340e78f4af296f59c3eb3550747de0615f9bc2312e0ce3005e7e8d154bb42490

Sharing

Copy URL Twitter E-mail

General

Target

340e78f4af296f59c3eb3550747de0615f9bc2312e0ce3005e7e8d154bb42490
Size

495KB
MD5

0e3834ccf89a14b3ca6879fb65985c9e
SHA1

f1bc8491ae4da535d79ea4c806a64171929e5e99
SHA256

340e78f4af296f59c3eb3550747de0615f9bc2312e0ce3005e7e8d154bb42490
SHA512

f3679a92ce007752bbbd8d3d99f6f20ce405b42fb08539c95e7dbd0ec2844e72942a3066f01fe8acf827266df4944d820c15a1a178327bd3b9f09c5a1f4df071
SSDEEP

6144:xJv7oLBz2udCCdUhJrYU55V7mx5zlpiMnphC9NrUIbGhpl:xJq2uI7hZx5V7mx5zTiMphe1Gjl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
340e78f4af296f59c3eb3550747de0615f9bc2312e0ce3005e7e8d154bb42490

Files

340e78f4af296f59c3eb3550747de0615f9bc2312e0ce3005e7e8d154bb42490
.exe windows:4 windows x86 arch:x86

befa33c4d8ee7a20a6955b5ee0617f47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

nspr4

PR_AtomicIncrement
PR_AtomicDecrement
PR_Now

mfc71u

ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1955
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord2404
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4716
ord3397
ord1297
ord2164
ord4179
ord6271
ord5067
ord1899
ord5144
ord4238
ord1393
ord3939
ord1608
ord1611
ord5911
ord4013
ord2418
ord2419
ord5352
ord940
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord1904
ord2237
ord3249
ord4255
ord5171
ord4276
ord5148
ord3940
ord3312
ord1953
ord5168
ord5198
ord6265
ord5141
ord4235
ord1341
ord1334
ord4984
ord1344
ord2030
ord2068
ord2072
ord1903
ord3981
ord5351
ord3923
ord4191
ord6010
ord1583
ord1639
ord2087
ord3166
ord5210
ord4228
ord2080
ord4092
ord1474
ord1922
ord1627
ord4962
ord1117
ord5493
ord3946
ord458
ord689
ord6140
ord1386
ord3590
ord3678
ord3448
ord630
ord2012
ord1331
ord2002
ord605
ord1182
ord1178
ord354
ord1659
ord1661
ord359
ord607
ord2083
ord1632
ord1562
ord4232
ord2952
ord3224
ord658
ord1785
ord3635
ord4574
ord2860
ord3922
ord4347
ord2340
ord1571
ord3176
ord4256
ord2942
ord5199
ord1392
ord5908
ord1662
ord4884
ord4729
ord4206
ord5178
ord532
ord1545
ord3189
ord620
ord562
ord751
ord416
ord651
ord595
ord3663
ord1574
ord4956
ord4112
ord1555
ord2362
ord4882
ord4310
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord1561
ord4231
ord3223
ord657
ord2651
ord3291
ord5157
ord4959
ord6269
ord1340
ord1335
ord4983
ord1343
ord4190
ord384
ord629
ord1430
ord317
ord584
ord313
ord1189
ord5320
ord1557
ord6286
ord3215
ord356
ord2086
ord4234
ord3311
ord741
ord3829
ord501
ord709
ord5638
ord6219
ord2077
ord4226
ord3158
ord587
ord2159
ord4244
ord5430
ord4439
ord1946
ord4094
ord2085
ord3238
ord1274
ord3677
ord757
ord444
ord677
ord2534
ord631
ord2279
ord1155
ord965
ord5439
ord2275
ord4562
ord3942
ord4475
ord3327
ord2832
ord5562
ord5209
ord5226
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord3201
ord2609
ord2897
ord5319
ord1864
ord1784
ord1866
ord1876
ord5965
ord1403
ord2155
ord2247
ord1781
ord5186
ord1416
ord2066
ord2255
ord3910
ord468
ord694
ord2781
ord3578
ord5373
ord347
ord602
ord1270
ord1920
ord2863
ord3671
ord4333
ord2361
ord5727
ord1461
ord2472
ord3163
ord2936
ord2847
ord5527
ord4960
ord1342
ord1336
ord4985
ord4192
ord1586
ord1642
ord2869
ord3319
ord5609
ord5584
ord6033
ord5519
ord3331
ord3984
ord6278
ord4314
ord6232
ord524
ord721
ord4577
ord977
ord2027
ord1396
ord516
ord718
ord3661
ord2861
ord3288
ord4266
ord2969
ord1512
ord4274
ord5208
ord1573
ord1318
ord3287
ord4714
ord5207
ord4730
ord4207
ord4184
ord4838
ord4861
ord4611
ord4791
ord5064
ord5066
ord5065
ord2652
ord293
ord577
ord2121
ord777
ord774
ord283
ord280
ord282
ord1479
ord2926
ord900
ord899
ord3998
ord5832
ord1058
ord776
ord3756
ord6063
ord4026
ord948
ord3073
ord5925
ord1590
ord1646
ord1647
ord2397
ord2409
ord2386
ord2390
ord2392
ord2394
ord2384
ord5229
ord2640
ord1548
ord2986
ord1472
ord2310
ord1476
ord896
ord4098
ord258
ord290
ord4101
ord5485
ord2460
ord2893
ord1156
ord385
ord3082
ord1118
ord4100
ord5524
ord2261
ord3842
ord5398
ord6167
ord6173
ord2260
ord5484
ord3869
ord5803
ord2656
ord4035
ord5736
ord261
ord5083
ord1582
ord1536
ord566
ord287
ord4027
ord2271
ord2745
ord5096
ord1007
ord2009
ord4320
ord3990
ord2444
ord860
ord2876
ord4074
ord1542
ord1782
ord1883
ord2311
ord1842
ord3400
ord2282
ord2473
ord2396
ord1906
ord6203
ord4041
ord3877
ord897
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord5316
ord6282
ord1176
ord266
ord5327
ord6293
ord2365
ord1894
ord3395
ord4588
ord5566
ord2366
ord3334
ord2140
ord4946
ord1271
ord1925
ord4945
ord4290
ord4624
ord4628
ord2862
ord2868
ord3669
ord3079
ord5923
ord5924
ord1198
ord5855
ord265
ord3198
ord3204
ord742
ord553
ord4162
ord3752
ord4119
ord4921
ord4271
ord4259
ord5161
ord4109
ord6086
ord1460
ord2364
ord4293
ord4336
ord2264
ord5201
ord715
ord572
ord760
ord3286
ord2985
ord1572
ord1634
ord583
ord3151

