74ce00e5f506f2f3871977cee2757521a17ac26352aa81a27441cd470121279aN

Sharing

Copy URL Twitter E-mail

General

Target

74ce00e5f506f2f3871977cee2757521a17ac26352aa81a27441cd470121279aN
Size

40KB
MD5

e0ae06abb986854b63d9f8fcb90152f0
SHA1

b5a2dd0eed8e61d16da81fc0f999a087e7366873
SHA256

74ce00e5f506f2f3871977cee2757521a17ac26352aa81a27441cd470121279a
SHA512

978a820a1762cb0bce36dbcc83d8ae5f50d936b43e39b913b322e574af12780cf642a402f04971294c36ac2fd5ca6499c2ef62a266301edf138834f682c67079
SSDEEP

384:w+GF3vedJrjmetGjkBQdcO0g+DnSMevD9VBizU5ekGt:w+k/IOeM6Q90lSMe/BKU5eF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74ce00e5f506f2f3871977cee2757521a17ac26352aa81a27441cd470121279aN

Files

74ce00e5f506f2f3871977cee2757521a17ac26352aa81a27441cd470121279aN
.dll windows:4 windows x86 arch:x86

780b7ddbba44667d987e65048388dff5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1083
ord703
ord603
ord2107
ord5440
ord2841
ord5600
ord404
ord3520
ord6401
ord2454
ord3318
ord1969
ord2740
ord273
ord3702
ord998
ord5607
ord2762
ord5450
ord6394
ord800
ord879
ord540
ord882
ord539
ord1168
ord1182
ord823
ord342
ord1253
ord773
ord501
ord825
ord1871
ord2233
ord2801
ord3663
ord403
ord6383
ord3977

msvcrt

wcstol
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
wcsncpy
wcscmp
_CxxThrowException
strtol
_except_handler3
memmove
towupper
atol
wcslen
_ftol
malloc
free
__CxxFrameHandler
_purecall

kernel32

WideCharToMultiByte
GetLastError
FreeLibrary
GetUserDefaultLangID
LoadLibraryW
GetVersionExA
GetProcAddress
GetLocaleInfoA
MultiByteToWideChar

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemFree
CoCreateInstance

Exports

Exports

??0CTTSManager@@QAE@XZ
??1CTTSManager@@UAE@XZ
??_7CTTSManager@@6B@
?GetTTSManager@CTTSManager@@SAPAV1@XZ
?m_arrTTSManagers@CTTSManager@@1PAPAUCRuntimeClass@@A
?m_szRegistryKey@CTTSManager@@1PADA
?m_szRegistrySection@CTTSManager@@1PADA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

780b7ddbba44667d987e65048388dff5

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 512B

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 512B

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 1KB