e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d

Sharing

Copy URL

Twitter E-mail

General

Target

e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d
Size

400KB
MD5

a3c00dcdf695da8d53b1a2dc4f381b53
SHA1

c6a443d1a952b191d2a744ee75495c53ef76abee
SHA256

e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d
SHA512

aa5124273c6af7aced53972afb69b111635f8f4c961ef3baa26bc83c98cf6f1381d1359f9516b6631389ad28e7397b8da522db15f9ae9a112900121baf8cfe52
SSDEEP

6144:Mxhea3V0aOm5fkQDD+tNul4ud6QjMIp048iJ0mNsar1Japwfrq8kriO:MxheyiaOzmwuWuVM48fdqJa+Gr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d

Files

e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d
.exe windows:4 windows x86 arch:x86

868aeae7e9a44f0ce487ab0cd2cab85d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5820
ord512
ord780
ord4609
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord3733
ord561
ord815
ord617
ord6211
ord6193
ord5297
ord5208
ord296
ord986
ord5910
ord411
ord656
ord2756
ord4197
ord5568
ord2910
ord2613
ord1131
ord1202
ord860
ord3605
ord3716
ord795
ord922
ord6868
ord2810
ord924
ord5116
ord4557
ord5086
ord1909
ord4249
ord3848
ord4951
ord4855
ord4820
ord3182
ord4944
ord2429
ord2163
ord5014
ord4511
ord4634
ord4910
ord4996
ord4488
ord4485
ord5015
ord3101
ord4599
ord4994
ord4410
ord4646
ord5084
ord5497
ord4622
ord4651
ord5748
ord4150
ord2986
ord3412
ord5019
ord3510
ord6341
ord5623
ord1003
ord3444
ord3783
ord3246
ord4691
ord3055
ord3061
ord6332
ord2502
ord2534
ord5241
ord1740
ord5573
ord3167
ord5650
ord4417
ord4950
ord2395
ord4381
ord3449
ord3193
ord6028
ord4088
ord6078
ord6173
ord3256
ord3275
ord4617
ord4424
ord514
ord748
ord4819
ord5823
ord5738
ord4608
ord4607
ord1910
ord4256
ord2396
ord5337
ord2959
ord4876
ord6377
ord4894
ord5056
ord4933
ord4935
ord4624
ord4583
ord4581
ord4892
ord4363
ord4526
ord5070
ord4335
ord4343
ord4882
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4102
ord5236
ord3743
ord3277
ord4426
ord5824
ord515
ord813
ord640
ord654
ord3621
ord3658
ord2406
ord609
ord693
ord5253
ord541
ord801
ord6878
ord4279
ord6191
ord3865
ord6871
ord4219
ord3087
ord2004
ord2859
ord4158
ord6617
ord4716
ord6130
ord3867
ord3324
ord2527
ord5291
ord2239
ord323
ord2363
ord4498
ord536
ord2755
ord6196
ord6218
ord4126
ord4125
ord6655
ord6874
ord5604
ord3758
ord4272
ord1719
ord2078
ord3490
ord4730
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord3614
ord5933
ord1634
ord925
ord2505
ord293
ord6597
ord1137
ord2447
ord2858
ord3759
ord2518
ord469
ord3766
ord755
ord470
ord6278
ord6279
ord4124
ord5679
ord859
ord927
ord2855
ord2442
ord5783
ord4155
ord5871
ord6168
ord283
ord1633
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord2637
ord809
ord2606
ord556
ord1088
ord2114
ord3792
ord4270
ord2746
ord6354
ord2854
ord1197
ord2567
ord4390
ord6051
ord2574
ord4396
ord3365
ord3635
ord6896
ord3993
ord3991
ord3297
ord3281
ord6688
ord4198
ord941
ord5047
ord3864
ord2119
ord4462
ord3345
ord975
ord2875
ord2375
ord4422
ord807
ord796
ord554
ord529
ord5881
ord5996
ord2109
ord2486
ord6205
ord4616
ord5867
ord2619
ord5251
ord4718
ord5280
ord2914
ord4431
ord6640
ord6150
ord2522
ord4358
ord4051
ord5467
ord4116
ord2381
ord5230
ord6365
ord5275
ord5244
ord2436
ord2235
ord4282
ord2081
ord2822
ord5647
ord3122
ord3611
ord798
ord2385
ord2800
ord1989
ord6403
ord5461
ord5188
ord350
ord533
ord700
ord398
ord5590
ord5706
ord6921
ord6219
ord913
ord6865
ord4184
ord3434
ord5446
ord6390
ord5436
ord6379
ord3703
ord781
ord3290
ord4360
ord5080
ord1703
ord1708
ord5058
ord3390
ord3725
ord3688
ord4128
ord4292
ord5784
ord3566
ord2397
ord2745
ord5781
ord5880
ord2916
ord2857
ord3737
ord686
ord818
ord384
ord4211
ord6190
ord2088
ord2455
ord2111
ord6238
ord4078
ord1851
ord1996
ord4294
ord2879
ord1172
ord2144
ord4768
ord4532
ord5857
ord4490
ord6023
ord2836
ord2440
ord5830
ord2099
ord2036
ord402
ord4241
ord2383
ord4769
ord6611
ord4451
ord3084
ord4148
ord4495
ord5848
ord6853
ord6585
ord6586
ord6922
ord6851
ord6741
ord6487
ord620
ord6793
ord2673
ord4263
ord2918
ord1130
ord2559
ord1795
ord4225
ord4448
ord1856
ord3696
ord772
ord500
ord5147
ord816
ord2706
ord4018
ord2561
ord562
ord6456
ord2759
ord5856
ord6138
ord5097
ord5469
ord4146
ord5278
ord1717
ord5252
ord407
ord706
ord645
ord4242
ord2080
ord2143
ord6408
ord5480
ord4809
ord4810
ord5024
ord1701
ord4652
ord2579
ord3389
ord4400
ord3724
ord804
ord4262
ord3915
ord2400
ord6174
ord2550
ord2915
ord2917
ord4753
ord1930
ord3577
ord1941
ord2070
ord2072
ord5745
ord4694
ord1704
ord1709
ord613
ord289
ord4867
ord912
ord397
ord4183
ord1811
ord4231
ord616
ord2108

