2f6184a62e34c9e7f2d8a446436f65c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2f6184a62e34c9e7f2d8a446436f65c0N.exe
Size

252KB
MD5

2f6184a62e34c9e7f2d8a446436f65c0
SHA1

a9fd2b3f06eaba63947258de3a432cc5631ac981
SHA256

ab8de975e28f083009bc01bbed818d9068c454d5515a2b57177d79d41b4408a2
SHA512

0cd7117ad3026bd370d435e08fd21894461d050850e0f81bac0f9b677c3b23f2985df56f00016ae270a7fbdf0c6ffd7b53d3ca8bd9ea44d39735b2b89d3d1838
SSDEEP

3072:gYEwjSwuJNkzJyQWA3O8L47VwMomVdmRiTkh1swvce6QG22WqdYHQimR41boXkJz:PE5PoTi2PmYDxOxw2nIbcKX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f6184a62e34c9e7f2d8a446436f65c0N.exe

Files

2f6184a62e34c9e7f2d8a446436f65c0N.exe
.exe windows:4 windows x86 arch:x86

1521ba3345ec7eaa93bc99861d1c2117

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

filegbr

FileGbr_GetFileNameEx

gendb

?cc_lookup_item@@YAHPBD0PAUCTRL_ENTRY_INFO@@@Z
?cc_open_item@@YAHPBD0F0PAPAKPAUCTRL_ENTRY_INFO@@@Z
?cc_get_area_names@@YAHPBDPADHPAK@Z
?cc_get_prev_itemname@@YAHPBD0PADPAH@Z
?cc_disable_network@@YAHXZ
?CCFWRITEBASE@@YAKPBXHHPAK@Z
?cc_enable_network@@YAHXZ
?cc_close_item@@YAHPBD0PAK@Z
?cc_get_next_itemname@@YAHPBD0PADPAH@Z
?CCFREADBASE@@YAKPAXHHPAK@Z

dbmgt

dbsub
start_init
dbstart
dbmodifyall
wsec_start
dbdone
completed_chk
dbgetall

prefdll

?prefdll_getbroadcastid@@YAHXZ
?prefdll_getnotation@@YAHXZ
?prefdll_getprecision@@YAHXZ
?prefdll_dopreferences_devarea@@YAXPAUHWND__@@PBD1@Z

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mfc80

ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4240
ord1402
ord3946
ord1617
ord1620
ord5915
ord6725
ord1591
ord2095
ord741
ord605
ord784
ord310
ord354
ord3182
ord4262
ord5203
ord4244
ord1401
ord5912
ord6724
ord1551
ord1670
ord1671
ord2020
ord4890
ord4735
ord4212
ord5182
ord1794
ord1892
ord266
ord6236
ord781
ord304
ord265
ord6067
ord907
ord4035
ord3761
ord4580
ord3454
ord620
ord3934
ord6178
ord4109
ord2271
ord591
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord6179
ord4108
ord2272
ord2322
ord911
ord1198
ord2372
ord1903
ord5396
ord667
ord865
ord2348
ord5403
ord5326
ord2475
ord433
ord2787
ord3916
ord1291
ord457
ord2654
ord762
ord5529
ord2451
ord6174
ord3952
ord3552
ord297
ord1123
ord1066
ord2256
ord1122
ord3989
ord5189
ord5833
ord313
ord343
ord3684
ord1185
ord1187
ord2131
ord760
ord531
ord1482
ord1091
ord3244
ord2094
ord4100
ord1955
ord2371
ord1283
ord1063
ord745
ord557
ord2657
ord618
ord6144
ord370
ord4085
ord6006
ord5716
ord2468
ord1916
ord589
ord5642
ord330
ord3592
ord757
ord4481
ord2838
ord3830
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord2178
ord4014
ord4038
ord5119
ord2248
ord1069
ord5710
ord5491
ord2321
ord3109
ord566
ord3997
ord5975
ord1054
ord4467
ord6090
ord6063
ord3683
ord4469
ord4473
ord3446
ord364
ord958
ord2765
ord3032
ord5385
ord5581
ord1457
ord3061
ord2048
ord4325
ord4466
ord4468
ord612
ord3085
ord533
ord5425
ord2649
ord6244
ord5339
ord6301
ord724
ord1183
ord2164
ord3466
ord742
ord635
ord562
ord553
ord395
ord4265
ord4277
ord1306
ord2173
ord5205
ord5148
ord3945
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2615
ord1913
ord2246
ord751
ord5165
ord4015
ord2430
ord4250
ord4041
ord2003
ord2145
ord2144
ord5859
ord4299
ord5584
ord3758
ord3648
ord334
ord3255
ord593
ord959
ord1031
ord3450
ord443
ord3254
ord5676
ord676
ord3514
ord6004
ord5713
ord616
ord368
ord4264
ord4482
ord6043
ord2768
ord3040
ord4222
ord1922
ord4852
ord4257
ord5495
ord2742
ord5412
ord1379
ord5592
ord5156
ord6238
ord2621
ord2614
ord4566
ord3645
ord4705
ord3635
ord547
ord3311
ord4263
ord4039
ord2764
ord3031
ord962
ord5455
ord2672
ord1686
ord1687
ord5582
ord1458
ord5798
ord4565
ord735
ord2628
ord3827
ord5705
ord3591
ord5101
ord5419
ord1486
ord6101
ord6180
ord3465
ord6765
ord4273
ord1556
ord5174
ord1360
ord3344
ord5151
ord5914
ord6764
ord3974
ord4860
ord4863
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4776
ord4178
ord4171
ord4980
ord4388
ord4444
ord3740
ord2044
ord4320
ord4352
ord3210
ord1934
ord3204
ord1280
ord2419
ord2420
ord2421
ord2418
ord2417
ord393
ord1793
ord6172
ord6065
ord4935
ord5204
ord3647
ord4471
ord4472
ord5522
ord6119
ord4587
ord3163
ord3229
ord4237
ord1570
ord2091
ord4099
ord1484
ord1933
ord6266
ord1397
ord657
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3317
ord572
ord1084
ord6703
ord299
ord2902
ord876
ord6118
ord1489
ord578
ord3641
ord764
ord1207
ord6278

msvcr80

_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_exit
_stat32
_time32
_difftime32
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_stricmp
_access
_mbsicmp
_mbsstr
_CxxThrowException
_cexit
strrchr
_mbsrchr
_mbsnbcpy_s
__CxxLongjmpUnwind
_setjmp3
sprintf
__argv
rand
atoi
strtok
strncmp
memset
getenv
setlocale
atof
localeconv
sscanf
_CIpow
_gcvt
isdigit
__CxxFrameHandler3
_setmbcp
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
strncat
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
longjmp
strncpy
_splitpath
srand

kernel32

GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalSize
InterlockedExchange
GetLastError
lstrlenA
GetACP
CreateProcessA
MulDiv
GetDateFormatA
GlobalFree
GlobalAlloc
FindClose
LoadLibraryA
FindFirstFileA
GetSystemDirectoryA
CloseHandle
ReadFile
SetFilePointer
GetFileSize
CreateFileA
Sleep
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetProcAddress
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetModuleFileNameA

user32

EnableWindow
SendMessageA
LoadIconA
GetWindow
GetFocus
IsChild
GetParent
IsWindow
DeleteMenu
EnableMenuItem
SetMenuDefaultItem
GetSubMenu
RemoveMenu
LoadMenuA
KillTimer
MessageBoxA
GetWindowRect
IsWindowVisible
IntersectRect
SetTimer
GetSystemMetrics
PtInRect
GetKeyState
RegisterWindowMessageA
GetSysColor
ShowScrollBar
InvalidateRect
ClientToScreen

gdi32

GetStockObject
GetDeviceCaps
GetTextExtentPoint32A
CreateSolidBrush
GetTextMetricsA
CreateFontIndirectA
GetObjectA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey

og80as

ord22050
ord18102
ord9543
ord15181
ord7598
ord14883
ord16874
ord9395
ord16829
ord8283
ord22157
ord18146
ord296
ord2149
ord22172
ord4846
ord9295
ord4793
ord9572
ord9606
ord9586
ord4814
ord9594
ord4613
ord9587
ord4839
ord9584
ord9729
ord4837
ord4795
ord9287
ord4836
ord9777
ord4790
ord4603
ord4766
ord4787
ord12696
ord12823
ord12694
ord5040
ord5333
ord5332
ord5331
ord19856
ord19871
ord20007
ord20292
ord19986
ord20293
ord19876
ord20149
ord20151
ord20312
ord20316
ord20313
ord20155
ord20152
ord20153
ord20154
ord20295
ord20317
ord20294
ord20315
ord19968
ord8405
ord8482
ord20300
ord22051
ord7900
ord18097
ord18172
ord18170
ord7511
ord7795
ord22158
ord7495
ord18101
ord18103
ord22113
ord22046
ord22053
ord22068
ord22069
ord22070
ord22048
ord22072
ord22073
ord22074
ord7890
ord7892
ord8060
ord7732
ord7901
ord8061
ord7597
ord8474
ord8476
ord8471
ord7339
ord8492
ord8475
ord8491
ord7361
ord7340
ord8479
ord8480
ord8481
ord8411
ord8485
ord8486
ord7516
ord7517
ord7518
ord7519
ord7568
ord7569
ord7585
ord7586
ord7595
ord7596
ord7531
ord7532
ord7580
ord7581
ord7578
ord7579
ord7582
ord7583
ord7527
ord7529
ord7591
ord7592
ord7593
ord7594
ord7528
ord7530
ord7520
ord7521
ord7572
ord7573
ord7522
ord7523
ord7570
ord7571
ord7588
ord7587
ord7143
ord7144
ord7145
ord7146
ord7147
ord7148
ord7149
ord7150
ord7151
ord7152
ord7154
ord7153
ord7589
ord7590
ord7533
ord7536
ord7539
ord7542
ord7534
ord7535
ord7537
ord7538
ord7540
ord7541
ord8370
ord8371
ord8287
ord8288
ord8376
ord8377
ord8374
ord8375
ord7198
ord7201
ord7199
ord7202
ord7196
ord7197
ord7200
ord7203
ord8372
ord8373
ord8379
ord8378
ord8400
ord8399
ord8311
ord8312
ord8388
ord8389
ord8297
ord8298
ord8300
ord8299
ord8301
ord8302
ord8303
ord8304
ord8305
ord8306
ord8307
ord8308
ord8310
ord7799
ord8392
ord7800
ord8393
ord7801
ord8408
ord7893
ord8003
ord8059
ord8057
ord8058
ord8004
ord8285
ord8284
ord8252
ord8281
ord8248
ord8249
ord8258
ord8250
ord8251
ord8253
ord8254
ord8257
ord8286
ord8255
ord8256
ord8264
ord8265
ord8266
ord8267
ord7188
ord7189
ord7191
ord7192
ord7190
ord7173
ord7182
ord7183
ord7258
ord7608
ord7941
ord7943
ord7944
ord7947
ord7940
ord7945
ord7135
ord7136
ord7137
ord7138
ord7139
ord7141
ord7142
ord7133
ord7134
ord7140
ord7128
ord7129
ord7130
ord7131
ord7132
ord8242
ord8247
ord8246
ord8196
ord8207
ord8203
ord8204
ord8205
ord8206
ord8198
ord8199
ord8200
ord8201
ord7505
ord7506
ord7499
ord7512
ord7510
ord7509
ord7508
ord7440
ord7439
ord7441
ord7442
ord7443
ord7444
ord7445
ord7446
ord7447
ord7448
ord7449
ord7450
ord7494
ord7465
ord7451
ord7452
ord7454
ord7455
ord7456
ord8007
ord7466
ord7500
ord7501
ord7502
ord7498
ord8466
ord7249
ord7250
ord7251
ord7234
ord7262
ord7223
ord7229
ord7230
ord7224
ord7239
ord7248
ord7231
ord7226
ord7228
ord8487
ord7227
ord7243
ord7244
ord7241
ord7205
ord7207
ord7204
ord7206
ord7245
ord7156
ord7155
ord7165
ord7164
ord7163
ord7158
ord7159
ord7161
ord7162
ord7160
ord7157
ord7166
ord7748
ord7749
ord7751
ord7750
ord7752
ord7753
ord7754
ord7233
ord7242
ord7238
ord7247
ord7232
ord7237
ord7240
ord7246
ord7545
ord7543
ord7546
ord7544
ord7549
ord7547
ord7550
ord7548
ord7760
ord7761
ord7734
ord7735
ord7744
ord7745
ord7193
ord7195
ord7194
ord7515
ord7768
ord7599
ord7743
ord7605
ord7772
ord7741
ord7736
ord7366
ord7362
ord8395
ord8309
ord8391
ord8390
ord8006
ord8063
ord8064
ord8077
ord8065
ord8008
ord8073
ord8067
ord8068
ord8074
ord8069
ord8070
ord8075
ord8071
ord8072
ord8078
ord8062
ord8079
ord8083
ord8080
ord8081
ord8082
ord8009
ord8005
ord8085
ord8084
ord8086
ord8087
ord8010
ord7514
ord7457
ord7458
ord7460
ord7459
ord7461
ord7462
ord7463
ord7464
ord7889
ord18168
ord22165
ord18153
ord22170
ord18104
ord18099
ord7507
ord22066
ord16831
ord16832
ord8465
ord16843
ord8477
ord22177
ord3241
ord3420
ord3390
ord4810
ord4788
ord4820
ord3437
ord3438
ord3462
ord3277
ord3440
ord3439
ord3239
ord4605
ord3422
ord4608
ord9568
ord4791
ord4792
ord3421
ord3273
ord3276
ord9715
ord9709
ord9710
ord9711
ord9712
ord4796
ord9714
ord9716
ord3274
ord3275
ord3424
ord3279
ord9722
ord9723
ord3446
ord4609
ord4794
ord3425
ord4835
ord3427
ord9778
ord3428
ord9730
ord9731
ord9581

msvcp80

?_Lock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Unlock@_Mutex@std@@QAEXXZ

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1521ba3345ec7eaa93bc99861d1c2117

Headers

File Characteristics

Imports

filegbr

gendb

dbmgt

prefdll

version

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

og80as

msvcp80

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 92KB - Virtual size: 92KB