0cfa17b00c752e754f5d3654db622308c4c968fd305e56f336be314805564758

Sharing

Copy URL

Twitter E-mail

General

Target

0cfa17b00c752e754f5d3654db622308c4c968fd305e56f336be314805564758
Size

4.1MB
MD5

f0eee352d6a9bcb8b8ee51fbece8e032
SHA1

614a99dd5f5c6c237c5ae5db34f55b0512c853eb
SHA256

0cfa17b00c752e754f5d3654db622308c4c968fd305e56f336be314805564758
SHA512

933776723c0c55a6fb943f1401e67322bcc0ff0006a71f95885cee4aa39a7436d57500537249831c09887ac06ef420ec21ff39d0e08fc8cc85466044a1e7aeea
SSDEEP

49152:HgLNaeH4L8ceEN4u/JwgsmrDhOvGGYcv3vwT6jSPoTNf+TtKAg9pJcHZ:AZLH4/4cJnaDv3+ASAGcAgDK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cfa17b00c752e754f5d3654db622308c4c968fd305e56f336be314805564758

Files

0cfa17b00c752e754f5d3654db622308c4c968fd305e56f336be314805564758
.exe windows x86

72bc10505e322688f50a2311faec2c34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
MulDiv
GetLocalTime
FreeResource
GetACP
ExitProcess
GetFileType
SetFilePointer
DosDateTimeToFileTime
GetCommandLineW
GetDiskFreeSpaceExW
SetEnvironmentVariableA
GetLocaleInfoW
LoadLibraryA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetModuleFileNameA
GetStringTypeA
EnumSystemLocalesA
HeapSize
InterlockedIncrement
WaitForSingleObjectEx
HeapCreate
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetStartupInfoW
HeapReAlloc
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileA
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
DuplicateHandle
TerminateThread
SetEvent
CreateEventW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
IsValidCodePage
GetLocaleInfoA
IsValidLocale
GetUserDefaultLCID
TerminateProcess
OpenProcess
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
CreateMutexA
LocalAlloc
MultiByteToWideChar
GetVersionExW
FindResourceExW
LoadLibraryExW
EnumResourceLanguagesW
GetSystemDefaultLangID
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
InitializeCriticalSection
SizeofResource
LoadResource
LockResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
MoveFileW
DeleteFileW
MoveFileExW
VirtualFree
VirtualAlloc
GetFileSize
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
SetFileTime
ReadFile
WriteFile
GetModuleHandleW
CreateFileW
GetTempPathW
LocalFree
GetModuleFileNameW
GetCurrentThreadId
GetCurrentDirectoryW
CloseHandle
GetLastError
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
FindNextFileW
FindClose
FindFirstFileW
LeaveCriticalSection
Sleep
TryEnterCriticalSection
GetTickCount
EnterCriticalSection
DeleteCriticalSection
GetOEMCP

user32

RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
UpdateLayeredWindow
DrawTextW
DestroyWindow
GetDC
ReleaseDC
SetCapture
ReleaseCapture
FillRect
InvalidateRect
InvalidateRgn
CharPrevW
GetWindowRgn
OffsetRect
InflateRect
IsZoomed
IsRectEmpty
SetRect
KillTimer
MessageBoxW
GetClientRect
CreateAcceleratorTableW
BeginPaint
SetTimer
ShowWindow
MoveWindow
IntersectRect
PtInRect
SetCursor
LoadCursorW
CharNextW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetParent
SendMessageW
GetCursorPos
ScreenToClient
SetFocus
FindWindowW
IsWindow
GetWindowRect
SetWindowTextW
EnableWindow
GetWindowLongW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
GetFocus
SetForegroundWindow
IsIconic
SetWindowRgn
PostMessageW
CreateCaret
GetSystemMetrics
LoadImageW
PostQuitMessage
DispatchMessageW
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
GetCaretBlinkTime
GetUpdateRect
EndPaint
UnionRect
BringWindowToTop
DefWindowProcW
TranslateMessage
GetMessageW
GetWindow
CreateWindowExW
GetCaretPos
GetKeyState
GetSysColor

gdi32

DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
CreateRoundRectRgn
CreateSolidBrush
SetTextColor
SetBkMode
DeleteObject
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SaveDC
RestoreDC
CreateCompatibleBitmap
BitBlt
GetTextMetricsW
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
CombineRgn
StretchBlt
SetStretchBltMode
CreatePenIndirect
MoveToEx
LineTo
Rectangle
RoundRect
GetObjectA
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
CreateRectRgn
PtInRegion
ExtSelectClipRgn
SelectObject

advapi32

ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
GetLengthSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
IsValidSid
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHBrowseForFolderW

ole32

CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

gdiplus

GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72bc10505e322688f50a2311faec2c34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

imm32

comctl32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 11KB - Virtual size: 28KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 247KB - Virtual size: 246KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 11KB - Virtual size: 28KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 247KB - Virtual size: 246KB