f2a0f00d741861fa41daacc4c9beb79a988cb668fe9e8a6dafdbe97c32c28056

Sharing

Copy URL

Twitter E-mail

General

Target

f2a0f00d741861fa41daacc4c9beb79a988cb668fe9e8a6dafdbe97c32c28056
Size

116KB
MD5

6cd3af11e2e7b29a7faed44e76f07902
SHA1

fab4a73ee89e412383531ed907a81c731df02cad
SHA256

f2a0f00d741861fa41daacc4c9beb79a988cb668fe9e8a6dafdbe97c32c28056
SHA512

a59dc01a702bd4b7ed8269d038c8fbde284c8aeeb611adf99ff7519c6a8d5431cda04804a23a8490c76e4bfa06234f705b72d8c9c20f9ad864d6b0a13b23c0bd
SSDEEP

1536:sSxiPZiH4kl7vFsR0KQcZHCKJwZDA7HvH8+6FxTbBiBCiBdiBfiBfenfBzvKlyAk:J4k9FynUoE+YxTlChUKfmlSyAFwTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2a0f00d741861fa41daacc4c9beb79a988cb668fe9e8a6dafdbe97c32c28056

Files

f2a0f00d741861fa41daacc4c9beb79a988cb668fe9e8a6dafdbe97c32c28056
.exe windows:4 windows x86 arch:x86

ae78984139554755bfdc1132515f5f57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

s7aaapix

AUTGetLongAttribute
AUTRegisterApp
AUTGetName
AUTSetLongAttribute
AUTGetTypeName
AUTGetObjectType
AUTObjectArraySize
AUTTypeArrayGetAt
AUTTypeArraySize
AUTObjectArrayCreate
AUTGetObjectID
AUTTypeArrayCreate
AUTLogError
AUTReleaseTraceEntry
AUTDeleteTraceEntry
AUTGetNumberOfTraceEntries
AUTGetTraceErrorID
AUTGetTraceServiceNumber
AUTGetLastTraceEntry
AUTGetActiveTraceBuffer
AUTGetErrorTitle
AUTOpenObjectSet
AUTGetCurrentObjectSet
AUTSetCurrentObjectSet
AUTOSCloseObjectSet
AUTOSSaveObjectSet
AUTSuppressFlushDelayed
AUTGetStringAttribute
AUTEnterObjectSet
AUTGetObject
AUTGetLastVisibleTraceEntry
AUTActivateOM
AUTGetObjectSetMode
AUTGetObjectsObjectSet
AUTSymbolicNameFromTypeID
AUTObjectArrayRemoveAll
AUTGetLinkedObjects
AUTIsDerived
AUTOSDumpOSet
AUTSetActiveTraceBuffer
AUTGetErrMode
AUTSetErrMode
AUTCreateTraceBuffer
AUTDeleteTraceBuffer
AUTDisplayTraceEntries
AUTGetActWnd
AUTFlushDelayedError
AUTIsTraceMsgDelayed
AUTGetVisibleTraceEntries
AUTResetTraceBuffer
AUTGetTraceServiceID
AUTGetCopiedObject
AUTGetEnvObject
AUTDoTypeVerb
AUTObjectArrayGetAt
AUTGetTypeInfos
AUTGetObjectArray
AUTTypeArrayRemoveAll
AUTTypeArrayDelete
AUTObjectArrayDelete
AUTUnregisterApp
AUTGetPath

s7abstrx

?Empty@CBstr@@QAEXXZ
??1CBstr@@QAE@XZ
?Compare@CBstr@@QBEHPBD@Z
??0CBstr@@QAE@PBD@Z
??BCBstr@@QBEPBDXZ
??4CBstr@@QAEABV0@PBD@Z
?IsEmpty@CBstr@@QBEHXZ
??BCBstr@@QBEPAPAGXZ
??0CBstr@@QAE@XZ
?Format@CBstr@@QAAXPBDZZ

