c0a127238c34c901fda7402843b42dd198cef1a31d2146285b604fd8305c87b4

Sharing

Copy URL Twitter E-mail

General

Target

c0a127238c34c901fda7402843b42dd198cef1a31d2146285b604fd8305c87b4
Size

1.1MB
MD5

3a5704e826bab981775be71a1708ac6d
SHA1

06dfd29de90a91b2bbd2c213872c51a89121cca6
SHA256

c0a127238c34c901fda7402843b42dd198cef1a31d2146285b604fd8305c87b4
SHA512

94ba547eb3dbd03639d77f6840fb6536738b39fd17a851ec8634ef1f684d2f9fae4563f265e33da6773c8e9eee8d5c41071dc2df59d13b8af8113057bca30465
SSDEEP

24576:xCBE/gFG9+rBUVn3qni5bAhBGuaJtAVCMI4DV:/gFe+W56i9AebPAVCMI4x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0a127238c34c901fda7402843b42dd198cef1a31d2146285b604fd8305c87b4

Files

c0a127238c34c901fda7402843b42dd198cef1a31d2146285b604fd8305c87b4
.exe windows x86

1a9c3427ac92ce639fc0804b9e58c12c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryW

kernel32

DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
LocalAlloc
GlobalAlloc
LocalFree
WriteFile
GetModuleFileNameW
GetTempPathW
CreateFileW
CloseHandle
GetWindowsDirectoryW
GetStdHandle
SetFilePointer
SetEndOfFile
OutputDebugStringW
HeapDestroy
WriteConsoleW
GetCurrentProcess
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
ReadFile
SetFileTime
FreeLibrary
LoadLibraryW
GetFileSize
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
GetLastError
MultiByteToWideChar
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetConsoleCP
SizeofResource
SetStdHandle
FlushFileBuffers
DeleteFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
LoadLibraryExW
RtlUnwind
GetFileAttributesExW
ExitProcess
GetModuleHandleExW
GetACP
SetFilePointerEx
GetFileType
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA

advapi32

GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
SetEntriesInAclW
ConvertStringSidToSidW
InitializeAcl
RegOpenKeyExW
SetSecurityInfo
ConvertSidToStringSidW
LookupAccountSidW
LookupAccountNameW
GetSecurityInfo

shell32

SHCreateDirectoryExW
SHGetFolderPathW

oleaut32

SysAllocString

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a9c3427ac92ce639fc0804b9e58c12c

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

oleaut32

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 4KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 520B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 725KB - Virtual size: 724KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 4KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 520B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 725KB - Virtual size: 724KB

.reloc
Size: 10KB - Virtual size: 10KB