2d201a2f12c48c9e12cbe233ac5409a74589db0de8e912f8954fc1dd4c9ff02f

Sharing

Copy URL Twitter E-mail

General

Target

2d201a2f12c48c9e12cbe233ac5409a74589db0de8e912f8954fc1dd4c9ff02f
Size

1.5MB
MD5

856c06a3c809c46647623d6ea41a18f9
SHA1

86f6d03005f6ca54e835b0cb23ad8249bd040a65
SHA256

2d201a2f12c48c9e12cbe233ac5409a74589db0de8e912f8954fc1dd4c9ff02f
SHA512

c4fc92cfdf00dcbe71c36bb9911480278ab163997d6f3d712b6d799608ab1bd5236cce42933de4bbe97114da009b00c9bc98384852f78616b1ad8dfe424c6297
SSDEEP

24576:404MhpUgugk7GCPSpnhIpn3kca6rKojMSgk6tVGEP+2JYfYIVtTMy8N8PTNzGARM:4uhpUgv6dKpnh0n3Ba6v6tVGO+wiVJT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d201a2f12c48c9e12cbe233ac5409a74589db0de8e912f8954fc1dd4c9ff02f

Files

2d201a2f12c48c9e12cbe233ac5409a74589db0de8e912f8954fc1dd4c9ff02f
.exe windows:5 windows x86 arch:x86

ee6d9008e49802c1eef198ee69dde23e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pthreadvse2

pthread_mutex_unlock
pthread_mutex_lock
pthread_mutex_init

mscms

GetColorDirectoryA
EnumColorProfilesA

winmm

timeGetTime

libxml2

xmlNodeGetContent
xmlFree
xmlCopyNode
xmlAddChild
xmlGetProp
xmlStrcmp
xmlFreeDoc
xmlReadFile
xmlDocGetRootElement

libeay32

ord510
ord316
ord2630
ord3109
ord269
ord2936

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
IsDebuggerPresent
GlobalUnlock
IsProcessorFeaturePresent
QueryPerformanceCounter
GlobalHandle
CreateFileW
LocalAlloc
LocalFree
GlobalSize
GlobalFree
GlobalAlloc
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileSize
CloseHandle
SetFilePointer
WriteFile
ReadFile
GlobalLock
OutputDebugStringA
MultiByteToWideChar
WideCharToMultiByte
Sleep
SetCurrentDirectoryA
GetCurrentProcessId
FindFirstFileA
FindClose
FindNextFileA

user32

GetFocus
EnumDisplayMonitors
EnumDisplayDevicesA
MessageBoxA
GetMonitorInfoA
GetDC

advapi32

RegOpenKeyA
RegEnumKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA
SHGetFolderPathW

msvcr100

fwrite
fgetpos
_fseeki64
fsetpos
fopen
atoi
isspace
isdigit
isxdigit
isalpha
_wfopen
strtoul
printf
fprintf
__iob_func
isalnum
_fpclass
_gmtime64
_time64
vsprintf_s
tolower
vsprintf
_vscprintf
ftell
vfprintf
strncpy
sscanf
_localtime64
strtod
_waccess
_wstat32
_wmkdir
strncpy_s
_mkdir
_CIlog
ceil
fscanf
exit
tmpnam
_setjmp3
_CIpow
_access
abort
_snprintf
longjmp
strlen
strcpy
strncmp
strcmp
qsort
bsearch
floor
pow
exp
rand
log
sqrt
fabs
atan2
_iob
getenv
tmpfile
atan
cos
log10
sin
memcmp
strcat
rewind
calloc
tan
_pclose
_popen
rename
_aligned_free
_aligned_malloc
labs
_swab
abs
frexp
ldexp
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
memcpy_s
fseek
fread
localeconv
strchr
setvbuf
fflush
_unlock_file
_lock_file
fputc
fgetc
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
_purecall
atof
_stricmp
malloc
_unlink
fclose
strcat_s
__CxxFrameHandler3
free
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
strcpy_s
memmove
memchr
memcpy
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
strstr
strrchr
??3@YAXPAX@Z
memset
sprintf
_memicmp
ungetc

msvcp100

??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?resetiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1_Container_base12@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@QAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_BADOFF@std@@3_JB
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

ws2_32

htons
htonl

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee6d9008e49802c1eef198ee69dde23e

Headers

DLL Characteristics

File Characteristics

Imports

pthreadvse2

mscms

winmm

libxml2

libeay32

kernel32

user32

advapi32

shell32

msvcr100

msvcp100

ws2_32

Sections

.text Size: 936KB - Virtual size: 935KB

.rdata Size: 519KB - Virtual size: 519KB

.data Size: 39KB - Virtual size: 593KB

.rsrc Size: 1024B - Virtual size: 816B

.text
Size: 936KB - Virtual size: 935KB

.rdata
Size: 519KB - Virtual size: 519KB

.data
Size: 39KB - Virtual size: 593KB

.rsrc
Size: 1024B - Virtual size: 816B