5294b91847a1e5b9e3e52c5bf40d2035dd938b47d911962bc17608f4514539a1

Sharing

Copy URL Twitter E-mail

General

Target

5294b91847a1e5b9e3e52c5bf40d2035dd938b47d911962bc17608f4514539a1
Size

328KB
MD5

86e0f5e754ba501b4fbbde72e5dacb95
SHA1

6849155ad2251146dee84e03e622a45a6ed903f0
SHA256

5294b91847a1e5b9e3e52c5bf40d2035dd938b47d911962bc17608f4514539a1
SHA512

a2eb1e4ee5d2947940bb5647bd66720831f11e5ef68d13aa04a1aad9a50be3c0599e384b3914b1da20849d2ba86067be91f0aa0553717f1845ee15cc2f267398
SSDEEP

3072:lu0tkwQklPCblomOIIY/CDzSBOZs+/VzFaddDddp9oH5VQ/077zAGK4hXUAds3:lu0tvQeP0jVl/wzSydId95/FG+Ad

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5294b91847a1e5b9e3e52c5bf40d2035dd938b47d911962bc17608f4514539a1

Files

5294b91847a1e5b9e3e52c5bf40d2035dd938b47d911962bc17608f4514539a1
.exe windows:4 windows x86 arch:x86

2f6e709b14e644a6cb2db38a7e0a1a23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ccdiagnosis

ord1

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

mfc42

ord922
ord537
ord539
ord6467
ord858
ord861
ord941
ord4129
ord2763
ord860
ord1158
ord4160
ord535
ord924
ord2614
ord1168
ord2817
ord2915
ord1147
ord5572
ord4202
ord1979
ord6385
ord665
ord4204
ord2764
ord540
ord2818
ord1601
ord800
ord823
ord825
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord2393
ord6883
ord541
ord801
ord859
ord2919
ord940
ord5710
ord3318
ord5442
ord5683
ord3663
ord3613
ord3126
ord350
ord3616
ord3127
ord5651
ord354
ord5186
ord1577
ord1116
ord1176
ord1575
ord939

msvcrt

_mbsicoll
_mbscmp
remove
wcsncpy
wcscpy
wcscmp
memset
_mbsicmp
wcslen
__CxxFrameHandler
_splitpath
memcpy
memcmp
wcschr
_vsnprintf
_snwprintf
_mbsnbcpy
_purecall
_beginthreadex
_snprintf
swscanf
sprintf
isprint
_except_handler3
free
malloc
?terminate@@YAXXZ
__dllonexit
_onexit
_controlfp
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_CxxThrowException

kernel32

RaiseException
InterlockedExchange
GetStartupInfoA
SearchPathA
GetTempPathA
GetTempFileNameA
CopyFileA
ReadFile
SetEndOfFile
LocalAlloc
GetDateFormatA
GetTimeFormatA
WriteFile
CreateFileA
SetFilePointer
FlushFileBuffers
SetLastError
GetFileSize
DeleteFileA
GetVersionExA
GetDiskFreeSpaceExA
FormatMessageA
LocalFree
GetLocalTime
GetTickCount
ResetEvent
GetCurrentProcessId
lstrcatA
lstrcpyA
GetModuleHandleA
GetShortPathNameA
lstrcpynA
GetCommandLineA
lstrcmpiA
DuplicateHandle
CreateEventW
OpenEventW
CreateEventA
CreateThread
GetModuleFileNameA
GetCurrentProcess
FlushInstructionCache
lstrlenA
MultiByteToWideChar
GetLastError
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
SetEvent
OpenEventA
WaitForSingleObject
CloseHandle
GetComputerNameA
GetProcAddress
Sleep
FindFirstFileA
FindClose
GetLocaleInfoA
OutputDebugStringA
lstrlenW
FreeLibrary
LoadLibraryA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection

user32

GetActiveWindow
DialogBoxParamA
SetWindowLongA
CharNextA
GetMessageA
LoadStringA
MessageBoxA
wvsprintfA
SetTimer
PeekMessageA
TranslateMessage
GetWindowRect
DispatchMessageA
GetParent
EnableWindow
SetFocus
GetWindowLongA
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetParent
EndDialog
WinHelpA
SetWindowTextA
FindWindowA
KillTimer
GetWindowTextLengthA
GetWindowTextA
wsprintfA
PostThreadMessageA
DefWindowProcA
CallWindowProcA
GetWindow
GetDlgCtrlID

advapi32

RegConnectRegistryA
RegOpenKeyExA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetTokenInformation
GetLengthSid
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegNotifyChangeKeyValue
RegFlushKey
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
SetTokenInformation
RegEnumKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
StartServiceCtrlDispatcherA
ControlService
DeleteService
CreateServiceA
RegOpenKeyExW
RegQueryValueExW
SetServiceStatus

ole32

CoCreateInstance
WriteClassStm
OleSaveToStream
OleLoadFromStream
CLSIDFromProgID
CLSIDFromString
OleRun
CoUninitialize
CoSuspendClassObjects
CoInitialize
CoDisconnectObject
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoGetMalloc
StringFromIID
ProgIDFromCLSID
CoInitializeSecurity
StringFromCLSID
CoTaskMemFree
CreateBindCtx
MkParseDisplayName

oleaut32

LoadRegTypeLi
SetErrorInfo
GetErrorInfo
SafeArrayGetElement
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
VariantCopy
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysFreeString
SafeArrayCreate
SafeArrayAccessData
SysAllocString
SafeArrayUnaccessData
VariantClear
VariantChangeType
VariantInit

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ

shlwapi

PathIsRelativeA
StrNCatA
PathFileExistsA
PathAddBackslashA
SHDeleteKeyA
PathFindFileNameA
PathFindExtensionA

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f6e709b14e644a6cb2db38a7e0a1a23

Headers

File Characteristics

Imports

ccdiagnosis

rpcrt4

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

shlwapi

imagehlp

Sections

.text Size: 232KB - Virtual size: 232KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 232KB - Virtual size: 232KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 40KB - Virtual size: 40KB