s7aprexx

AUTOpenEnvironment

s7aregsx

_S7RegCreateKeyEx@36
_S7RegEnumValue@32
_S7RegEnumKeyEx@32
_S7RegDeleteKey@8
_S7RegQueryValueEx@24
_S7RegOpenKeyEx@20
_S7RegQueryInfoKey@48
_S7RegCloseKey@4
_S7RegSetValueEx@24

s7adbcsx

?ByteType@@YA?AW4DBCS_ByteType@@PBDI@Z

mfc42

ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord3435
ord5856
ord1564
ord668
ord1567
ord665
ord1979
ord353
ord2818
ord268
ord1980
ord858
ord3185
ord2781
ord800
ord2770
ord924
ord356
ord3790
ord941
ord2614
ord540
ord798
ord1997
ord2808
ord6407
ord532
ord939
ord860
ord5265
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord825
ord641
ord940
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord815
ord2652
ord1669
ord1168
ord2621
ord1205
ord537
ord2763
ord1946
ord3401
ord561
ord3953
ord2725
ord2864
ord4674
ord4083
ord5572
ord2915
ord923
ord699
ord802
ord397
ord542
ord5593
ord3438
ord5601
ord823
ord2765
ord1085
ord912
ord4188
ord4277
ord4129
ord5683
ord5631
ord5303
ord2726
ord4699
ord5715
ord3353
ord565
ord1948
ord817
ord3954
ord324
ord4160
ord2514
ord2302
ord4234
ord6215
ord2642
ord3874
ord6199
ord3092
ord2645
ord6467
ord4710
ord1106
ord6197
ord6380
ord4376
ord3663
ord1193
ord1151
ord1871
ord6571
ord5460
ord341
ord654
ord879
ord882
ord6140
ord5858
ord2801
ord2740
ord5590
ord1576
ord998
ord909
ord696
ord773
ord501
ord394
ord715
ord5450
ord6394
ord2841
ord2107
ord2826
ord1175
ord1884
ord1807
ord1814
ord1913
ord1869
ord1789
ord1835
ord1861
ord1833
ord2917
ord2803
ord958
ord6312
ord4177
ord6385
ord5442
ord3318
ord6010
ord5773
ord2601
ord5186
ord3180
ord3183
ord3176
ord3507
ord354
ord4202
ord5583
ord6153
ord6569
ord415
ord5597
ord5681
ord5605
ord1081
ord795
ord765
ord3721
ord6055
ord1776
ord5290
ord3402
ord3698
ord567
ord5710

msvcrt

_onexit
_setmbcp
strtoul
__CxxFrameHandler
_EH_prolog
_findclose
_findnext
strcmp
_findfirst
_strdup
free
_mbsicmp
strlen
_mbscmp
memset
_ismbcdigit
_mbsicoll
atoi
strtok
strcpy
_rmdir
_close
_open
remove
_errno
_access
toupper
_ismbcspace
iscntrl
_ismbclower
_ismbcalnum
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

SetCurrentDirectoryA
WaitForSingleObject
InitializeCriticalSection
ResumeThread
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
SetErrorMode
FreeLibrary
GetProcAddress
FormatMessageA
GetLastError
CopyFileA
MoveFileA
CreateDirectoryExA
GetVersionExA
GetStartupInfoA
GetModuleHandleA
LocalAlloc
LocalFree
CreateDirectoryA
GetCurrentDirectoryA
CreateFileA
SetFileTime
CloseHandle

user32

IsWindow
RedrawWindow
SetWindowTextA
SetForegroundWindow
GetDlgItem
PostMessageA
SendMessageA
SetTimer
GetCursor
KillTimer
SetCursor
GetActiveWindow
RegisterWindowMessageA
EnableWindow

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae78984139554755bfdc1132515f5f57

Headers

File Characteristics

Imports

s7aaapix

s7abstrx

s7aprexx

s7aregsx

s7adbcsx

mfc42

msvcrt

kernel32

user32

ole32

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 36KB - Virtual size: 36KB