msvcr71

_stricmp
_strdup
_strcmpi
_itoa
_strnicmp
_strlwr
_stat
_access
localtime
strftime
strrchr
atoi
wcsrchr
_itow
isspace
isalpha
tolower
wcsncat
swscanf
_i64tow
srand
rand
_wcsicmp
labs
strpbrk
strtok
wcsftime
_localtime64
_time64
_snprintf
fgets
fopen
_mbsrchr
_fullpath
getenv
strtol
_except_handler3
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
__security_error_handler
_controlfp
strlen
malloc
strcmp
strncpy
_wcsdup
wcscpy
abs
sqrt
strcat
wcscat
wcsncpy
strcpy
fclose
_wfopen
memcmp
wcsncmp
wcsstr
memcpy
memmove
wcscmp
free
_wcsnicmp
_purecall
wcschr
wcslen
strncmp
strstr
sprintf
memset
strchr
__CxxFrameHandler

kernel32

GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
MoveFileW
GetProcAddress
CopyFileW
lstrcpyW
GetModuleFileNameA
LoadLibraryExA
ExpandEnvironmentStringsA
GlobalLock
CreateProcessW
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
CreateFileA
GlobalFree
GlobalAlloc
WideCharToMultiByte
lstrlenW
ReleaseMutex
WaitForSingleObject
MulDiv
LoadLibraryW
FreeLibrary
FindClose
FindFirstFileW
GetProcessHeap
HeapFree
GetCommandLineW
CreateMutexW
CloseHandle
GetCurrentProcess
GetWindowsDirectoryA
DeleteFileW
GetTempFileNameW
GetStartupInfoW
GetTempPathW
InitializeCriticalSection
GlobalUnlock
MultiByteToWideChar
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenA

user32

MapVirtualKeyW
GetKeyNameTextW
GetLastActivePopup
GetCaretPos
DrawTextW
GetWindowDC
UnregisterClassW
SetDlgItemTextW
SetWindowTextW
EndDialog
DialogBoxParamW
FlashWindow
ScreenToClient
DrawFrameControl
OffsetRect
GetAsyncKeyState
InflateRect
SetCursorPos
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
ShowWindow
EqualRect
IntersectRect
ClientToScreen
CopyRect
CheckMenuItem
DefWindowProcW
LoadIconW
RegisterWindowMessageW
RemoveMenu
GetMenuItemCount
InsertMenuW
DrawMenuBar
CreateMenu
CreatePopupMenu
FindWindowExW
SetRect
MapDialogRect
MessageBoxW
BringWindowToTop
KillTimer
ReleaseCapture
SetTimer
SetCapture
SetCursor
GetDlgItemTextW
GetDlgItem
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadCursorW
CharLowerBuffW
GetCursorPos
SetWindowLongW
AppendMenuW
SetForegroundWindow
IsIconic
RegisterClipboardFormatW
IsWindowVisible
GetMenu
AdjustWindowRectEx
SubtractRect
GetWindowRect
IsZoomed
SendMessageW
SetActiveWindow
GetActiveWindow
EnableWindow
IsWindowEnabled
GetDesktopWindow
EnumChildWindows
SetWindowPos
GetWindowLongW
GetParent
GetClassNameW
LoadImageW
UpdateWindow
InvalidateRect
PtInRect
GetSystemMetrics
GetIconInfo
GetFocus
IsChild
IsWindow
RedrawWindow
IsMenu
PostMessageW
SetMenu
SetFocus
GetKeyState
RegisterHotKey
UnregisterHotKey
DestroyIcon
MessageBeep
GetClientRect
GetSysColorBrush
DestroyAcceleratorTable
VkKeyScanA
GetSysColor
ReleaseDC
GetDC
SystemParametersInfoW
CreateAcceleratorTableW

gdi32

CreateDCW
GetTextExtentPoint32W
CreateDIBitmap
StretchBlt
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
Rectangle

comdlg32

CommDlgExtendedError
GetSaveFileNameW

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CreateProcessAsUserW
CreateRestrictedToken
GetTokenInformation
OpenProcessToken
RegEnumKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
SHAppBarMessage

comctl32

ImageList_GetIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Draw
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoInitialize
CoUninitialize

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

befa33c4d8ee7a20a6955b5ee0617f47

Headers

File Characteristics

Imports

nspr4

mfc71u

msvcr71

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

Sections

.text Size: 239KB - Virtual size: 239KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 1024B - Virtual size: 171KB

.rsrc Size: 166KB - Virtual size: 166KB

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 1024B - Virtual size: 171KB

.rsrc
Size: 166KB - Virtual size: 166KB