2be77565006fa25a4de62cc0d658712b51794034d79b7cd44041dc8d8ed5f131

Sharing

Copy URL

Twitter E-mail

General

Target

2be77565006fa25a4de62cc0d658712b51794034d79b7cd44041dc8d8ed5f131
Size

4.8MB
MD5

d06e90df3e4c952cb49d4d650d4466b2
SHA1

190bd664fca22c1dcd11f0c2096c5afb6fb26479
SHA256

2be77565006fa25a4de62cc0d658712b51794034d79b7cd44041dc8d8ed5f131
SHA512

258f2102b5743002b3b28810b4b191c1fcd99d80ce2bb5054bddfd208a6253a5bff36bbbdeb9353d49bde294f8c5e6302a839c22de6e2ebd620ccd628de00d9b
SSDEEP

98304:Wwu7VtZF1DEz/hjtrzkkx4JXxeseK9/fFdNGBmn6:Ww0ZF1Duj95x4pxeseI/f3D6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2be77565006fa25a4de62cc0d658712b51794034d79b7cd44041dc8d8ed5f131

Files

2be77565006fa25a4de62cc0d658712b51794034d79b7cd44041dc8d8ed5f131
.exe windows:4 windows x86 arch:x86

221e374d12d558ae8ab019b233a04c87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2755
ord6640
ord5679
ord654
ord341
ord2053
ord2806
ord668
ord2762
ord356
ord5641
ord6149
ord3785
ord5579
ord1972
ord4053
ord2773
ord922
ord3173
ord5706
ord3579
ord803
ord543
ord1989
ord6403
ord798
ord5188
ord533
ord1197
ord5854
ord6136
ord6303
ord521
ord537
ord1567
ord6390
ord5446
ord6379
ord5436
ord823
ord6139
ord6874
ord6279
ord6330
ord2637
ord3087
ord5977
ord2362
ord929
ord536
ord500
ord541
ord2756
ord801
ord772
ord3805
ord5929
ord5930
ord933
ord6381
ord5769
ord287
ord6135
ord354
ord350
ord5180
ord3313
ord5438
ord1971
ord2385
ord665
ord610
ord3658
ord3608
ord3121
ord5647
ord3611
ord3122
ord940
ord535
ord942
ord2606
ord3806
ord2813
ord470
ord755
ord2371
ord2858
ord4155
ord1165
ord1143
ord4229
ord324
ord641
ord3592
ord4419
ord4621
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord4667
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord6920
ord925
ord2910
ord5568
ord6921
ord2810
ord861
ord4272
ord6278
ord6918
ord4124
ord858
ord538
ord6654
ord4273
ord1131
ord2613
ord825
ord561
ord540
ord815
ord800
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2822
ord4197
ord5857
ord941
ord539
ord1083
ord5638
ord773
ord501
ord1608
ord5859
ord5856
ord6141
ord6138
ord568
ord819
ord2914
ord2099
ord2836
ord955
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord5853
ord1193
ord1562
ord1258
ord6581
ord956
ord6657
ord6506
ord6473
ord1569

msvcrt

_wcsicoll
__CxxFrameHandler
_CxxThrowException
_snwprintf
wcsrchr
swscanf
wcslen
wcscmp
wcscat
wcscpy
swprintf
wcsncpy
strncpy
strrchr
strchr
wcschr
strstr
strpbrk
strspn
wcsstr
wcspbrk
wcsspn
_wcsnicmp
_wcsupr
sprintf
_wcsicmp
strncmp
_purecall
wprintf
_vsnwprintf
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_mbschr
_mbspbrk
_mbsrchr
_mbsstr
_mbsupr
_mbslwr
_mbsrev
memmove
_mbsinc
_mbclen
_mbsspn
_mbscspn
vsprintf
_mbsnbcmp
isdigit
atoi
_ismbcspace
_mbsnicmp
_wcslwr
_wcsrev
wcscspn
vswprintf
wcsncmp
iswdigit
_wtoi
iswspace
_mbsicmp
_mbsicoll
_mbscmp
_mbscoll
wcscoll
wcstod
mbtowc
__mb_cur_max
iswlower
isxdigit
wctomb
_stricmp
_strnicmp
_strlwr
toupper
sscanf
wcstol
isspace
_strupr
_strrev
strcspn
_snprintf
_vsnprintf
atol
_wtol
_beginthreadex
_onexit
??1type_info@@UAE@XZ
_controlfp

