c0a09f88e7db944f037865ddec937ceeb390b923678504a3666ca7b8e370aa8a

Sharing

Copy URL Twitter E-mail

General

Target

c0a09f88e7db944f037865ddec937ceeb390b923678504a3666ca7b8e370aa8a
Size

119KB
MD5

cdc224e3dd20da96ae0cd1ee83471dbf
SHA1

54a3957663740dbd56c6485eec2887c626997c84
SHA256

c0a09f88e7db944f037865ddec937ceeb390b923678504a3666ca7b8e370aa8a
SHA512

3a63c23f58142440ae6b2c494e21a6873dd7b6c490d53bf38132e262f9d2d2d937a35fabafb2573c7a04d09f608d18dee1e3aa0869e35ec2e233d6e2967a7106
SSDEEP

1536:5FN3uAsMDW11TlGdN6dzAAzklC0TjElXhzPZbiH4cr3sWjcd89/:TNeAsj1TWANkEKjEbZbiH9489/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0a09f88e7db944f037865ddec937ceeb390b923678504a3666ca7b8e370aa8a

Files

c0a09f88e7db944f037865ddec937ceeb390b923678504a3666ca7b8e370aa8a
.exe windows x86

dc1582b8cdda16ee32a6cd988c277631

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
LocalFree
GetCurrentProcess
GetFileType
GetCommandLineW
SetEvent
CreateEventW
CreateThread
OpenMutexW
TerminateProcess
DecodePointer
WriteConsoleW
SetStdHandle
ProcessIdToSessionId
Process32FirstW
HeapSize
GetLastError
RaiseException
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
OpenProcess
WriteFile
GetProcessHeap
OutputDebugStringW
WaitForSingleObject
HeapFree
HeapAlloc
LCMapStringW
GetStringTypeW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
HeapReAlloc
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetProcAddress
GetModuleHandleExW
ExitProcess
RtlUnwind
IsProcessorFeaturePresent
EncodePointer
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
FlushFileBuffers

advapi32

AdjustTokenPrivileges
OpenProcessToken
SetTokenInformation
LookupPrivilegeValueW
ConvertSidToStringSidW
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
DeleteService
ControlService
QueryServiceStatus
OpenServiceW
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
DuplicateTokenEx
LookupAccountSidW
CreateProcessAsUserW
GetTokenInformation

shell32

CommandLineToArgvW

shlwapi

PathFileExistsW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc1582b8cdda16ee32a6cd988c277631

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

wtsapi32

userenv

secur32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB