8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67

Sharing

Copy URL

Twitter E-mail

General

Target

8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67
Size

1.7MB
MD5

caf67a069417942f7dc464483fa221f3
SHA1

45ea4ac98f0df824a206be6560a15546d711ae07
SHA256

8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67
SHA512

92287a706b29dd7778c979b0468f677c5c6b2645dbc073105687e668fa92ba7f044baaea9618c60226e9ac46a8e6a2a928f53dc415875d548b32dd7c41fddc2a
SSDEEP

12288:AfznAsTJY/1o26kw6BEVNsa4gOYKikqiCUDqgsX+QOpda8RUTMfgVSl54DeSWKVB:4TF6BA5+J/aQgVSlarWMWieUUR/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67

Files

8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67
.exe windows:4 windows x86 arch:x86

74fa4a907597e36a6b2fc813b82349cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2135
ord2302
ord2863
ord2379
ord6215
ord823
ord755
ord470
ord1106
ord4224
ord2818
ord5875
ord4476
ord3092
ord4125
ord3815
ord2864
ord616
ord1200
ord5953
ord2086
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord3914
ord860
ord2515
ord355
ord858
ord3303
ord668
ord2770
ord2820
ord3811
ord356
ord3571
ord6199
ord2862
ord2096
ord1641
ord6008
ord4000
ord3287
ord535
ord537
ord3708
ord6741
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord6508
ord781
ord1980
ord3185
ord4058
ord2781
ord6767
ord924
ord5710
ord4129
ord2764
ord941
ord3283
ord6134
ord3876
ord613
ord640
ord2452
ord2753
ord5785
ord1640
ord323
ord289
ord6136
ord1948
ord5303
ord4699
ord5289
ord384
ord565
ord817
ord2726
ord4226
ord3698
ord765
ord665
ord5442
ord1979
ord3318
ord5186
ord354
ord6385
ord4299
ord807
ord554
ord5981
ord2558
ord6779
ord6648
ord3874
ord6197
ord3175
ord3177
ord3499
ord3767
ord4132
ord1175
ord2642
ord6880
ord2915
ord4163
ord6625
ord798
ord1997
ord5465
ord5194
ord533
ord3733
ord810
ord4271
ord6334
ord3297
ord4275
ord3771
ord542
ord1269
ord6780
ord923
ord5601
ord3721
ord795
ord2393
ord1567
ord268
ord6453
ord3176
ord5683
ord1949
ord2152
ord1233
ord3810
ord920
ord5450
ord6394
ord5440
ord6383
ord3097
ord3741
ord2256
ord4034
ord1946
ord3953
ord561
ord815
ord617
ord5214
ord296
ord2652
ord1669
ord6464
ord3447
ord3196
ord5503
ord567
ord1146
ord3573
ord3402
ord5290
ord1776
ord6055
ord4234
ord2370
ord324
ord540
ord4160
ord800
ord3597
ord4425
ord4627
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4710
ord4998
ord4853
ord4376
ord5265
ord818
ord2414
ord686
ord641
ord3626
ord3663
ord1168
ord1134
ord6438
ord2621
ord2514
ord825
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5715
ord4673

msvcrt

exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_strupr
_stricmp
wcslen
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_onexit
__dllonexit
_beginthreadex
memcmp
strncpy
isalnum
printf
time
srand
rand
clock
_ftol
atoi
memset
_CxxThrowException
strlen
strcat
_mbscmp
memcpy
__CxxFrameHandler
strcpy
strcmp
sprintf
_controlfp

kernel32

GetVersionExA
TerminateThread
ResumeThread
GetFileAttributesA
GetVersion
CreateThread
InterlockedDecrement
ExitProcess
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
FreeLibrary
VirtualFree
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
WinExec
InitializeCriticalSection
SetUnhandledExceptionFilter
Sleep
GetModuleFileNameA
CreateProcessA
CloseHandle
GlobalAddAtomA
ReleaseMutex
CreateMutexA
GlobalDeleteAtom
GlobalGetAtomNameA
lstrlenA
LocalFree
LocalAlloc
FormatMessageA
GetModuleHandleA
GetStartupInfoA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
SetPriorityClass
GetCurrentProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
CreateEventA
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceA
WaitForSingleObject
ResetEvent
SetEvent
GetLastError
GetCurrentThreadId
CreateDirectoryA
ExitThread

user32

LoadMenuA
GetSubMenu
EnableMenuItem
GetKeyState
SetWindowPos
CloseWindow
IsWindow
SetParent
GetWindowRect
GetParent
LoadBitmapA
LoadStringA
UpdateWindow
GetCursorPos
ScreenToClient
ClientToScreen
SetRect
ReleaseDC
GetDC
InvalidateRect
CreatePopupMenu
GetDesktopWindow
GetWindowLongA
GetForegroundWindow
GetSysColor
CopyRect
MessageBoxA
LoadIconA
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
wsprintfA
GetLastActivePopup
BringWindowToTop
IsWindowVisible
BroadcastSystemMessage
RegisterWindowMessageA
PostThreadMessageA
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
SetMenuDefaultItem
FillRect
RedrawWindow
ShowWindow
GetDlgItem
KillTimer
EnableWindow
PostMessageA

gdi32

BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
CreateCompatibleBitmap
CreateSolidBrush
CreateCompatibleDC

advapi32

RegCloseKey
RegDeleteKeyA
RegFlushKey
OpenProcessToken
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetValueExA

shell32

Shell_NotifyIconA
DragQueryFileA
DragFinish
SHGetFileInfoA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_AddMasked

ole32

OleUninitialize
OleRun
CreateStreamOnHGlobal
OleCreateStaticFromData
OleDuplicateData
ReleaseStgMedium
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
OleInitialize
CoCreateInstance

olepro32

ord251

oleaut32

SysFreeString
SetErrorInfo
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocString
CreateErrorInfo
VariantClear
VariantInit
VariantCopy

winmm

waveInPrepareHeader
waveInOpen
waveOutOpen
waveOutClose
waveOutWrite
waveOutPrepareHeader
waveInStart
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveInAddBuffer
PlaySoundA

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

ws2_32

recv
gethostbyaddr
gethostname
inet_ntoa
accept
listen
WSAGetLastError
bind
htons
WSAStartup
socket
closesocket
shutdown
send
connect
inet_addr
htonl
gethostbyname
sendto
setsockopt
recvfrom

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74fa4a907597e36a6b2fc813b82349cb

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

winmm

msvcp60

ws2_32

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 1.5MB - Virtual size: 1.5MB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 20KB - Virtual size: 16KB