kernel32

SetFilePointer
SetEndOfFile
GetCurrentDirectoryW
CreateDirectoryW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
UnmapViewOfFile
LoadLibraryExW
LoadLibraryExA
EnumResourceLanguagesW
FindResourceExW
SizeofResource
LoadResource
LockResource
GetTickCount
MoveFileW
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetSystemDirectoryW
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetFileSize
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetSystemInfo
GetLocaleInfoW
GetComputerNameW
GetVersionExW
CreateFileW
CloseHandle
DeviceIoControl
LoadLibraryW
GetProcAddress
FreeLibrary
CopyFileW
FindResourceW
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
Sleep
DeleteFileW
MoveFileExW
GetEnvironmentVariableW
GetLastError
GetWindowsDirectoryW
GetFileAttributesW
GetTempPathW
GetCommandLineW
VirtualQuery
EnumResourceNamesW
EnumResourceTypesW
IsBadReadPtr
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
CreateFileMappingA
GetWindowsDirectoryA
GetSystemDirectoryA
GetFileAttributesA
VirtualProtect
GetModuleFileNameA
GetCurrentDirectoryA
OutputDebugStringA
SetThreadLocale
GetVersion
ResetEvent
CreateEventW
ResumeThread
SetThreadPriority
SuspendThread
SetEvent
TerminateThread
WaitForMultipleObjects
GetExitCodeThread
ReadFile
ReleaseMutex
OpenFileMappingW
CreateMutexW
LoadLibraryA
FlushFileBuffers
WriteFile
OutputDebugStringW
FreeConsole
AllocConsole
lstrlenW
GetStartupInfoW
SetLastError
FormatMessageW
GetACP
FormatMessageA
InterlockedIncrement
lstrlenA
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcessId

user32

SetThreadDesktop
GetThreadDesktop
OpenDesktopW
OpenInputDesktop
GetUserObjectInformationW
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
CloseDesktop
GetWindowThreadProcessId
GetWindowTextW
GetWindowLongW
GetParent
IsWindowVisible
EnumWindows
MessageBoxW
AppendMenuW
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
LoadIconW
SendMessageW
EnumDesktopWindows

advapi32

CreateServiceW
ChangeServiceConfigW
StartServiceW
RegSetValueExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegOpenKeyW
GetUserNameW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW
RegConnectRegistryW
InitializeSecurityDescriptor

shell32

ShellExecuteW

setupapi

SetupInstallFileW

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA

mpr

WNetAddConnection2W

ws2_32

gethostname
gethostbyname
WSACleanup
WSAStartup
ntohl
inet_addr
gethostbyaddr
htonl

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

ole32

CoInitialize
CoInitializeEx

oleaut32

SysReAllocStringLen
SysAllocStringLen

Exports

Exports

?Dll_GetLogFileName@@YAHPAGH@Z
?Dll_GetLogLevel@@YAKXZ
?Dll_GetLogTos@@YAKXZ
?Dll_SetLogOutput@@YAXKKPBG@Z

Sections

.text
Size: 472KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OutputL
Size: 4KB - Virtual size: 889B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

221e374d12d558ae8ab019b233a04c87

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

advapi32

shell32

setupapi

version

mpr

ws2_32

rpcrt4

ole32

oleaut32

Exports

Exports

Sections

.text Size: 472KB - Virtual size: 469KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 28KB - Virtual size: 38KB

.idata Size: 12KB - Virtual size: 11KB

.OutputL Size: 4KB - Virtual size: 889B

.rsrc Size: 9.9MB - Virtual size: 9.9MB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 472KB - Virtual size: 469KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 28KB - Virtual size: 38KB

.idata
Size: 12KB - Virtual size: 11KB

.OutputL
Size: 4KB - Virtual size: 889B

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

.reloc
Size: 28KB - Virtual size: 26KB