2a9a298185ebaca90f272057f87dcc6e910fec451dafa7822731a877fcd678f2

Sharing

Copy URL

Twitter E-mail

General

Target

2a9a298185ebaca90f272057f87dcc6e910fec451dafa7822731a877fcd678f2
Size

9.4MB
MD5

c2eea4ff776227d864fdd7a3f9dbc916
SHA1

a6abd900a827f8ff929d953583d437af6568e97a
SHA256

2a9a298185ebaca90f272057f87dcc6e910fec451dafa7822731a877fcd678f2
SHA512

49f86342dfc907be8a6cb6561e9f816e3d6eee332d2aac0adb1e103d11600a2927cf8dc81f32476ff9b39b9e15761a0e5666fb5d7a1a428ba0c3bd281e7728c8
SSDEEP

196608:+MUiwn8lNUCDOfDNiPMJ4L4b8qPokdpxZ/KR1d:nUPn8XUBNiPac4gq55K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a9a298185ebaca90f272057f87dcc6e910fec451dafa7822731a877fcd678f2

Files

2a9a298185ebaca90f272057f87dcc6e910fec451dafa7822731a877fcd678f2
.exe windows:4 windows x86 arch:x86

28528ef0f8d27b55d3ed83886c7f489b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord6211
ord617
ord5297
ord5208
ord296
ord986
ord520
ord823
ord4154
ord6113
ord2613
ord1131
ord5261
ord4370
ord4847
ord4992
ord4704
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord641
ord4229
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord338
ord652
ord4817
ord4608
ord4607
ord1937
ord4268
ord4583
ord4893
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord6051
ord1768
ord5236
ord5286
ord3743
ord1719
ord4426
ord813
ord1165
ord560
ord5256
ord2527
ord2371
ord6597
ord2859
ord613
ord4128
ord4292
ord6115
ord289
ord1941
ord472
ord3614
ord818
ord501
ord567
ord3658
ord3621
ord2406
ord773
ord5596
ord800
ord4270
ord1634
ord1230
ord283
ord6871
ord755
ord5784
ord5871
ord5785
ord2855
ord470
ord4294
ord861
ord540
ord940
ord537
ord858
ord4124
ord535
ord2854
ord2768
ord2559
ord3826
ord3393
ord3728
ord686
ord810
ord860
ord384
ord2445
ord4266
ord5706
ord536
ord4279
ord3792
ord5825
ord3721
ord668
ord801
ord2644
ord1662
ord6874
ord3176
ord4053
ord2773
ord2762
ord541
ord538
ord356
ord3995
ord5852
ord4272
ord5679
ord6920
ord922
ord3298
ord1834
ord4237
ord3397
ord3605
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord796
ord656
ord674
ord554
ord529
ord366
ord807
ord2486
ord2619
ord2618
ord5867
ord4282
ord2081
ord5996
ord2109
ord4158
ord6617
ord4451
ord5248
ord6205
ord6150
ord2522
ord4358
ord4051
ord5467
ord4116
ord2381
ord5230
ord6365
ord5275
ord5244
ord2436
ord640
ord2397
ord1633
ord323
ord2372
ord2235
ord1795
ord298
ord620
ord4225
ord6261
ord6225
ord332
ord4448
ord6195
ord4078
ord3490
ord1856
ord3696
ord772
ord500
ord1702
ord3084
ord5147
ord3566
ord816
ord2706
ord4018
ord2561
ord5781
ord562
ord6456
ord5651
ord5783
ord3215
ord2759
ord5856
ord6138
ord3981
ord647
ord3516
ord5742
ord4152
ord333
ord6398
ord6262
ord4285
ord1743
ord1701
ord3950
ord5469
ord1717
ord5252
ord407
ord706
ord645
ord4242
ord2080
ord4155
ord2858
ord2143
ord6408
ord5480
ord4809
ord4810
ord5024
ord4652
ord6237
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4604
ord4606
ord1808
ord4609

msvcrt

__p__commode
_adjust_fdiv
__p__fmode
_initterm
__getmainargs
_acmdln
__set_app_type
_except_handler3
__setusermatherr
__CxxFrameHandler
atoi
wcscmp
rand
srand
time
_wcsicmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_controlfp

kernel32

ResetEvent
GetProcAddress
Sleep
WaitForSingleObject
MulDiv
GetModuleHandleA
GetStartupInfoA
GetCurrentThreadId
GetModuleFileNameA
LoadLibraryA
CreateEventA
OutputDebugStringW
CloseHandle
WideCharToMultiByte
CreateThread
VirtualProtect
MultiByteToWideChar
GetProcessHeap
HeapAlloc

user32

InflateRect
SetTimer
InvalidateRect
PtInRect
KillTimer
GetParent
DestroyIcon
CopyRect
OffsetRect
IsChild
GetFocus
GetKeyState
GetCursorPos
DrawIconEx
SystemParametersInfoW
IsRectEmpty
EndDeferWindowPos
BeginDeferWindowPos
ClientToScreen
GetClassLongW
GetWindow
GetDC
GetDCEx
wsprintfW
GetSystemMetrics
SetParent
AppendMenuW
DeleteMenu
GetSystemMenu
PostMessageW
GetWindowRect
FillRect
SendMessageW
GetSysColor
GetInputState
PostThreadMessageW
GetMessageW
ReleaseCapture
SetCursor
SetCapture
GetClientRect
RedrawWindow
ReleaseDC
UpdateWindow
EnableWindow
LoadCursorW
ClipCursor
GetSysColorBrush

gdi32

CreateCompatibleBitmap
BitBlt
GetTextColor
GetDeviceCaps
CreateCompatibleDC
EnumFontFamiliesW
GetTextExtentPoint32W
GetCurrentObject
PatBlt

shell32

SHGetFileInfoW

ws2_32

send
closesocket
WSACleanup
WSAStartup
gethostbyname
htons

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28528ef0f8d27b55d3ed83886c7f489b

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

shell32

ws2_32

msvcp60

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 9.4MB - Virtual size: 9.4MB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 9.4MB - Virtual size: 9.4MB