89a8854e1b1783038c082834805150f93c33148e8801c294c335dda16f8229fc

Sharing

Copy URL Twitter E-mail

General

Target

89a8854e1b1783038c082834805150f93c33148e8801c294c335dda16f8229fc
Size

211KB
MD5

0ae000547cec37d1d19bcebbc2948f08
SHA1

318f9917901e1c88a191a7746dd4337166e84608
SHA256

89a8854e1b1783038c082834805150f93c33148e8801c294c335dda16f8229fc
SHA512

3abe93e6a253b37a49226d844a9e5500a09477c71a3156d77b3c77ad50d8bacd8db0d8f0f412efd3837f0b249952155b73593da2dfb11b7fd6c3b3cbd8c46363
SSDEEP

3072:26hereXej8QeehXb+FeJeLXk+s47MLnmdX+xpTa261ujuh:26IKOVBx+kQjvMLn6uPTQX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89a8854e1b1783038c082834805150f93c33148e8801c294c335dda16f8229fc

Files

89a8854e1b1783038c082834805150f93c33148e8801c294c335dda16f8229fc
.dll windows:4 windows x86 arch:x86

e16145874c00ce3550e5fe12f3254605

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3626
ord3663
ord2414
ord4275
ord860
ord2864
ord5981
ord2379
ord755
ord2915
ord2818
ord2859
ord470
ord665
ord1979
ord5442
ord3318
ord353
ord3693
ord4133
ord4297
ord5788
ord1641
ord472
ord2567
ord3619
ord5875
ord5787
ord2860
ord283
ord6170
ord1601
ord858
ord4129
ord5683
ord5572
ord2919
ord640
ord2405
ord2753
ord5785
ord1640
ord323
ord4220
ord2584
ord3654
ord540
ord2438
ord2078
ord6172
ord4299
ord6270
ord2863
ord1575
ord2642
ord1644
ord1146
ord4274
ord825
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord3573
ord6215
ord4287
ord4284
ord6880
ord1168
ord2575
ord3402
ord4396
ord3574
ord609
ord556
ord809
ord2754
ord3874
ord6358
ord1088
ord2122
ord1116
ord1176
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord567
ord823
ord537
ord6467
ord2124
ord818
ord800
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord3571
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord6375

msvcrt

_strlwr
sscanf
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
_iob
fputs
??0exception@@QAE@ABV0@@Z
memset
__CxxFrameHandler
_ftol
strcpy
strlen
_purecall
abs
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
fseek
fread
fopen
fwrite
fclose
strchr
sin
cos
atan2
sqrt
strcmp
memcpy
pow
_except_handler3
?terminate@@YAXXZ
sprintf

kernel32

GetModuleHandleA
OutputDebugStringA
GetLastError
GlobalLock
GlobalAlloc
MultiByteToWideChar
GetModuleFileNameA
MulDiv
GetCommandLineA
LocalFree
LocalAlloc
GetCurrentThreadId
GlobalUnlock

user32

GetCapture
WindowFromPoint
DrawEdge
GetParent
DestroyCursor
GetSysColor
InflateRect
PostMessageA
LoadCursorA
SetCursor
IsWindow
SendMessageA
CallNextHookEx
SetWindowsHookExA
FindWindowA
ShowWindow
SetFocus
GetDesktopWindow
SetWindowPos
MoveWindow
CopyRect
BeginDeferWindowPos
EndDeferWindowPos
UnhookWindowsHookEx
AppendMenuA
LoadMenuA
GetSubMenu
ClientToScreen
LoadImageA
SetParent
CreatePopupMenu
GetCursorPos
GetMenuState
LoadBitmapA
DeferWindowPos
InvalidateRect
SetCapture
GetWindowRect
GetFocus
ReleaseCapture
ScreenToClient
DrawTextA
ReleaseDC
FillRect
GetClientRect
GetDC
EnableWindow
DrawFocusRect
CheckMenuItem

gdi32

SetBkMode
CreateFontIndirectA
BitBlt
CreateCompatibleDC
GetObjectA
SelectObject
CreateSolidBrush
CreatePen
SetTextColor
CreateFontA
Rectangle
GetStockObject
Ellipse
GetTextExtentPoint32A
GetPixel
TextOutW
TextOutA
ExtCreatePen
DeleteObject
StretchBlt
GetTextMetricsA
ExtTextOutA
CreateICA
CreateDIBSection
DeleteDC
GetDeviceCaps
CreateCompatibleBitmap

comctl32

_TrackMouseEvent

ole32

CreateStreamOnHGlobal

olepro32

ord251

oleaut32

SysFreeString
SysStringLen

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipFree
GdipLoadImageFromFile
GdipDrawImageRectI
GdipDisposeImage
GdipFillPolygonI
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateFromHDC

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7runtime_error@std@@6B@
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

winmm

timeGetTime

Exports

Exports

CreateVideoWindow
ReleaseVideoWindow

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e16145874c00ce3550e5fe12f3254605

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

ole32

olepro32

oleaut32

gdiplus

msvcp60

winmm

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 774KB

.rsrc Size: 76KB - Virtual size: 74KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 774KB

.rsrc
Size: 76KB - Virtual size: 74KB

.reloc
Size: 12KB - Virtual size: 10KB