0f2f0dbddf3e2535486b20fef154b77d561b728cc59b98c9c4ffb758192a09e3

Sharing

Copy URL Twitter E-mail

General

Target

0f2f0dbddf3e2535486b20fef154b77d561b728cc59b98c9c4ffb758192a09e3
Size

1.7MB
MD5

b6d1a027150c636ecac81583918762c9
SHA1

9966ca400b01bb2844a1b0e2789529443222c165
SHA256

0f2f0dbddf3e2535486b20fef154b77d561b728cc59b98c9c4ffb758192a09e3
SHA512

63441390220b2bfc4ba5a6f95354e957ef2aa096523eda09c1665ecc6f54d73da3658300f3958d5b6ac3057dd4e4f6cec96edea13f6281bc357c90ed988f0238
SSDEEP

12288:5fBAAnHHnWZPgyBHOH81E6dr/efoKoQX55F/NxRE3wcuRY+8LuE90i0Igw08Uvw1:IAnHHnWlx99d7FKoaFzg3avwqI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f2f0dbddf3e2535486b20fef154b77d561b728cc59b98c9c4ffb758192a09e3

Files

0f2f0dbddf3e2535486b20fef154b77d561b728cc59b98c9c4ffb758192a09e3
.exe windows x64

c5073192170d76d9c06c52821d608862

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

tapi32

lineGetTranslateCapsW
lineGetCountryW

shlwapi

StrCpyW
StrCmpW
StrCmpIW
StrChrW
StrCmpNIW
StrCSpnW
StrPBrkW
StrRChrW
StrStrIW
StrTrimA
StrTrimW
PathMakeSystemFolderW
StrCpyNW
StrCatW

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
InitializeCriticalSectionEx
VerSetConditionMask
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetLongPathNameW
WriteFile
CloseHandle
GetLastError
WaitForSingleObject
Sleep
GetCurrentProcess
CreateProcessW
SetPriorityClass
GetLocalTime
GetTickCount
GetVersionExW
GetProductInfo
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
GlobalAlloc
GlobalFree
GlobalMemoryStatus
LocalAlloc
LocalFree
FormatMessageW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
CopyFileW
VerifyVersionInfoW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
GetLocaleInfoW
GetGeoInfoW
GetUserGeoID
GetUserDefaultUILanguage
GetUserDefaultLangID
EnumUILanguagesW
SetConsoleCtrlHandler
LoadLibraryW
LoadLibraryExW
TlsAlloc
HeapReAlloc
GetStringTypeW
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetEndOfFile
ReadFile
ReadConsoleW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
TerminateProcess
GetProcAddress
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
GetModuleFileNameA
GetStartupInfoW
GetFileType
FatalAppExitA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenA
WideCharToMultiByte
lstrlenW
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
GetCurrentThread
GetCurrentThreadId
GetStdHandle
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap

user32

GetSystemMetrics
wsprintfW

advapi32

OpenProcessToken
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegLoadKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW
SHChangeNotify
SHGetFolderPathW
SHSetLocalizedName

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
StringFromCLSID
CLSIDFromProgID
CoCreateGuid
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString
SetErrorInfo
GetErrorInfo
CreateErrorInfo

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c5073192170d76d9c06c52821d608862

Headers

DLL Characteristics

File Characteristics

Imports

tapi32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 275KB - Virtual size: 274KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 7KB - Virtual size: 27KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 275KB - Virtual size: 274KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 7KB - Virtual size: 27KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB