e8a6c67b73091a133d940bb541f9bb88ce4021bb08d9a83219637be510383884

Sharing

Copy URL Twitter E-mail

General

Target

e8a6c67b73091a133d940bb541f9bb88ce4021bb08d9a83219637be510383884
Size

176KB
MD5

838411208750004ec153e0133bff2343
SHA1

5fba3110d5fc625cbaa3c00249cc469495bbbe2a
SHA256

e8a6c67b73091a133d940bb541f9bb88ce4021bb08d9a83219637be510383884
SHA512

4828df3f1283ee5d4f91ca323090fd948855e2e3cb7cc246c4adba1b8161f00d3148106302f2a17f2cbb5be16aeec2c44e043635d55cde9aa405ca5b30adef40
SSDEEP

3072:JYGCNh/JG/Ik794TpdeOEJUsxDW8qAX5EJkyk8/sg2mKNll/EkQOtqmBWxO7dl:GGWOyezDW8qAivxKNll/jQRxO7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8a6c67b73091a133d940bb541f9bb88ce4021bb08d9a83219637be510383884

Files

e8a6c67b73091a133d940bb541f9bb88ce4021bb08d9a83219637be510383884
.exe windows:4 windows x86 arch:x86

d25221943b34d38fa21fc90b64a4be0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetLocaleInfoA
GetThreadLocale
lstrlenA
CreateDirectoryW
DeleteFileW
GetTempPathW
MultiByteToWideChar
GetOEMCP
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
lstrcatW
LoadLibraryW
lstrlenW
GetUserDefaultLCID
GetLocaleInfoW
InterlockedCompareExchange
lstrcmpiW
GetVersionExA

user32

CharNextW
wsprintfW
MessageBoxW

pfutility

?StrToIntUI@CPFUtility@@SAJPB_WPAH@Z
?IntToStrInternal@CPFUtility@@SAJHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ReplaceSkipStringAndComment@CPFUtility@@SAHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@1H@Z
?StrInternalToFloat@CPFUtility@@SAJPB_WPAM@Z
?StrInternalToInt@CPFUtility@@SAJPB_WPAH@Z
?CStringToUTF8String@IndeCore@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ForceDirectoriesW@@YAHPB_W@Z
?ReplaceCSVSingleChar@CPFUtility@@SAHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_W1@Z
?FloatToStrInternal@CPFUtility@@SAJMAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetCurrentRegionalDecimalSymbol@CPFUtility@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?StrToFloatUI@CPFUtility@@SAJPB_WPAM@Z

indexml

?CoCreateInstance@?$CInterfaceCallingWrapper@UIXMLDOMDocument2@@@@QAEJABU_GUID@@PAUIUnknown@@K@Z
?LoadXML@CXMLDOMDocument2@@QAEHPB_W@Z
?SelectNodes@CXMLDOMNodeBase@@QAE?AVCXMLDOMNodeList@@PB_W@Z
??0CXMLDOMNode@@QAE@XZ
?NextNode@CXMLDOMNodeList@@QAE?AVCXMLDOMNode@@XZ
??4CXMLDOMNode@@QAEAAV0@ABV0@@Z
??0CXMLDOMElement@@QAE@AAVCXMLDOMNodeBase@@@Z
?IsValid@?$CInterfaceCallingWrapper@UIXMLDOMElement@@@@QAEHXZ
??1?$CInterfaceCallingWrapper@UIXMLDOMElement@@@@UAE@XZ
?GetAttrText@CXMLDOMElement@@QAEJPB_WAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?GetAttrBool@CXMLDOMElement@@QAEJPB_WAAHH@Z
??1?$CInterfaceCallingWrapper@UIXMLDOMNodeList@@@@UAE@XZ
??1?$CInterfaceCallingWrapper@UIXMLDOMDocument2@@@@UAE@XZ
??1CXMLDOMDocument2@@UAE@XZ
??1CXMLDOMNodeList@@UAE@XZ
??1CXMLDOMElement@@UAE@XZ
?SelectSingleNode@CXMLDOMNodeBase@@QAE?AVCXMLDOMNode@@PB_WH@Z
?IsValid@?$CInterfaceCallingWrapper@UIXMLDOMNode@@@@QAEHXZ
?GetText@CXMLDOMNodeBase@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
??1CXMLDOMNodeBase@@UAE@XZ
??1?$CInterfaceCallingWrapper@UIXMLDOMNode@@@@UAE@XZ
??1CXMLDOMNode@@UAE@XZ
??0CXMLDOMDocument2@@QAE@XZ

mfc80u

ord293
ord1479
ord2895
ord282
ord6700
ord6111
ord860
ord1079
ord776
ord3249
ord774
ord1172
ord5316
ord2340
ord6282
ord1176
ord1571
ord3383
ord5705
ord280
ord277
ord5558
ord3990
ord5524
ord283
ord5327
ord6293
ord2745
ord896
ord2742
ord3925
ord2279
ord2271
ord631
ord386
ord1476
ord2444
ord6167
ord6173
ord1197
ord566
ord757
ord1178
ord3927
ord772
ord4100
ord2261
ord1182
ord6002
ord1086
ord265
ord266
ord2311
ord629
ord584
ord1472
ord4098
ord1430
ord1425
ord5485
ord899
ord5338
ord5319
ord317
ord5083
ord384
ord5711
ord762
ord745
ord557
ord2121
ord6172
ord5398
ord4026
ord261
ord1189
ord287
ord6303
ord900
ord2897
ord5325
ord744
ord5091
ord556
ord313
ord380
ord3195
ord2696
ord2697
ord5489
ord290
ord2468
ord1299
ord1118
ord2167
ord5416
ord1443
ord1908
ord5712
ord6161
ord5442
ord258
ord746
ord558
ord764
ord577
ord2310
ord870
ord2460

msvcr80

_wremove
wcsftime
_localtime64_s
_wsplitpath_s
wcscpy_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
memmove_s
wcsncpy_s
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memcpy
fprintf
__iob_func
sprintf
isprint
free
qsort
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
memset
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_wcslwr
__CxxFrameHandler3
wprintf
_wcsicmp
memcpy_s
_wsetlocale
printf
toupper
_wgetdcwd
_wsplitpath
_wmakepath
_onexit
tolower

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoInitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
VarBstrCat
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringLen

msvcp80

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d25221943b34d38fa21fc90b64a4be0e

Headers

File Characteristics

Imports

kernel32

user32

pfutility

indexml

mfc80u

msvcr80

advapi32

ole32

oleaut32

msvcp80

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB