99904f2ea54d18a0bc456b385e805f290deb3404a749067f3613bc6a6561f5f2

Sharing

Copy URL Twitter E-mail

General

Target

99904f2ea54d18a0bc456b385e805f290deb3404a749067f3613bc6a6561f5f2
Size

756KB
MD5

d1c8f6f2723b60730ff48ed63f5a9ec3
SHA1

d88ad3c620be8164a3d330453b33431ec397cbb8
SHA256

99904f2ea54d18a0bc456b385e805f290deb3404a749067f3613bc6a6561f5f2
SHA512

64aa1489e5f440ace782a6df94ed0f50af54df061762313d1abd7a2c59ad71d7332fc4d7f446ee92f14ed6b2ab526af6694aa13fc9fb8257d99a23ba9f19b0c4
SSDEEP

12288:u2uKx0ppZypelG4K1jvhr5vcf1IacTSgo9bFCKMGlRaGU9xYE9xYY:ufppZypelG4WpSC8CKzlR91Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99904f2ea54d18a0bc456b385e805f290deb3404a749067f3613bc6a6561f5f2

Files

99904f2ea54d18a0bc456b385e805f290deb3404a749067f3613bc6a6561f5f2
.exe windows:4 windows x86 arch:x86

00e72e45b61188bc2d39da3649ed5879

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyaddr
getservbyname
inet_addr
htonl
inet_ntoa
getservbyport
closesocket
htons
bind
WSAIoctl
connect
sendto
recvfrom
listen
accept
ioctlsocket
gethostname
getsockopt
ntohs
getpeername
getsockname
recv
send
select
WSAGetLastError
__WSAFDIsSet
socket
WSASetLastError
WSAStartup
WSACleanup
gethostbyname
setsockopt

shlwapi

PathFindFileNameA

mfc42

ord6215
ord2086
ord6199
ord1168
ord1768
ord4299
ord2379
ord5981
ord5785
ord1640
ord3874
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord3610
ord3398
ord3733
ord810
ord3303
ord823
ord5440
ord6383
ord5450
ord6394
ord6743
ord2302
ord1200
ord5856
ord3803
ord2575
ord4396
ord3574
ord3721
ord609
ord6197
ord3092
ord6379
ord4287
ord6662
ord2820
ord4476
ord3089
ord940
ord2915
ord5710
ord355
ord6508
ord551
ord6921
ord6767
ord6741
ord3811
ord2822
ord926
ord4224
ord4160
ord3716
ord790
ord5148
ord4129
ord922
ord5572
ord2919
ord4673
ord4274
ord4486
ord2554
ord2512
ord5731
ord2645
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord815
ord561
ord2725
ord5289
ord324
ord3337
ord4538
ord5873
ord809
ord556
ord4275
ord4133
ord4297
ord5788
ord472
ord2614
ord2859
ord1088
ord2122
ord6358
ord2860
ord2452
ord3693
ord816
ord562
ord2116
ord323
ord941
ord3996
ord6696
ord4000
ord6907
ord3998
ord665
ord354
ord1567
ord268
ord924
ord1979
ord6385
ord5773
ord5186
ord3789
ord5645
ord5583
ord3797
ord3742
ord818
ord2152
ord1175
ord4220
ord2584
ord3654
ord2863
ord2438
ord1644
ord3619
ord3301
ord6515
ord656
ord692
ord640
ord3571
ord858
ord860
ord1146
ord2862
ord6905
ord4123
ord2642
ord283
ord2864
ord2096
ord567
ord384
ord616
ord693
ord686
ord3582
ord4424
ord3402
ord5290
ord4398
ord1776
ord6055
ord2578
ord4218
ord2023
ord2411
ord3640
ord3370
ord4402
ord2582
ord5875
ord4710
ord6241
ord540
ord2818
ord535
ord537
ord5953
ord470
ord755
ord4234
ord800
ord2414
ord795
ord641
ord3663
ord3626
ord825
ord1641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord3573
ord1576
ord3922
ord1233

msvcrt

_setmbcp
_stati64
toupper
gmtime
getenv
fflush
_fstati64
_lseeki64
memchr
_getpid
fputc
_sys_nerr
strerror
_beginthreadex
fputs
qsort
fgets
strrchr
strncpy
_isctype
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_stricmp
_local_unwind2
_acmdln
_splitpath
_strdup
strstr
fseek
ftell
fread
_mbsstr
malloc
free
calloc
_itoa
_CxxThrowException
sprintf
fwrite
fopen
fclose
atoi
_access
memmove
_mbscmp
atol
__mb_cur_max
_pctype
strtol
strpbrk
__CxxFrameHandler
_open
_close
_read
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strncmp
strtoul
strchr
_iob
sscanf
tolower
time
_errno
realloc
_strnicmp
_write

kernel32

OutputDebugStringA
DeviceIoControl
FreeLibrary
GetModuleFileNameA
WritePrivateProfileStringA
DeleteFileA
WriteFile
SetFileTime
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
CreateProcessA
lstrcatA
SystemTimeToFileTime
ReadFile
SetFilePointer
CreateFileA
GetCurrentProcess
GetCurrentDirectoryA
GetFileAttributesA
CloseHandle
Sleep
TerminateThread
CreateThread
LoadLibraryA
GetProcAddress
GetFileType
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
GetSystemDirectoryA
SleepEx
GetTickCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetVersionExA
SetLastError
InitializeCriticalSection
GetWindowsDirectoryA
GetVersion
GetLastError
WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
VirtualAlloc
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsA
lstrlenA
GetStdHandle
HeapFree
VirtualFree

user32

GetClientRect
InvalidateRect
DestroyIcon
LoadIconA
SetTimer
SetWindowLongA
GetParent
KillTimer
GetWindowRect
FillRect
LoadCursorA
SetWindowPos
CloseWindow
MessageBeep
PostMessageA
wsprintfA
FindWindowA
DrawIcon
GetSystemMetrics
EnableWindow
SetCursor
SendMessageA
LoadBitmapA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
LoadMenuA
GetSubMenu
SetMenuDefaultItem
MessageBoxA
CopyIcon
IsWindow
GetWindowLongA
CopyRect
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawStateA
DrawFocusRect
GetActiveWindow
GetCapture
SetCapture
PtInRect
ReleaseCapture
LoadImageA
RedrawWindow
DestroyCursor
UpdateWindow
IsIconic

gdi32

CreatePen
GetStockObject
GetObjectA
CreateFontIndirectA
CreateFontA
SelectObject
DeleteObject
CreateCompatibleDC
BitBlt
CreateSolidBrush
CreateCompatibleBitmap

advapi32

RegDeleteKeyA
RegDeleteValueA
OpenSCManagerA
ChangeServiceConfigA
CryptReleaseContext
RegCreateKeyExA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptImportKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceA
CreateServiceA
OpenServiceA
CryptDestroyKey
CryptEncrypt
CloseServiceHandle

shell32

ShellExecuteA
Shell_NotifyIconA
ExtractIconA

comctl32

ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon

msvcp60

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

wldap32

ord211
ord143
ord60
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord22

Sections

.text
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00e72e45b61188bc2d39da3649ed5879

Headers

File Characteristics

Imports

ws2_32

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcp60

wldap32

Sections

.text Size: 408KB - Virtual size: 405KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 64KB - Virtual size: 151KB

.rsrc Size: 228KB - Virtual size: 228KB

.text
Size: 408KB - Virtual size: 405KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 64KB - Virtual size: 151KB

.rsrc
Size: 228KB - Virtual size: 228KB