0b637f66c5163b3a52a3e3cc1fe7fde13d31de2c3be218c0d0cc965734455cc0

Sharing

Copy URL Twitter E-mail

General

Target

0b637f66c5163b3a52a3e3cc1fe7fde13d31de2c3be218c0d0cc965734455cc0
Size

10.9MB
MD5

f8c0dfcb9679dcd6d779156a16d482dd
SHA1

e4bf3d973fdb626b9a82030d182bc38936e75897
SHA256

0b637f66c5163b3a52a3e3cc1fe7fde13d31de2c3be218c0d0cc965734455cc0
SHA512

f4123e175c934fee5a53b9be5a25b1a71b7b69797825ef075c1c478db9dc6c358d1bc600f7b01f40f1b2d2b632557b4e99ebf7c8a6b92ffdfc84077921d5e5e0
SSDEEP

98304:/Y6pBGIoXiQiTHYaocqDmgs/hc85r+FCJsv6tWKFdu9CFwf8bNb5Z:whdyQiHYa1DrUCJsv6tWKFdu9CFCI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b637f66c5163b3a52a3e3cc1fe7fde13d31de2c3be218c0d0cc965734455cc0

Files

0b637f66c5163b3a52a3e3cc1fe7fde13d31de2c3be218c0d0cc965734455cc0
.exe windows x86

e1b6782f771675efa6a6083a3a4afada

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses
GetNetworkParams

advapi32

CryptSignHashA
GetTokenInformation
FreeSid
GetLengthSid
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
CopySid
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegFlushKey
RegSetValueExW
SystemFunction036
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptDestroyKey
CryptEnumProvidersA
OpenProcessToken
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam

crypt32

CertCloseStore
CertCreateCertificateContext
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

kernel32

TlsFree
WaitForSingleObjectEx
ResetEvent
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleFileNameW
GetStartupInfoW
GetFileAttributesExW
GetLongPathNameW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
GetFileType
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
MoveFileExW
FreeLibrary
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
OpenProcess
TlsSetValue
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleCP
PeekNamedPipe
VirtualQuery
FlushConsoleInputBuffer
GlobalMemoryStatus
FindNextFileA
FindFirstFileA
GetModuleHandleA
SystemTimeToFileTime
CreateFileA
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetCPInfo
DecodePointer
SetEnvironmentVariableW
SetConsoleCtrlHandler
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapValidate
HeapAlloc
GetDriveTypeW
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
PeekConsoleInputA
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetStdHandle
ExitProcess
GetCommandLineA
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwind
IsDebuggerPresent
TlsGetValue
TlsAlloc
GetSystemInfo
DuplicateHandle
Sleep
WaitForSingleObject
SetEvent
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
CreateThread
SwitchToThread
RaiseException
GetCurrentProcess
GetLocalTime
GetSystemTime
GetConsoleWindow
OutputDebugStringW
GetUserDefaultLCID
CompareStringW
FormatMessageW
GetNativeSystemInfo
GetCommandLineW
GetCurrentProcessId
LocalFree
SetHandleInformation
CreateEventW
WaitForMultipleObjects
GetLastError
GlobalFree
GetModuleHandleW
LoadLibraryW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexW
ReleaseMutex
VirtualFree
VirtualAlloc
GetProcAddress
CreateFileW
CloseHandle
DeviceIoControl
AttachConsole
LoadLibraryA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoCreateGuid
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemFree
CoSetProxyBlanket

ws2_32

WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
listen
htons
getsockname
getpeername
closesocket
bind
__WSAFDIsSet
WSAGetLastError
gethostbyname
gethostbyaddr
ntohl
inet_addr
getsockopt
htonl
WSASocketW
gethostname
WSACleanup
WSAAsyncSelect
WSASetLastError
recv
send
shutdown
WSAStartup

oleaut32

GetErrorInfo
CreateErrorInfo
SysAllocString
SysFreeString
VariantClear
VariantInit
VariantChangeType
SetErrorInfo

gdi32

GetObjectA
GetDIBits
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap

user32

KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
GetWindowLongW
RegisterClassW
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
SetWindowLongW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
GetProcessWindowStation
GetUserObjectInformationW
ReleaseDC
GetDC
UnregisterClassW
MessageBoxA

wintrust

WinVerifyTrust

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1024B - Virtual size: 881B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1b6782f771675efa6a6083a3a4afada

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

advapi32

crypt32

kernel32

shell32

ole32

ws2_32

oleaut32

gdi32

user32

wintrust

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 70KB - Virtual size: 121KB

.idata Size: 10KB - Virtual size: 9KB

.qtmetad Size: 1024B - Virtual size: 881B

.tls Size: 1024B - Virtual size: 782B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 223KB - Virtual size: 222KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 70KB - Virtual size: 121KB

.idata
Size: 10KB - Virtual size: 9KB

.qtmetad
Size: 1024B - Virtual size: 881B

.tls
Size: 1024B - Virtual size: 782B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 223KB - Virtual size: 222KB