fe49174857be4ae09dc808f8e5f6f63579c74838dc3589b55318cbbed86de882

Sharing

Copy URL Twitter E-mail

General

Target

fe49174857be4ae09dc808f8e5f6f63579c74838dc3589b55318cbbed86de882
Size

877KB
MD5

e0c3cc9d87518974fb938a9958a23700
SHA1

d1048aa2d55961b32b14015db0a4768b8c2322da
SHA256

fe49174857be4ae09dc808f8e5f6f63579c74838dc3589b55318cbbed86de882
SHA512

fc11dd6e6ed5da8964cece38365f6a8af063dc08156292feffb7249520eb9c7c555580559a4a9a589c8a38c0e8d1b755565fa03a10a15a78a84698fcee06478e
SSDEEP

12288:VMJMppMG4sulbebmtzkdgG00oeQD5yfFqNYnwUTyvumgQFUd06gjF/:VbpYse/tzeg2QyfFqN/UTJmgDd06kF/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe49174857be4ae09dc808f8e5f6f63579c74838dc3589b55318cbbed86de882

Files

fe49174857be4ae09dc808f8e5f6f63579c74838dc3589b55318cbbed86de882
.dll windows:4 windows x86 arch:x86

b89ac75eeef4d42f8dd621fe89115d48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CreatePipe
TerminateThread
CreateProcessA
GetWindowsDirectoryA
GetTempFileNameA
GetTempPathA
DeleteFileA
GetFullPathNameA
BuildCommDCBA
PurgeComm
SetCommTimeouts
SetCommState
SetupComm
FlushFileBuffers
ClearCommError
LCMapStringA
GetExitCodeProcess
SetLocalTime
GetLocalTime
GetVolumeInformationA
SetErrorMode
CompareStringA
SetPriorityClass
ResetEvent
CreateEventA
VirtualFreeEx
SetLastError
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
ExitProcess
ResumeThread
SuspendThread
Beep
FormatMessageA
LocalFree
TerminateProcess
Sleep
GetModuleFileNameA
VirtualQuery
OpenFileMappingA
GetProfileStringA
GlobalAlloc
GlobalFree
WriteProfileStringA
SystemTimeToFileTime
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
HeapReAlloc
CreateThread
RaiseException
InterlockedExchange
FlushInstructionCache
VirtualProtect
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentProcessId
GetStdHandle
GetFileType
GetVersion
GetCurrentThreadId
DeviceIoControl
TlsFree
GlobalReAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
DisableThreadLibraryCalls
TlsAlloc
TlsGetValue
TlsSetValue
LeaveCriticalSection
GetSystemDirectoryA
MoveFileExA
LocalAlloc
LocalLock
LocalUnlock
GetModuleHandleW
FileTimeToSystemTime
MultiByteToWideChar
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
lstrlenW
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
FreeLibrary
GetCurrentProcess
GetLogicalDriveStringsA
lstrcmpiA
QueryDosDeviceA
lstrcatA
LoadLibraryA
GetModuleHandleA
GetProcAddress
lstrcpyA
lstrlenA
GetFileAttributesA
CreateDirectoryA
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FindNextFileA
GetFileSize
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToDosDateTime
FindClose
WriteFile
ReadFile
GetLastError
CreateFileA
SetEvent
CloseHandle

user32

IntersectRect
OffsetRect
SetUserObjectSecurity
GetUserObjectSecurity
SystemParametersInfoA
CloseWindowStation
OpenDesktopA
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
MessageBoxA
ReleaseDC
GetWindowDC
GetDesktopWindow
DrawTextA
SendMessageTimeoutA
SendMessageA
PostMessageA
RegisterClassA
DefWindowProcA
LoadImageA
RegisterHotKey
UnregisterHotKey
GetCursorPos
CreateWindowExA
DestroyWindow
GetMessageA
TranslateMessage
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
ChangeDisplaySettingsA
OpenClipboard
IsIconic
GetWindowRect
GetSystemMetrics
wsprintfA
CloseDesktop
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
BringWindowToTop
GetActiveWindow
GetAsyncKeyState
IsWindowUnicode
SetWindowPos
UnhookWindowsHookEx
KillTimer
SetTimer
SetWindowsHookExA
CallNextHookEx
UpdateWindow
SetParent
SetWindowLongA
ExitWindowsEx
ShowWindowAsync
ShowWindow
SetForegroundWindow
FindWindowA
GetParent
GetWindowLongA
IsWindowVisible
GetWindowTextLengthA
GetWindowTextA
EnumWindows
GetWindowThreadProcessId
GetDC
GetUserObjectInformationW

gdi32

CreateCompatibleDC
GetDCOrgEx
GetClipBox
StartDocA
GetDeviceCaps
CreateDCA
DeleteDC
EndDoc
EndPage
StartPage
SetViewportOrgEx
ResetDCA
DeleteObject
SelectObject
CreateFontA
SetTextColor
GetTextColor
LineTo
MoveToEx
CreatePen
StartDocW
GetDIBits
GetObjectA
CreateCompatibleBitmap
BitBlt

winspool.drv

ClosePrinter
EnumFormsA
OpenPrinterA
EndDocPrinter
WritePrinter
StartDocPrinterA
DocumentPropertiesA
AddFormA
DeviceCapabilitiesA
EnumPrintersA
DeleteFormA
SetPrinterA
GetPrinterA
EnumPortsA
StartDocPrinterW

comdlg32

PrintDlgA
GetOpenFileNameA
PageSetupDlgA

advapi32

OpenProcessToken
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
DeleteService
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
StartServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
LogonUserA
CreateProcessAsUserA
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
SetSecurityDescriptorDacl
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
CopySid
GetLengthSid

shell32

ExtractIconA
Shell_NotifyIconA
SHChangeNotify
ShellExecuteExA
SHFileOperationA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CreateStreamOnHGlobal

odbc32

ord75
ord55
ord9
ord31
ord19
ord27
ord72
ord24
ord43
ord12
ord8
ord11
ord13

mpr

WNetCancelConnection2A
WNetUseConnectionA

msvcrt

strtol
strncpy
_mbsnbcpy
_strlwr
_mbscmp
_stricmp
atol
strtok
_CxxThrowException
memchr
signal
memcmp
atoi
realloc
strncmp
_except_handler3
strftime
localtime
longjmp
_setjmp3
isprint
isspace
tolower
isalnum
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strnicmp
_strupr
_ultoa
_wcsicmp
_itoa
_ltoa
_strcmpi
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_exit
_beginthreadex
wcsstr
isdigit
qsort
getenv
isxdigit
_wfopen
_setmode
fgets
gmtime
isupper
strtoul
fputs
_getch
sscanf
_mbsnbicmp
__CxxFrameHandler
_iob
_ftol
perror
_strdup
memmove
calloc
abs
strchr
strstr
strrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
time
srand
rand
strcmp
strcat
fseek
_endthreadex
raise
_memicmp
memcpy
memset
ftell
fprintf
fopen
_errno
strcpy
strlen
malloc
sprintf
fwrite
fread
fclose
free
_vsnprintf
fflush

Exports

Exports

@DispatchAPI@4

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareDat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b89ac75eeef4d42f8dd621fe89115d48

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

odbc32

mpr

msvcrt

Exports

Exports

Sections

.text Size: 598KB - Virtual size: 598KB

.rdata Size: 198KB - Virtual size: 197KB

.data Size: 33KB - Virtual size: 74KB

ShareDat Size: 512B - Virtual size: 28B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 598KB - Virtual size: 598KB

.rdata
Size: 198KB - Virtual size: 197KB

.data
Size: 33KB - Virtual size: 74KB

ShareDat
Size: 512B - Virtual size: 28B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 44KB