyW
lstrcatW
FlushInstructionCache
WinExec
GetLocalTime
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
CreateNamedPipeA
ConnectNamedPipe
GetOverlappedResult
DisconnectNamedPipe
Sleep
CreateMutexW
GetSystemDirectoryW
LoadLibraryExA
GetFileSize
GetStringTypeExW
SizeofResource
lstrcmpiW
lstrlenW
FindResourceW
LoadResource
LockResource
FreeResource
LoadLibraryW
GetModuleFileNameW
GetVersionExW
GetPrivateProfileStringW
WideCharToMultiByte
GetSystemDirectoryA
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
FormatMessageW
LocalFree
SetThreadExecutionState
TerminateProcess
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTime
GetWindowsDirectoryA
LoadLibraryA
CopyFileA
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
CreateThread
CreateEventW
InterlockedExchangeAdd
IsBadWritePtr
InterlockedExchange
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
DeviceIoControl
SetFilePointer
CreateFileMappingW
GetModuleHandleW
GetProcAddress
CreateProcessA
GetCurrentProcess
OpenProcess
MultiByteToWideChar
WriteFile
ReadFile
GlobalMemoryStatus
DeleteFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLastError
GetModuleHandleA
GetModuleFileNameA
GetLogicalDrives
GetDriveTypeA
CreateFileA
CloseHandle
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetTickCount

user32

EqualRect
SendMessageW
IsIconic
GetWindowRect
GetClientRect
ScreenToClient
UpdateWindow
InvalidateRect
IsWindowVisible
SetTimer
KillTimer
SetCapture
GetFocus
GetParent
GetSysColor
LoadBitmapW
SetMenuItemInfoW
GetMenuItemInfoW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
RemovePropW
SetRect
SetPropW
GetWindowLongW
GetForegroundWindow
GetPropW
GetClassNameW
CallWindowProcW
AdjustWindowRectEx
WindowFromDC
GetMenuItemCount
GetSubMenu
IsMenu
AppendMenuW
GetMenuItemID
GetMenuStringW
RemoveMenu
GetWindow
WindowFromPoint
LoadImageW
GetWindowTextA
GetClassNameA
SetWindowRgn
GetSystemMetrics
SetClassLongW
GetClassLongW
RedrawWindow
OffsetRect
LoadIconW
SetWindowPos
GetMonitorInfoW
GetAsyncKeyState
UnionRect
GetSystemMenu
IsZoomed
ShowScrollBar
PostThreadMessageW
SetCursor
FillRect
ShowCursor
GetDlgItem
SetWindowTextA
DestroyWindow
MoveWindow
RegisterHotKey
DestroyIcon
PostMessageA
DialogBoxParamW
ShowWindow
CreateMenu
CreatePopupMenu
LoadMenuW
ExitWindowsEx
EnableMenuItem
EnumChildWindows
SendMessageA
GetWindowThreadProcessId
EnumWindows
DrawTextW
ClientToScreen
PtInRect
ReleaseCapture
GetCursorPos
TrackPopupMenuEx
MessageBoxA
EnableWindow
GetDC
GetIconInfo
DrawIconEx
CreateIconIndirect
SystemParametersInfoW
PostMessageW
IsWindow
CharLowerW
ReleaseDC
InflateRect
LoadCursorW
CopyRect
SetWindowLongW

gdi32

CombineRgn
CreateRectRgnIndirect
CreateRoundRectRgn
AddFontResourceW
RemoveFontResourceW
GetStockObject
GetTextExtentPoint32W
ExtTextOutW
CreateEllipticRgnIndirect
GetDIBits
CreateFontIndirectW
StretchBlt
CreatePen
GetBkColor
GetTextMetricsW
CreatePatternBrush
SelectObject
SetDIBits
GetTextAlign
CreateSolidBrush
CreateFontW
BitBlt
CreateCompatibleDC
DeleteDC
GetObjectW
DeleteObject
CreateCompatibleBitmap
CreateBitmap

shell32

ShellExecuteExA
ShellExecuteW

comctl32

ImageList_AddMasked
ImageList_DrawEx
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragEnter
_TrackMouseEvent
ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIcon

ole32

CoUninitialize
CoFreeUnusedLibraries
CoInitialize

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

gdiplus

GdipCloneImage
GdipAlloc
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipDisposeImage
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipDrawImagePointRectI
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteGraphics
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

uxtheme

SetThemeAppProperties

netapi32

NetUserAdd

Sections

.text
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 939KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77ef3c29eef6e8930b55459a5b5a3db1

Headers

File Characteristics

Imports

rsacrypt

ws2_32

advapi32

psapi

wfbooklistdll

msvcrt

msvcp60

mfc42u

kernel32

user32

gdi32

shell32

comctl32

ole32

iphlpapi

gdiplus

dbghelp

version

uxtheme

netapi32

Sections

.text Size: 980KB - Virtual size: 979KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 72KB - Virtual size: 939KB

.idata Size: 20KB - Virtual size: 18KB

.rsrc Size: 228KB - Virtual size: 225KB

.reloc Size: 48KB - Virtual size: 46KB

.text
Size: 980KB - Virtual size: 979KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 72KB - Virtual size: 939KB

.idata
Size: 20KB - Virtual size: 18KB

.rsrc
Size: 228KB - Virtual size: 225KB

.reloc
Size: 48KB - Virtual size: 46KB