msvcrt

__CxxFrameHandler
_wtoi
malloc
wcscmp
time
strcpy
_wcsicmp
memset
memcpy
memmove
_ftol
_wcsicoll
localtime
mktime
wcsftime
wcslen
wcsrchr
wcscat
_except_handler3
_CxxThrowException
wcsncpy
fclose
_wfopen
strtol
toupper
wcscpy
fread
exit
putc
getc
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
wcsstr

kernel32

OutputDebugStringW
GetModuleHandleA
Beep
FindFirstFileW
FindNextFileW
FindClose
ExpandEnvironmentStringsW
GetLogicalDrives
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDateFormatW
GetTimeFormatW
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetFullPathNameW
WaitForMultipleObjects
PeekNamedPipe
MultiByteToWideChar
CreateProcessW
GetCurrentThreadId
SetEvent
WaitForSingleObject
TerminateThread
CreatePipe
DuplicateHandle
CreateEventW
CreateThread
SetLastError
GetCurrentProcess
GetLogicalDriveStringsW
GetDriveTypeW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
CopyFileW
GetLocalTime
GetModuleHandleW
GetTimeZoneInformation
GetSystemDirectoryW
GetLastError
GetSystemDefaultLangID
lstrcpynW
WinExec
lstrcpyW
GetWindowsDirectoryW
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalFree
GlobalAlloc
ReadFile
GlobalLock
GlobalUnlock
WriteFile
GetTempPathW
CreateFileW
CloseHandle
WideCharToMultiByte
Sleep
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcmpiW
lstrcmpW
GetUserDefaultLangID
GetVersionExW
lstrcatW
GetModuleFileNameW
lstrlenW
GetStartupInfoW

user32

OffsetRect
GetCursorPos
GetSysColorBrush
GetClassLongW
BringWindowToTop
GetClassInfoExW
GetClassNameW
EnableMenuItem
CheckMenuItem
SetRectEmpty
MapDialogRect
GetActiveWindow
SetPropW
PostQuitMessage
DeferWindowPos
CallWindowProcW
CreateWindowExW
SetMenuItemInfoW
DestroyMenu
wsprintfW
ShowWindow
GetParent
EnableWindow
LoadIconW
SendMessageW
GetDlgItem
SetWindowTextW
EndDeferWindowPos
PostMessageW
LoadMenuW
EndDialog
DialogBoxParamW
LoadImageW
MessageBoxW
GetMenuStringW
SetWindowPlacement
GetSystemMenu
InsertMenuW
GetWindowPlacement
TrackPopupMenu
SetMenu
GetSubMenu
GetWindowTextW
LoadCursorW
CopyIcon
InflateRect
IsWindow
SetCursor
GetMessagePos
ScreenToClient
PtInRect
InvalidateRect
SetTimer
MessageBeep
SetWindowLongW
GetClientRect
KillTimer
GetDC
ReleaseDC
GrayStringW
SystemParametersInfoW
UpdateWindow
DrawTextW
TabbedTextOutW
DrawFocusRect
FillRect
GetMenuItemCount
DeleteMenu
RemoveMenu
GetKeyState
GetSystemMetrics
CreatePopupMenu
MapWindowPoints
TrackPopupMenuEx
IsZoomed
GetMenu
CallNextHookEx
GetMenuItemInfoW
SetWindowsHookExW
UnhookWindowsHookEx
LoadBitmapW
GetWindow
GetWindowLongW
IsWindowVisible
RedrawWindow
IsMenu
BeginDeferWindowPos
ClientToScreen
AppendMenuW
GetFocus
CopyRect
SetParent
GetWindowRect
SetWindowPos
GetSysColor
RegisterWindowMessageW
EnumWindows
SendMessageTimeoutW

gdi32

CreateDIBSection
CreateFontIndirectW
CreatePen
CreateBitmap
GetDeviceCaps
GetBitmapDimensionEx
ExtCreatePen
GetCurrentObject
SetPixel
CreateSolidBrush
SetBkMode
SetTextColor
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
Escape
ExtTextOutW
RectVisible
PtVisible
CreateICW
GetTextExtentPoint32W
GetBkColor
GetTextColor
TextOutW
Rectangle
GetPaletteEntries
GetObjectW
GetStockObject

comdlg32

GetOpenFileNameW

advapi32

RegQueryValueW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyW
RegCloseKey

shell32

SHGetDesktopFolder
ord190
ord18
ord17
ord16
ord155
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Create
ImageList_Replace
ImageList_GetBkColor
ImageList_Draw
ImageList_AddMasked

ole32

CoCreateInstance
OleInitialize
CoInitialize
CreateStreamOnHGlobal

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

868aeae7e9a44f0ce487ab0cd2cab85d

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

msvcp60

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 108KB - Virtual size: 181KB

.rsrc Size: 68KB - Virtual size: 64KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 108KB - Virtual size: 181KB

.rsrc
Size: 68KB - Virtual size: 64KB