!MRCq1U0=~[v53J04yL[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

!MRCq1U0=~[v53J04yL.exe
Size

357KB
MD5

5c0cc5242e7f226bf1a592d9e2863ea8
SHA1

f9cb8d083e2080e8405d9757fce2e2ff218b8651
SHA256

1595c5bd59c54a35700e87af046cb4a7b954bf65c8278df3fa8b215e0a56f41a
SHA512

00f22dc5d4179faf3ec2b5fec11c53356f03f46e2c3e193505cdcc48e3fcc3c8050cdd22364d9360bd61a711e14f6942aa52012ee57b5dfd4e522d1690a12418
SSDEEP

6144:cphDbmPSf/Mx9JF/Q8Qnpb4E6WmcYiiD0qYvAtagh7IkwtZcPgzm:ChDbQBT7wpEENmcYia0jYF9IZrcPgzm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
!MRCq1U0=~[v53J04yL.exe

Files

!MRCq1U0=~[v53J04yL.exe
.exe windows:6 windows x86 arch:x86

d2b1b95524d87432d01f4ed5f26d7473

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Sourcode\VisualStudio\mrc-project\Release\mrc-injector.pdb

Imports

kernel32

OpenEventA
Process32First
WriteProcessMemory
FindFirstFileA
SetLastError
GetCurrentProcess
TerminateProcess
SetFileTime
FindNextFileA
GetFullPathNameA
lstrlenA
FindClose
WaitForSingleObject
lstrcmpA
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetTempPathA
K32GetModuleFileNameExA
GetLastError
GetFileAttributesA
CreateFileA
SetEvent
DeleteFileA
Process32Next
CloseHandle
GetModuleFileNameA
CreateThread
SetFileAttributesA
VirtualProtectEx
VirtualAllocEx
RemoveDirectoryA
ExitProcess
ReadProcessMemory
SystemTimeToFileTime
CreateRemoteThread
CreateDirectoryA
GetSystemTime
VirtualFreeEx
CreateEventA
GetExitCodeProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
LoadLibraryA
GetModuleHandleA
FreeConsole
GetVersionExA
DeviceIoControl
SetPriorityClass
GetVolumeInformationA

user32

RegisterClassExA
CreateWindowExA
MessageBoxA
LoadIconA
RegisterWindowMessageA
DefWindowProcA
GetWindowThreadProcessId
LoadCursorA
FindWindowA
DestroyIcon

advapi32

RegCloseKey
GetCurrentHwProfileA
RegQueryValueExA
RegOpenKeyExA

shell32

Shell_NotifyIconA
ShellExecuteExA

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??0_Lockit@std@@QAE@H@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetOpenUrlA
HttpOpenRequestA
InternetQueryOptionA
InternetQueryDataAvailable

vcruntime140

strrchr
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
memset
__std_exception_destroy
__CxxFrameHandler3
memmove
memcpy
__std_exception_copy
__std_terminate
memchr

api-ms-win-crt-stdio-l1-1-0

fread
_get_stream_buffer_pointers
__p__commode
__stdio_common_vsprintf_s
__acrt_iob_func
_fseeki64
fflush
fgetc
fsetpos
fputc
ungetc
__stdio_common_vfprintf
fclose
fopen
setvbuf
fgetpos
__stdio_common_vsprintf
_set_fmode
fwrite

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-string-l1-1-0

isalnum
isalpha
isspace
isprint
strncpy
toupper
tolower

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoull

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
system
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_c_exit
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_errno
__p___argc
__p___argv

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
rename
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass

Exports

Exports

getPBSN
getPBUID

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2b1b95524d87432d01f4ed5f26d7473

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp140

iphlpapi

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 179KB - Virtual size: 178KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 179KB - Virtual size: 178KB

.reloc
Size: 7KB - Virtual size: 6KB