090da9d38a932d54b82fd389b194974fb2fe7d7d6dceb365d26dca19f4754875

Sharing

Copy URL Twitter E-mail

General

Target

090da9d38a932d54b82fd389b194974fb2fe7d7d6dceb365d26dca19f4754875
Size

7.3MB
MD5

f93452dde430e51214b9cf700ad5c0a2
SHA1

47b782c12f3871dd38c5bf11a366c24a2c8a153e
SHA256

090da9d38a932d54b82fd389b194974fb2fe7d7d6dceb365d26dca19f4754875
SHA512

b25d5eb0d1d72cb9f01a75926cd9a0a5b6ad6e592f513f29ddf88889577faa1c29ac25b50a3eb59d7d6728e041ea64121648be6860b747e4844503c3586f18e4
SSDEEP

98304:ZlVf+fcUm4Q/ewo2cC9+3XbWNkLYEvMl2wovRbckzruxdu14yb3QT:GcUeWLW9QbvLYEcxopJOnu14

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
090da9d38a932d54b82fd389b194974fb2fe7d7d6dceb365d26dca19f4754875

Files

090da9d38a932d54b82fd389b194974fb2fe7d7d6dceb365d26dca19f4754875
.dll windows:5 windows x86 arch:x86

c3d99143a7fff3110c31c3df4a9f0a85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
Thread32First
OpenThread
ResumeThread
Thread32Next
GetCurrentProcessId
GetCurrentProcess
SetProcessWorkingSetSize
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForMultipleObjects
WinExec
GetWindowsDirectoryA
CopyFileA
CreateMutexA
GetModuleFileNameA
CreateProcessA
ReadProcessMemory
GetLastError
CreateFileMappingA
MapViewOfFile
SetFileAttributesA
TerminateProcess
GetFullPathNameA
WriteProcessMemory
DeviceIoControl
GetCurrentThreadId
VirtualQuery
HeapFree
GetProcessHeap
HeapAlloc
VirtualProtect
SetUnhandledExceptionFilter
SetLastError
SuspendThread
GetThreadContext
TryEnterCriticalSection
GetSystemInfo
VirtualQueryEx
InterlockedCompareExchange
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedExchange
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
GetTickCount
GetLocalTime
DeleteFileA
GetFileSize
GetCurrentThread
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
LoadLibraryA
GetProcAddress
TerminateThread
OpenProcess
Sleep
CreateThread
ReadFile
CloseHandle
WriteFile
CreateFileA

user32

GetClassNameA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
EnumWindows
GetCursorPos
WindowFromPoint
GetForegroundWindow
wsprintfA
MessageBoxA
GetWindowTextLengthW
IsWindowVisible
BlockInput
EndPaint
DestroyWindow
RegisterClassExA
GetClientRect
BeginPaint
SetWindowLongA
UnregisterClassA
GetWindowLongA
CreateWindowExA
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadImageA
UpdateWindow
LoadCursorA
GetWindowTextW
GetDC
ReleaseDC
GetMonitorInfoA
EnumDisplayMonitors

gdi32

GetObjectA
GetStockObject
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

msvcp100

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Xfunc@tr1@std@@YAXXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdiplusShutdown

ws2_32

htons
inet_addr
socket
WSAGetLastError
closesocket
WSAStartup
WSACloseEvent
recv
send
WSACleanup
connect

psapi

GetModuleInformation
GetModuleFileNameExA
EnumProcessModules

msvcr100

fputc
_mkdir
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
memset
memcpy
_strdup
strcat_s
_stricmp
asctime
_localtime64
_purecall
toupper
_time64
strcpy_s
rand
remove
vsprintf_s
_vscprintf
strstr
free
malloc
fopen_s
fread
isalnum
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
fclose
memchr
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
memcpy_s
fgetc
ungetc
fwrite
_CxxThrowException
_unlock_file
_lock_file
sprintf
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
memmove
??_V@YAXPAX@Z
??3@YAXPAX@Z

iphlpapi

GetAdaptersInfo

wininet

FtpGetFileA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
FtpPutFileA
FtpCreateDirectoryA
InternetOpenA
InternetConnectA

Exports

Exports

EntryProc

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.^u/
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3d99143a7fff3110c31c3df4a9f0a85

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp100

gdiplus

ws2_32

psapi

msvcr100

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 1.1MB - Virtual size: 1.2MB

.^u/ Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 14KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 1.1MB - Virtual size: 1.2MB

.^u/
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB