d197185e3ecd3f61b13c5754e7a5ee0dea50ee21061ade7843c555f768bf6ae9

Sharing

Copy URL Twitter E-mail

General

Target

d197185e3ecd3f61b13c5754e7a5ee0dea50ee21061ade7843c555f768bf6ae9
Size

84KB
MD5

ae4ac321fadf2a6ec67efcd411283dff
SHA1

fdb6be541fd91bcc1b89207d7c72e3273757db9c
SHA256

d197185e3ecd3f61b13c5754e7a5ee0dea50ee21061ade7843c555f768bf6ae9
SHA512

0fe712761051c227c8f7c74d1b3784af46f8550bb4c57361ae8dadc0661cfc408e71b1b14d954bb1248fb9da0ebf6d11a4489f80eb337c47f328cbf0c3f3f8be
SSDEEP

1536:C7ho2xNHkJUn6EFtPMdN5MGw/hvKKDd0SkKiqYhLq:C7ho2xNEJUnXUfhQzd0SkK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d197185e3ecd3f61b13c5754e7a5ee0dea50ee21061ade7843c555f768bf6ae9

Files

d197185e3ecd3f61b13c5754e7a5ee0dea50ee21061ade7843c555f768bf6ae9
.exe windows:4 windows x86 arch:x86

91669cf165554ccdd5c7edd85baa7490

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3789
ord5442
ord4177
ord6312
ord958
ord2803
ord1979
ord2917
ord6010
ord5773
ord2601
ord5186
ord3180
ord3183
ord3176
ord3507
ord3614
ord354
ord665
ord5651
ord3127
ord3616
ord350
ord3663
ord2614
ord4204
ord4129
ord860
ord1158
ord941
ord939
ord539
ord540
ord5856
ord1200
ord2915
ord924
ord6385
ord535
ord537
ord825
ord823
ord6874
ord800
ord858
ord1601
ord5683
ord3318

msvcrt

strcat
memset
strcpy
strlen
__CxxFrameHandler
qsort
strncpy
??1type_info@@UAE@XZ
_itoa
__setusermatherr
sprintf
rand
_CxxThrowException
strcmp
atol
strstr
strchr
free
malloc
realloc
memcpy
memcmp
_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
strncmp

kernel32

CreateFileA
GetTickCount
CloseHandle
GetStartupInfoA
InterlockedIncrement
DeleteCriticalSection
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
GetCommandLineA
GetCurrentThreadId
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
lstrlenW
DeleteFileA
CreateDirectoryA
CopyFileA
Sleep
MultiByteToWideChar

user32

PostThreadMessageA
DispatchMessageA
CharNextA
GetMessageA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA

ole32

CoInitializeSecurity
CoUninitialize
CoSuspendClassObjects
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstanceEx
CoInitialize
CoRegisterClassObject
CoCreateInstance
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
SysAllocString
SysFreeString

mtcprotinas

?Open@CMTRegKey@@QAEHPAUHKEY__@@PBD@Z
?Close@CMTRegKey@@QAEXXZ
?GetStringValue@CMTRegKey@@QAEHAAVCString@@PBD@Z
??1CMTRegKey@@QAE@XZ

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91669cf165554ccdd5c7edd85baa7490

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

mtcprotinas

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 15KB