c018bc4873c841b3b1e78429ba30ff894172e8f132c4c5d8787c99089ca67b1c

Sharing

Copy URL

Twitter E-mail

General

Target

c018bc4873c841b3b1e78429ba30ff894172e8f132c4c5d8787c99089ca67b1c
Size

780KB
MD5

b7345b89cddd46d295465e765e1bac63
SHA1

63c33998b05bf7c94f98500f22df73dc7746917c
SHA256

c018bc4873c841b3b1e78429ba30ff894172e8f132c4c5d8787c99089ca67b1c
SHA512

05e6b3528a2dab4433ed876953753bd1b16bc86aab8a3ba068e12f59a06ada3fb243a8e527d5d672d7864d28d276ac30ec65e7dfe3fbd40c5e376913a88b27e5
SSDEEP

12288:HD2l3PGEKc892yjH/MTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:ji/GEKc8oyj0SkQ/7Gb8NLEbeZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c018bc4873c841b3b1e78429ba30ff894172e8f132c4c5d8787c99089ca67b1c

Files

c018bc4873c841b3b1e78429ba30ff894172e8f132c4c5d8787c99089ca67b1c
.exe .vbs windows:10 windows x86 arch:x86 polyglot

2ceab251fffea7911527ba2b3a62f088

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

graphedt.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegNotifyChangeKeyValue
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegEnumValueA
RegOpenKeyA

kernel32

LocalSize
Sleep
GetModuleFileNameA
GetCurrentProcessId
LocalUnlock
GetThreadLocale
CloseHandle
SetFilePointer
LoadLibraryA
GetProcAddress
WideCharToMultiByte
WaitForMultipleObjects
lstrcmpiA
WriteFile
CreateFileA
MultiByteToWideChar
lstrlenA
FreeLibrary
GetCurrentThreadId
CreateThread
LocalAlloc
LocalLock
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
CreateEventA
WaitForSingleObject
SetEvent
GetLastError
LocalFree

gdi32

GetObjectA
SetStretchBltMode
StretchBlt
Pie
GetTextExtentPoint32A
CreateSolidBrush
CreatePen
CreateFontA
BitBlt
DPtoLP
PatBlt
GetDeviceCaps
CreateCompatibleDC

user32

InflateRect
ReleaseDC
GetDC
PtInRect
IntersectRect
DrawFocusRect
ScreenToClient
GetCursorPos
EnableMenuItem
LoadMenuA
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
RegisterClipboardFormatA
GetDoubleClickTime
EnableWindow
GetDlgItem
OffsetRect
UnionRect
GetDesktopWindow
KillTimer
SetTimer
MessageBoxA
CallWindowProcA
SetRect
GetSubMenu
CheckMenuItem
GetMenu
GetMonitorInfoA
TranslateMessage
LoadCursorA
SetWindowLongA
GetWindowLongA
FillRect
ShowCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
SetDlgItemTextA
SetRectEmpty
LoadBitmapA
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
SetFocus
UpdateWindow
SetForegroundWindow
LoadIconA
DispatchMessageA
IsDlgButtonChecked
GetMenuItemCount
AppendMenuA
RemoveMenu
MapDialogRect
WinHelpA
MessageBeep
PeekMessageA
SendMessageA
SystemParametersInfoA
MonitorFromRect
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
WaitMessage
PostMessageA

mfc42

ord1576
ord4275
ord2645
ord4398
ord616
ord2411
ord2023
ord4218
ord2578
ord3582
ord3873
ord2825
ord926
ord922
ord4258
ord5287
ord4835
ord768
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord491
ord3699
ord6453
ord2919
ord4259
ord4431
ord2054
ord4715
ord4439
ord1690
ord5288
ord771
ord5637
ord1008
ord2882
ord3475
ord2109
ord497
ord3700
ord4396
ord609
ord2575
ord2078
ord3574
ord1871
ord4235
ord4242
ord1842
ord1087
ord2122
ord540
ord4160
ord800
ord3663
ord5440
ord6383
ord5450
ord6394
ord1168
ord2107
ord2841
ord2393
ord2514
ord1199
ord6329
ord1175
ord2863
ord1669
ord2652
ord6197
ord3870
ord537
ord858
ord939
ord641
ord6175
ord1200
ord355
ord2515
ord3499
ord535
ord539
ord860
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord338
ord6080
ord3198
ord3454
ord4387
ord4823
ord4420
ord5653
ord3172
ord5577
ord1746
ord5740
ord5243
ord652
ord2542
ord2510
ord6336
ord3065
ord3058
ord4696
ord4623
ord4426
ord1825
ord4238
ord4613
ord4614
ord2817
ord1567
ord268
ord3626
ord2414
ord3573
ord283
ord5787
ord4330
ord289
ord613
ord3654
ord2438
ord1644
ord6270
ord2584
ord4220
ord2864
ord5277
ord2124
ord2446
ord5065
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2379
ord2385
ord4407
ord1776
ord4078
ord4627
ord6055
ord2535
ord4108
ord4524
ord4526
ord4543
ord4545
ord4531
ord4723
ord4349
ord4341
ord4899
ord4589
ord3748
ord4432
ord5260
ord5240
ord4464
ord4508
ord517
ord6131
ord3755
ord3075
ord784
ord1725
ord4889
ord4960
ord4963
ord6454
ord1146
ord4042
ord439
ord5495
ord736
ord1920
ord6216
ord4262
ord5856
ord861
ord4203
ord6648
ord2763
ord2846
ord2859
ord1270
ord1641
ord3693
ord3619
ord3571
ord1640
ord323
ord5788
ord6119
ord2714
ord4297
ord4133
ord640
ord5785
ord6937
ord2302
ord4424
ord567
ord5261
ord1727
ord5981
ord3749
ord5241
ord3402
ord3597
ord324
ord4710
ord4998
ord4853
ord4376
ord5280
ord4425
ord1775
ord6052
ord5265
ord3639
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord692
ord4401
ord4234
ord5681
ord3092
ord6199
ord2642
ord4224
ord3138
ord4299
ord6215
ord326
ord2086
ord4610
ord4612
ord4615
ord3790
ord3337
ord4622
ord3353
ord5953
ord3361
ord5289
ord5307
ord4079
ord5300
ord3346
ord2396
ord3738
ord561
ord4159
ord2635
ord5943
ord5503
ord986
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord2725
ord5714
ord4698
ord5302
ord815
ord4161
ord3107
ord4214
ord2184
ord2185
ord3948
ord5730
ord2003
ord4695
ord6451
ord3715
ord520
ord788
ord989
ord5617
ord3194
ord3445
ord5940
ord1205
ord1219
ord4274
ord4055
ord2558
ord366
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord2627
ord1665
ord2649
ord5012
ord3350
ord4303
ord4467
ord674
ord4077
ord4427
ord5103
ord5100
ord3059
ord5282
ord2390
ord2723
ord5252
ord4436
ord5237
ord4457
ord4413
ord4724
ord1709
ord2626
ord2389
ord4121
ord5471
ord4056
ord2444
ord4364
ord5279
ord5248
ord5234
ord2530
ord6369
ord6154
ord529
ord2117
ord6000
ord6069
ord796
ord554
ord2120
ord4147
ord5883
ord807
ord3598
ord327
ord2087
ord642
ord1712
ord5082
ord6053
ord556

msvcrt

_initterm
_acmdln
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
_controlfp
_except_handler4_common
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_callnewh
__setusermatherr
malloc
_vsnwprintf
_itoa
rand
qsort
strstr
_stricmp
printf
memcpy
_ftol2
_ltow
_vsnprintf
_strnicmp
towupper
_ftol2_sse
_purecall
memset
__CxxFrameHandler3
_CxxThrowException
swscanf
_setmbcp

ole32

CoInitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
GetRunningObjectTable
CLSIDFromString
StringFromGUID2
CoCreateInstance
StgOpenStorage
StgCreateDocfile
CreateBindCtx
MkParseDisplayName
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit

comdlg32

CommDlgExtendedError
GetOpenFileNameA

comctl32

ord17
ImageList_Create
ImageList_ReplaceIcon

shell32

ShellExecuteA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

quartz

AMGetErrorTextA

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2ceab251fffea7911527ba2b3a62f088

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42

msvcrt

ole32

oleaut32

comdlg32

comctl32

shell32

version

quartz

Sections

.text Size: 146KB - Virtual size: 145KB

.data Size: 4KB - Virtual size: 24KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 146KB - Virtual size: 145KB

.data
Size: 4KB - Virtual size: 24KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 580KB - Virtual size: 584KB