5cfbe4b0976f4edd6a6e6f3e7980dd328e73130746e2415f976c4af9065bf3d1

Sharing

Copy URL

Twitter E-mail

General

Target

5cfbe4b0976f4edd6a6e6f3e7980dd328e73130746e2415f976c4af9065bf3d1
Size

412KB
MD5

f1319a09cfa0131e626da4742b031e94
SHA1

3caa6a9fd6edd93a0820e11a8843fb8ad2b5d272
SHA256

5cfbe4b0976f4edd6a6e6f3e7980dd328e73130746e2415f976c4af9065bf3d1
SHA512

15d2ccef783893948381847a9ebf3a88005f66b3e71ffa204cee36b701426ca0590b00b54160d73d47799ce85a344c9b4978b187dc1536a01696c4bc0398a9ac
SSDEEP

6144:qngF82B8PX+pH1lewMKG5/xOGx3cW6HKT32zfnMHPQVxpPldyS:Lq+tpH1wKgxL3c2T3+fnMHPm5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5cfbe4b0976f4edd6a6e6f3e7980dd328e73130746e2415f976c4af9065bf3d1

Files

5cfbe4b0976f4edd6a6e6f3e7980dd328e73130746e2415f976c4af9065bf3d1
.exe windows:4 windows x86 arch:x86

a94019cea6bae1c9d0b94c90627933c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4303
ord3350
ord5012
ord975
ord5472
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord4427
ord796
ord554
ord529
ord807
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5234
ord6369
ord5279
ord5248
ord2444
ord2411
ord2023
ord4218
ord2578
ord4398
ord4424
ord6740
ord1133
ord3481
ord1001
ord858
ord535
ord537
ord2302
ord4615
ord4612
ord4610
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord815
ord4160
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1200
ord1205
ord1134
ord348
ord663
ord4047
ord1105
ord6453
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4349
ord4723
ord6334
ord3663
ord3448
ord1664
ord786
ord603
ord1706
ord2461
ord1969
ord273
ord519
ord3174
ord3027
ord1871
ord6571
ord5460
ord2841
ord2801
ord2740
ord4129
ord2764
ord6383
ord5440
ord541
ord801
ord5861
ord941
ord2614
ord882
ord879
ord5450
ord6394
ord2107
ord5260
ord1233
ord3402
ord3721
ord6880
ord795
ord6241
ord567
ord2379
ord6803
ord2652
ord1669
ord1168
ord3303
ord4125
ord6008
ord5572
ord2915
ord3297
ord2862
ord3582
ord3610
ord656
ord686
ord6502
ord384
ord4275
ord6784
ord6199
ord2864
ord2096
ord2408
ord5710
ord536
ord3874
ord6242
ord616
ord802
ord542
ord6567
ord3317
ord5601
ord3181
ord2781
ord2770
ord939
ord940
ord668
ord356
ord2765
ord6143
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6839
ord6846
ord6816
ord6815
ord6845
ord6856
ord6835
ord4588
ord4370
ord4892
ord6817
ord4340
ord4720
ord4889
ord4963
ord4960
ord6054
ord5281
ord1725
ord6614
ord6691
ord4299
ord6710
ord3495
ord4284
ord6877
ord5981
ord2818
ord3089
ord4809
ord816
ord6605
ord5789
ord2860
ord562
ord922
ord924
ord2814
ord833
ord4202
ord2438
ord2863
ord1158
ord4220
ord2584
ord3654
ord6270
ord1644
ord5875
ord2754
ord1946
ord4274
ord561
ord3447
ord3196
ord3953
ord2725
ord1146
ord2884
ord4083
ord1872
ord5823
ord415
ord715
ord5620
ord1081
ord5605
ord2761
ord1803
ord4230
ord5103
ord620
ord6442
ord4454
ord6335
ord3619
ord3626
ord773
ord697
ord702
ord812
ord501
ord395
ord400
ord559
ord2414
ord5621
ord6144
ord5591
ord5596
ord5862
ord915
ord4191
ord2066
ord1641
ord640
ord2450
ord1640
ord323
ord2763
ord3571
ord2452
ord4186
ord5607
ord998
ord2762
ord910
ord5629
ord1175
ord5678
ord5794
ord5736
ord6109
ord291
ord1195
ord3573
ord5787
ord283
ord5785
ord2405
ord6172
ord5873
ord1848
ord4243
ord2582
ord4402
ord3370
ord3640
ord4530
ord4544
ord5685
ord3274
ord3353
ord3579
ord729
ord693
ord430
ord2448
ord3797
ord3302
ord3293
ord2859
ord3092
ord3286
ord3996
ord2813
ord2044
ord3903
ord6905
ord3910
ord2089
ord3301
ord4694
ord5148
ord755
ord2971
ord470
ord6696
ord2919
ord932
ord936
ord5216
ord3521
ord3522
ord6402
ord6403
ord2613
ord2504
ord2558
ord5495
ord2639
ord1176
ord955
ord2580
ord4400
ord3630
ord682
ord3706
ord3693
ord4133
ord4297
ord5788
ord472
ord5786
ord5834
ord713
ord654
ord414
ord341
ord6140
ord6141
ord439
ord736
ord4525
ord1941
ord3398
ord3733
ord810
ord4271
ord3914
ord2149
ord3296
ord3021
ord4506
ord1799
ord3664
ord614
ord290
ord996
ord4226
ord6119
ord794
ord5852
ord2252
ord4467
ord1938
ord4268
ord3295
ord5086
ord5064
ord4366
ord1711
ord6197
ord1716
ord4163
ord5158
ord4598
ord4806
ord6064
ord4873
ord5884
ord2921
ord1842
ord642
ord674
ord327
ord366
ord4242
ord5252
ord4413
ord6067
ord3482
ord4724
ord6209
ord2800
ord2626
ord2627
ord2087
ord2117
ord4457
ord4776
ord6069
ord3403
ord5282
ord2120
ord6612
ord5882
ord5883
ord2453
ord2097
ord6597
ord6478
ord6514
ord6800
ord6699
ord3005
ord6808
ord4347
ord6812
ord6814
ord613
ord289
ord3216
ord4523
ord4042
ord4528
ord4542
ord1945
ord5076
ord560
ord813
ord4273
ord2100
ord4464
ord6329
ord1865
ord4759
ord2455
ord1930
ord4265
ord4365
ord5085

msvcrt

_setmbcp
??1type_info@@UAE@XZ
__CxxFrameHandler
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
wcslen
atoi
memcpy
strlen
memset
_mbsnbicmp
qsort
_mbscmp
_mbsinc
strcpy
_ui64toa
_mbsdec
_makepath
_splitpath
_mbsninc
strncpy
memcmp
_mbsstr
_mbschr
_mbsnbcmp
strcat
_purecall
_ftol
_strdup
free
_mbsnbcpy
toupper
strtod
_mbsrev
_gcvt
_ismbcdigit
_mbsicmp
wcscmp
_CxxThrowException
isalnum
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_controlfp

kernel32

GetStartupInfoA
GetModuleFileNameA
GetCurrentThreadId
InterlockedDecrement
GetVersion
GlobalAlloc
CompareStringA
FindResourceA
LoadResource
GetCurrentProcess
GetProcAddress
LoadLibraryExA
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GlobalFree
lstrlenA
lstrcatA
lstrcpyA
lstrcmpiA
GetLongPathNameA
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextChangeNotification
FindFirstChangeNotificationA
FindCloseChangeNotification
GetDriveTypeA
GetLogicalDriveStringsA
GetLocaleInfoA
MultiByteToWideChar
WideCharToMultiByte
GlobalUnlock
GlobalLock
LoadLibraryA
FreeLibrary
LocalFree
FormatMessageA
GetModuleHandleA
GetLastError

user32

GetClassNameA
RegisterWindowMessageA
WindowFromPoint
SetCursor
SetActiveWindow
GetMenu
FillRect
CallNextHookEx
UnhookWindowsHookEx
TrackPopupMenuEx
SetWindowsHookExA
MessageBeep
CallWindowProcA
GetAsyncKeyState
FrameRect
DrawFocusRect
MapVirtualKeyA
GetKeyNameTextA
CopyAcceleratorTableA
SetMenuItemInfoA
LoadBitmapA
CopyRect
DrawEdge
OffsetRect
DrawStateA
SystemParametersInfoA
GetWindow
InvalidateRect
SetRectEmpty
RedrawWindow
FindWindowA
GetLastActivePopup
IsIconic
IntersectRect
DefWindowProcA
LoadIconA
LoadImageA
LoadCursorA
SetWindowLongA
GetFocus
ReleaseCapture
SetMenuDefaultItem
KillTimer
SetTimer
GetCursorPos
GetDesktopWindow
SetCapture
GetDlgItem
DrawTextA
GetClassInfoExA
RegisterClassExA
UnregisterClassA
InflateRect
InvertRect
CreateMenu
InsertMenuA
AppendMenuA
DeleteMenu
GetMenuItemInfoA
GetSubMenu
GetMenuStringA
CreatePopupMenu
ModifyMenuA
GetMenuItemCount
GetMenuItemID
GetClientRect
EnableMenuItem
CheckMenuRadioItem
CheckMenuItem
GetDC
ReleaseDC
GetWindowLongA
LoadMenuA
GetMessagePos
ScreenToClient
PtInRect
GetKeyState
ClientToScreen
GetParent
GetSystemMetrics
DestroyIcon
GetWindowRect
RegisterClipboardFormatA
PostMessageA
IsWindow
GetSysColor
PeekMessageA
TranslateMessage
DispatchMessageA
SetForegroundWindow
EnableWindow
SendMessageA
GetSystemMenu
UpdateWindow
SetMenu

gdi32

DPtoLP
CreateRectRgnIndirect
GetTextColor
GetBkColor
CreateSolidBrush
CreateCompatibleBitmap
CreateBitmap
PatBlt
Ellipse
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
CreateFontIndirectA
DeleteObject
Rectangle
GetTextExtentPoint32A

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA

shell32

DragQueryPoint
SHFileOperationA
ShellExecuteExA
ExtractIconExA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoA
DragQueryFileA
SHGetMalloc

comctl32

ImageList_DragEnter
ImageList_GetIconSize
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_Draw
ImageList_BeginDrag
ImageList_Remove
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_GetIcon

ole32

ReleaseStgMedium
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a94019cea6bae1c9d0b94c90627933c5

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

version

Sections

.text Size: 280KB - Virtual size: 279KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 44KB - Virtual size: 43KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 280KB - Virtual size: 279KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 32KB - Virtual size: 28KB