99f803a41b6db2f376541eed51c7c98b5814689693764e6dc2cb7ee087ed645c

Sharing

Copy URL

Twitter E-mail

General

Target

99f803a41b6db2f376541eed51c7c98b5814689693764e6dc2cb7ee087ed645c
Size

776KB
MD5

12e4d25d327ef890709613b62a1f62ee
SHA1

9f21e2ff87a10b26506ef1215cf88270cb53f749
SHA256

99f803a41b6db2f376541eed51c7c98b5814689693764e6dc2cb7ee087ed645c
SHA512

92ceb5551ba146133fa999e531dfa807973d8f39e0ca4b091a7c237c0ec2a3c17cb069f10a379ee3195bf454a641eb38d17ad1caf8257226010e80346efec703
SSDEEP

24576:k5g7aHvLvLNWxKSb0tQhLLgV+fApivviLI4rt:k5t9qKSzn/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99f803a41b6db2f376541eed51c7c98b5814689693764e6dc2cb7ee087ed645c

Files

99f803a41b6db2f376541eed51c7c98b5814689693764e6dc2cb7ee087ed645c
.exe windows:5 windows x86 arch:x86

c385ab10466e2b58104d5a5cf20f859b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Work Code\V5.0\Client\Tool\FactoryTool_Decrypt\Release\Factory Tool_Dencrypt.pdb

Imports

iptool_search

IPTOOL_SEARCH_Quit
IPTOOL_SEARCH_Initial
IPTOOL_SEARCH_StartAuto

sharelib

?SHARESDK_CreateSingleton@@YAXPAXPBD@Z

mfc100u

ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord11864
ord3625
ord3684
ord8530
ord13387
ord7108
ord13381
ord11477
ord11476
ord2164
ord9447
ord4744
ord13854
ord7176
ord4086
ord11784
ord11845
ord9498
ord11236
ord7548
ord1292
ord6869
ord7624
ord9328
ord5118
ord5229
ord13127
ord2629
ord285
ord4290
ord897
ord11159
ord2852
ord2951
ord2952
ord3491
ord11116
ord2339
ord5276
ord12557
ord12948
ord10725
ord6156
ord13388
ord7109
ord13382
ord2665
ord3992
ord14067
ord5143
ord3999
ord4416
ord4383
ord4379
ord4413
ord4434
ord4392
ord4421
ord4430
ord4400
ord4404
ord4408
ord4396
ord4425
ord4388
ord1519
ord1512
ord1514
ord1508
ord1501
ord11244
ord11246
ord12724
ord2853
ord3628
ord10045
ord8599
ord6247
ord7179
ord8112
ord13380
ord10937
ord3402
ord11081
ord14060
ord14059
ord14132
ord14149
ord14145
ord14147
ord14148
ord14146
ord2418
ord7385
ord9333
ord2884
ord2887
ord12610
ord5558
ord6870
ord5468
ord1905
ord13570
ord13567
ord13572
ord13569
ord13571
ord13568
ord12753
ord890
ord6140
ord2057
ord1014
ord950
ord1895
ord6036
ord6117
ord2844
ord3763
ord1266
ord8273
ord421
ord10960
ord5231
ord11333
ord2528
ord979
ord5652
ord2089
ord11330
ord13396
ord11353
ord3416
ord5261
ord11228
ord7391
ord11240
ord11209
ord849
ord948
ord3627
ord4331
ord2823
ord1934
ord4478
ord7357
ord1312
ord1476
ord1479
ord11683
ord4151
ord788
ord1212
ord8346
ord7393
ord7876
ord7913
ord7914
ord7524
ord7929
ord4805
ord12951
ord7006
ord13047
ord3978
ord13305
ord8277
ord3380
ord2756
ord2980
ord2981
ord9525
ord10412
ord10058
ord8179
ord8347
ord2417
ord12606
ord5556
ord11123
ord4792
ord6922
ord13415
ord2062
ord3261
ord5883
ord12502
ord5198
ord12512
ord5161
ord5801
ord5862
ord6932
ord6931
ord4623
ord4794
ord4645
ord4901
ord8483
ord5115
ord4923
ord4642
ord293
ord5264
ord2614
ord415
ord978
ord1450
ord296
ord280
ord1310
ord290
ord1987
ord871
ord1272
ord5813
ord2068
ord2064
ord1298
ord266
ord265
ord286
ord902
ord1300
ord4571
ord12228
ord7246
ord7241
ord3752
ord8270
ord5325
ord5830
ord385
ord11164
ord8372
ord8550
ord6713
ord422
ord11210
ord980
ord8393
ord3446

msvcr100

signal
_getch
__CxxFrameHandler3
fputs
_gmtime32
memset
memcpy
realloc
strtoul
getenv
wcsstr
_vsnprintf
vfprintf
__iob_func
raise
qsort
_time32
strcmp
ferror
fflush
_setmode
_fileno
feof
_wfopen
isxdigit
fprintf
isupper
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memcpy_s
vsprintf_s
memchr
_resetstkoflw
_wtoi
isdigit
strncpy
atoi
isspace
_stricmp
toupper
tolower
fgets
perror
_beginthreadex
_time64
srand
rand
_snprintf
sscanf
fseek
ftell
fread
strtol
_errno
strchr
strstr
strncmp
_strnicmp
_purecall
fclose
fwrite
fopen
malloc
free
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
sprintf
printf
_CxxThrowException

kernel32

SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
GetLastError
CloseHandle
CreateThread
WideCharToMultiByte
WaitForSingleObject
SetEvent
OutputDebugStringW
GetTickCount
ResetEvent
CreateEventW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
MulDiv
GlobalUnlock
GlobalFree
LockResource
ResumeThread
FreeResource
GetProcAddress
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
IsProcessorFeaturePresent
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
WinExec
InterlockedExchange
SetThreadUILanguage
GetSystemDefaultLangID
ExitThread
OutputDebugStringA
MultiByteToWideChar
lstrlenA

user32

EnableWindow
GetSysColor
ReleaseDC
InvalidateRect
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SetRect
GetDC
GetClientRect
CopyImage
FillRect
SendMessageW
PostMessageW
LoadStringA

gdi32

CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
CreateDIBSection
GetDeviceCaps
DeleteDC
BitBlt
GetObjectW
SetDIBColorTable

comctl32

InitCommonControlsEx

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImageHeight
GdipCreateBitmapFromStreamICM
GdipFree
GdiplusShutdown
GdiplusStartup

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

ws2_32

connect
recv
WSASetLastError
send
WSAGetLastError
ioctlsocket
bind
gethostname
inet_ntoa
WSAStartup
inet_addr
WSACleanup
gethostbyname
select
htons
shutdown
setsockopt
socket
closesocket
getsockname

iphlpapi

GetAdaptersInfo

sensapi

IsNetworkAlive

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c385ab10466e2b58104d5a5cf20f859b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iptool_search

sharelib

mfc100u

msvcr100

kernel32

user32

gdi32

comctl32

ole32

oleaut32

gdiplus

msvcp100

ws2_32

iphlpapi

sensapi

advapi32

Sections

.text Size: 501KB - Virtual size: 501KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 501KB - Virtual size: 501KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 33KB - Virtual size: 32KB