0bf71ffc8fe362c3a9000344a06b2de1fba52e71ea775a47f3d67e8686a13d39

Sharing

Copy URL Twitter E-mail

General

Target

0bf71ffc8fe362c3a9000344a06b2de1fba52e71ea775a47f3d67e8686a13d39
Size

300KB
MD5

35ece00d629a3e0608303524fa6a1636
SHA1

a3f39e23d50097b315b2d981d7ddfc84310810fb
SHA256

0bf71ffc8fe362c3a9000344a06b2de1fba52e71ea775a47f3d67e8686a13d39
SHA512

3ec0d1ae05e425585fd28115c5b086197ef0efbce41628b6ecf64291f0c6dc098f3e225d3eacd3ba2a7c3aff3b183dcef24c5fd5dc1798ce1d0a28f35cb09096
SSDEEP

3072:VYglJRVqBh6wpVwGs5m5tEA346FO5F3zyY7IZGptOq5LSx/tcDa6YeP7azE0S7Wq:NdqBhbWCuFpyq5SXya6azTP8NMhPbFY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bf71ffc8fe362c3a9000344a06b2de1fba52e71ea775a47f3d67e8686a13d39

Files

0bf71ffc8fe362c3a9000344a06b2de1fba52e71ea775a47f3d67e8686a13d39
.dll windows x86

98bd347be99c6ea9d34c4596ddd7ed77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle

ws2_32

WSACleanup
inet_addr
WSAStartup

kernel32

FindResourceExW
GetLastError
MultiByteToWideChar
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
CloseHandle
CreateMutexW
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
SetLastError
GetThreadLocale
GlobalHandle
lstrlenA
LoadLibraryW
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
LCMapStringW
WideCharToMultiByte
LCMapStringA
FindResourceW
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
HeapCreate
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
RaiseException
lstrlenW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
TlsFree
GetConsoleCP
GetConsoleMode

user32

SetDlgItemTextW
EndDialog
SetWindowContextHelpId
EnableMenuItem
SendDlgItemMessageW
EnableWindow
LoadBitmapW
UnregisterClassA
GetSystemMenu
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DestroyAcceleratorTable
IsWindow
SetFocus
GetFocus
GetWindow
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
DefWindowProcW
LoadImageW
SetWindowTextW
SendMessageW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
CharNextW
GetWindowLongW
SetWindowLongW
MapDialogRect

gdi32

CreateBrushIndirect
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetDeviceCaps
CreateSolidBrush

advapi32

RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
SysAllocStringLen

shlwapi

SHGetValueW

Exports

Exports

AbortWarn
ActivateSetup
CheckBaiduIntranet
CheckRun
CleanUpPendingOperation
GetOriginalTn
GetTn
GetTnInfo
IsOldVersion
Report
SelectFordDialog
SetControlImage
SetLicense

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

98bd347be99c6ea9d34c4596ddd7ed77

Headers

File Characteristics

Imports

version

iphlpapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 16KB - Virtual size: 12KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 108KB - Virtual size: 108KB