be4913ccee7fdab2d731028a8f18f059d09d52983245010038d1a503c10cb83e

Sharing

Copy URL Twitter E-mail

General

Target

be4913ccee7fdab2d731028a8f18f059d09d52983245010038d1a503c10cb83e
Size

148KB
MD5

707db4d4b677f3ebcd25f47419b8ca0a
SHA1

81a2167463bb6646573c3ad228c501042bec37e1
SHA256

be4913ccee7fdab2d731028a8f18f059d09d52983245010038d1a503c10cb83e
SHA512

166e2280ac526184396128fb6ac04d9580906c52cbb195a82a8ff669574bfa889586197d20870572ccbb9b7aa563c25dceb38d2f9d157d84c3a393a9c6ceaa79
SSDEEP

1536:Bv5vrKdvlyatsOC+XXQeiArB9wGHPOY6ihl5s744lXl5Y35m:BRvWqKliMEr+bw3Xl5Y3Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be4913ccee7fdab2d731028a8f18f059d09d52983245010038d1a503c10cb83e

Files

be4913ccee7fdab2d731028a8f18f059d09d52983245010038d1a503c10cb83e
.dll windows x86

a0d01e71f240618f72e04b3154723f8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ollydbg.exe

_Addtolist
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginwriteinttoini
_Pluginwritestringtoini
_Readmemory
_Setbreakpoint
_Getcputhreadid
_Findthread
_Setcpu
_Writememory
_Flash
_Listmemory
_Message
_Error

kernel32

IsBadCodePtr
IsBadReadPtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
VirtualFreeEx
WaitForDebugEvent
GetModuleFileNameA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GetPrivateProfileStringA
GetModuleHandleA
GetLastError
GetProcAddress
VirtualAllocEx
GetVersion
GlobalUnlock
lstrcpyA
GlobalLock
GlobalAlloc
lstrlenA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
lstrcpynA
WriteProcessMemory
SetCurrentDirectoryA
GetCurrentDirectoryA
VirtualProtectEx
ReadProcessMemory
Sleep
SetThreadPriority
GetThreadPriority
GetCurrentThread
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetEnvironmentVariableA
SetEnvironmentVariableA
MultiByteToWideChar
CloseHandle
GetFileInformationByHandle
CreateFileA
QueryDosDeviceA
GetLogicalDrives
SearchPathA
LoadLibraryA
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
SetUnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
RtlUnwind
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapSize
HeapReAlloc
HeapDestroy
GetFileType

user32

IsDlgButtonChecked
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
GetWindowLongA
CheckDlgButton
EndDialog
MessageBoxA
DialogBoxParamA
IsDialogMessageA
SetWindowLongA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowTextLengthA
GetWindowTextA
GetDlgItem
SendDlgItemMessageA
SendMessageA
UnregisterClassA
SetWindowPos

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

ShellExecuteA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0d01e71f240618f72e04b3154723f8d

Headers

File Characteristics

Imports

ollydbg.exe

kernel32

user32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 7KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 7KB

.rmnet
Size: 60KB - Virtual size: 60KB