56e8bda812b5b219435595791ea96ac2f9031a4ed9d2ab2a13f7e0b2c87bb8a3

Sharing

Copy URL Twitter E-mail

General

Target

56e8bda812b5b219435595791ea96ac2f9031a4ed9d2ab2a13f7e0b2c87bb8a3
Size

300KB
MD5

9d692f7abae897a296137350fa84f5fd
SHA1

7017742e2cf4b7968c7326da5f2d30c80006fb44
SHA256

56e8bda812b5b219435595791ea96ac2f9031a4ed9d2ab2a13f7e0b2c87bb8a3
SHA512

e7206cee8aae6b7a1d396def3caef260a9e3afded41a48e8bbad46189f784fc37298689a00337bd69f811024de11f7d3855cc447e62a169cd170f71268a1fdfb
SSDEEP

6144:/0ZKGiepN3FYHGKL6zhEjQmlpNUnkTxaoTFUWu5L:sZKGi+lzhEjQmlDXOVd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56e8bda812b5b219435595791ea96ac2f9031a4ed9d2ab2a13f7e0b2c87bb8a3

Files

56e8bda812b5b219435595791ea96ac2f9031a4ed9d2ab2a13f7e0b2c87bb8a3
.exe windows:6 windows x86 arch:x86

c387ddc1fb4817b2f19a3dc49f10029c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Random_device@std@@YAIXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??Bios_base@std@@QBE_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ

gdiplus

GdipDeletePath
GdipDrawImageRectI
GdipAlloc
GdipCreateFont
GdipSetStringFormatAlign
GdiplusStartup
GdipDisposeImage
GdipDeleteFontFamily
GdipDeleteBrush
GdipGetImageHeight
GdipSetCompositingQuality
GdipCreatePath
GdipAddPathArcI
GdipCreateFontFamilyFromName
GdipCreateStringFormat
GdipCloneImage
GdipSetSmoothingMode
GdipBitmapUnlockBits
GdipBitmapSetPixel
GdipCreateSolidFill
GdipFillPath
GdipCloneBitmapAreaI
GdipClosePathFigure
GdipFree
GdipDrawPath
GdipDrawString
GdipBitmapSetResolution
GdipBitmapLockBits
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipCloneBrush
GdipFillRectangleI
GdipDeleteStringFormat
GdipDeleteFont
GdipGetImageWidth
GdipDeletePen
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipCreatePen1
GdipSetPixelOffsetMode

vcruntime140

memcpy
memmove
memchr
__CxxFrameHandler3
_except_handler4_common
memset
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

fread
_get_stream_buffer_pointers
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetwc
fgetc
__p__commode
ungetwc
fputwc
fclose
fflush
fputc
_set_fmode
_fseeki64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_mkdir

api-ms-win-crt-runtime-l1-1-0

_configure_wide_argv
_initialize_wide_environment
_controlfp_s
_set_app_type
_initterm
_initterm_e
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit
_exit
_errno
_get_wide_winmain_command_line
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
terminate
_beginthreadex
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-string-l1-1-0

isdigit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsProcessorFeaturePresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
UnhandledExceptionFilter

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c387ddc1fb4817b2f19a3dc49f10029c

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

gdiplus

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Sections

.text Size: 254KB - Virtual size: 253KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 254KB - Virtual size: 253KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB