ovEUp~[.]v | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ovEUp~.v
Size

1.5MB
MD5

2b8791c6b0d4b3a2e1c9e42482b58152
SHA1

b6e71df2aebb8881ff129eeca0f5bf847ab5fc23
SHA256

6f3e6dedf2c60d78ca115fef7df4a2835e019203fa3af8abb9aa4d1a26f8dbd8
SHA512

382c4e2632af61f37d266f084f2ab906c5580a86ca36ed852e418c1547c1d2fb575b3cdc84648b1ac7a3472e3a8901ea01ef48e5bb023e902b7b1c26b4c31580
SSDEEP

24576:dJGsxbCaXprhO4FhMa4t2jImvW/zMGOc2Gj+4vG2up0NChl1HdZE/RvZLlQR:XGsxblO4I4tvkvjbvCp0i1HdZE/vxQR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ovEUp~.v

Files

ovEUp~.v
.dll windows x86

363918880c96c0d90496640e871e3b5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcscspn
memset

clusapi

ClusterRegDeleteValue

comdlg32

FindTextA

shlwapi

AssocIsDangerous
StrRStrIW
PathIsRootA

opengl32

glTranslatef

user32

GetMessagePos
MonitorFromRect
VkKeyScanA
ActivateKeyboardLayout
VkKeyScanW
AdjustWindowRect
GetGUIThreadInfo
GetWindowRect
GetDlgItem
SetClipboardData

oleaut32

VarUI1FromStr

shell32

ShellExecuteA

crypt32

CryptRegisterOIDFunction

gdi32

SelectClipPath
DescribePixelFormat
GetMapMode
DeleteMetaFile
GetPolyFillMode
OffsetClipRgn

advapi32

GetSecurityDescriptorGroup
GetSecurityDescriptorControl
ClearEventLogW
TreeResetNamedSecurityInfoW

rpcrt4

IUnknown_AddRef_Proxy
NdrSimpleStructBufferSize
RpcSsGetContextBinding

ole32

CoRevertToSelf
StgOpenStorageEx
GetHGlobalFromILockBytes
OleMetafilePictFromIconAndLabel
CoSetProxyBlanket
OleDoAutoConvert

kernel32

GetBinaryTypeW
GetModuleFileNameW
GetModuleHandleA
GetModuleFileNameA
GetPrivateProfileSectionNamesW
GlobalLock
SetConsoleCursorInfo
LockFile
lstrcpyA
GetUserDefaultLCID
TryEnterCriticalSection
GetFileSize
ConnectNamedPipe

wintrust

WintrustLoadFunctionPointers
CryptCATAdminAcquireContext

Exports

Exports

TponfKheem

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 676KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yid
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FZrm5
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

363918880c96c0d90496640e871e3b5f

Headers

File Characteristics

Imports

msvcrt

clusapi

comdlg32

shlwapi

opengl32

user32

oleaut32

shell32

crypt32

gdi32

advapi32

rpcrt4

ole32

kernel32

wintrust

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 116KB - Virtual size: 116KB

CODE Size: 676KB - Virtual size: 672KB

.crt1 Size: 284KB - Virtual size: 280KB

yid Size: 92KB - Virtual size: 88KB

FZrm5 Size: 196KB - Virtual size: 192KB

.erloc Size: 52KB - Virtual size: 49KB

.CRT Size: 28KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 32KB - Virtual size: 29KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 116KB - Virtual size: 116KB

CODE
Size: 676KB - Virtual size: 672KB

.crt1
Size: 284KB - Virtual size: 280KB

yid
Size: 92KB - Virtual size: 88KB

FZrm5
Size: 196KB - Virtual size: 192KB

.erloc
Size: 52KB - Virtual size: 49KB

.CRT
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 32KB - Virtual size: 29KB