7c69f0759bcf2036ad232aded132ead05014e10782131984ef88e1fc7b72f295N

Sharing

Copy URL

Twitter E-mail

General

Target

7c69f0759bcf2036ad232aded132ead05014e10782131984ef88e1fc7b72f295N
Size

61KB
MD5

f7ba515fc4c2b04dec3c5d3e6a6fcc00
SHA1

65e9b349f1153946ef57e3a6206dac5b1e1a0172
SHA256

7c69f0759bcf2036ad232aded132ead05014e10782131984ef88e1fc7b72f295
SHA512

f3d0850f46a6df62548ca0a377cbc8e8b12aac5b5309b5b92d1b7a14035bef2d04ae7d0886667871d42f4e2f6d393d3d8f5ac2464bd3e28ba5120c6b0610242c
SSDEEP

1536:Ph+voyCuKEKg5ZphuCaKxbHxIOcAVDwcj:Phb2PzaKxbRdDj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c69f0759bcf2036ad232aded132ead05014e10782131984ef88e1fc7b72f295N

Files

7c69f0759bcf2036ad232aded132ead05014e10782131984ef88e1fc7b72f295N
.exe windows:5 windows x86 arch:x86

5f8e77443beb58d037c5c4dd3e5261e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

?putback@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
?_Init@?$messages@G@std@@IAEXABV_Locinfo@2@@Z
?_Init@?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIXZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
?setprecision@std@@YA?AU?$_Smanip@H@1@H@Z
??4?$complex@O@std@@QAEAAV01@ABV01@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Addstd@ios_base@std@@IAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEGXZ
??_7out_of_range@std@@6B@
?norm@std@@YAMABV?$complex@M@1@@Z
?_Psum@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPAGPAGI@Z
?sputbackc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
_FSinh
?length@?$codecvt@GDH@std@@QBEHAAHPBG1I@Z
??4?$_Complex_base@O@std@@QAEAAV01@ABV01@@Z
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?imag@?$_Complex_base@N@std@@QAENABN@Z
?quiet_NaN@?$numeric_limits@D@std@@SADXZ
?compare@?$collate@G@std@@QBEHPBG000@Z
?do_narrow@?$ctype@G@std@@MBEPBGPBG0DPAD@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??4?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?round_error@?$numeric_limits@M@std@@SAMXZ
?isfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
?do_hash@?$collate@D@std@@MBEJPBD0@Z
??4?$numeric_limits@_N@std@@QAEAAV01@ABV01@@Z
?ldexp@?$_Ctr@O@std@@SAOOH@Z
?in@?$codecvt@GDH@std@@QBEHAAHPBD1AAPBDPAG3AAPAG@Z
?seekoff@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
??Mstd@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
_LDtest
??0bad_typeid@std@@QAE@PBD@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHPAGH@Z
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
?_Getcat@?$codecvt@GDH@std@@SAIXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?getline@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGHG@Z
?min@?$numeric_limits@_N@std@@SA_NXZ
?max@?$numeric_limits@N@std@@SANXZ
?_Cltab@?$ctype@D@std@@0PBFB
??_7bad_typeid@std@@6B@
?log@?$_Ctr@M@std@@SAMM@Z

mapistub

FGetComponentPath
SzFindSz@8
MAPIInitialize@4
OpenStreamOnFile
cmc_act_on
__ValidateParameters@8
OpenTnefStream@28
LaunchWizard@20
FBadPropTag@4
BMAPIFindNext
LPropCompareProp@8
UNKOBJ_FreeRows@8
HrQueryAllRows@24
LpValFindProp@12
MapStorageSCode@4
EnableIdleRoutine@8
FtSubFt@16
HexFromBin@12
HrEntryIDFromSz@12
ScCopyNotifications@16
CreateTable@36
UNKOBJ_ScAllocate@12
__CPPValidateParameters@8
CloseIMsgSession@4
IsBadBoundedStringPtr@8
cmc_send_documents
InstallFilterHook@4
MAPIOpenFormMgr
ScRelocNotifications@20
HrDecomposeEID@28

comctl32

CreateToolbarEx
ImageList_SetFilter
PropertySheetA
FlatSB_GetScrollRange
ImageList_SetBkColor
FlatSB_SetScrollRange
DllGetVersion
FlatSB_SetScrollPos
CreateUpDownControl
ImageList_DragLeave
ImageList_Read
ImageList_Remove
CreatePropertySheetPageW
ImageList_GetImageCount
DestroyPropertySheetPage
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
DrawStatusTextW
FlatSB_EnableScrollBar
ImageList_AddMasked
ImageList_DrawIndirect
ImageList_SetFlags
ImageList_Duplicate
PropertySheet
ImageList_BeginDrag

kernel32

TlsSetValue
RegisterConsoleVDM
HeapCreate
WriteProfileSectionW
GetCompressedFileSizeA
SetProcessAffinityMask
BackupSeek
LZCloseFile
VirtualAlloc
FindNextFileA
DeleteVolumeMountPointW
LoadLibraryA
GetProfileStringA
QueryPerformanceFrequency
GetHandleInformation
VerifyVersionInfoW
GetConsoleCommandHistoryW
SetFileAttributesA
InvalidateConsoleDIBits
SetConsoleCursorPosition
FindNextVolumeMountPointA
DeactivateActCtx
IsValidLocale
DosPathToSessionPathW
GetFileAttributesExW

msdart

?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?WriteUnlock@CCritSec@@QAEXXZ
??0CLKRHashTableStats@@QAE@XZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?_TryLock@CSmallSpinLock@@AAE_NXZ
??0CLockedSingleList@@QAE@XZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
??0CReaderWriterLock3@@QAE@XZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?_H0@CLKRLinearHashTable@@ABEKK@Z
?Unlock@CLockedSingleList@@QAEXXZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
?_PredTrue@CLKRLinearHashTable@@CG?AW4LK_PREDICATE@@PBXPAX@Z
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?ReadLock@CReaderWriterLock3@@QAEXXZ
?ReadLock@CSmallSpinLock@@QAEXXZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
?IsReadLocked@CCritSec@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?Clear@CLKRHashTable@@QAEXXZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ

oleaut32

VarBoolFromI1
VarCyNeg
VarR8FromBool
VarI1FromR8
VarBoolFromDec
SafeArrayAllocDescriptor
VarBoolFromR8
LPSAFEARRAY_Marshal
DispCallFunc
VarUI4FromR4
VarI1FromI2
BSTR_UserUnmarshal
VARIANT_UserFree
SysReAllocString
VarI1FromCy
VarUI4FromR8
VarDateFromStr
VarUI8FromI2
VarMul
VarI8FromDec
VarI2FromUI8
VarDecFromR8
VarUI4FromCy
VarBstrFromUI8
VariantCopyInd

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f8e77443beb58d037c5c4dd3e5261e8

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

mapistub

comctl32

kernel32

msdart

oleaut32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 19KB - Virtual size: 104KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 220B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 19KB - Virtual size: 104KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 220B