b0deb20090405750a1bdc6089312a3e9571341b9fe718aab9ec503d156d4b2e7

Sharing

Copy URL

Twitter E-mail

General

Target

b0deb20090405750a1bdc6089312a3e9571341b9fe718aab9ec503d156d4b2e7
Size

4.8MB
MD5

acea8538d027d691e309d11c2a50b3d2
SHA1

ed808e9900878681e54eb96ad2ddc6c610cbd8c5
SHA256

b0deb20090405750a1bdc6089312a3e9571341b9fe718aab9ec503d156d4b2e7
SHA512

c29b3d2c4b1d183d001968a10a8fef3f75a3b3d4faa5f659103fbfada599d750a60cc4d229295b2b8d9d1fbaf2f348e53e6a1f7e6d6884ee243934d99106cd72
SSDEEP

49152:CvDCTEKsttM6XWaISolehz3od9S0O8e+7iRQTFS0O8eO7iRQT3:cHtr89S0O8ewiRsS0O8egiR2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0deb20090405750a1bdc6089312a3e9571341b9fe718aab9ec503d156d4b2e7

Files

b0deb20090405750a1bdc6089312a3e9571341b9fe718aab9ec503d156d4b2e7
.exe windows:4 windows x86

cf90ac244a27f26de3f38a4a50768e75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WriteFile
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
lstrcatA
GetModuleFileNameA
GetTempPathA
GetVersion
GetLastError
Module32Next
GetWindowsDirectoryA
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetShortPathNameA
SetFileAttributesA
DeviceIoControl
GetStringTypeW
GetStringTypeA
LCMapStringW
GetProcAddress
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
CreateFileW
WaitForSingleObject
ReleaseSemaphore
GetCurrentProcessId
OpenProcess
TerminateProcess
CloseHandle
lstrcpyA
LCMapStringA
SetStdHandle
GetOEMCP
IsBadReadPtr
GetSystemInfo
VirtualAlloc
VirtualFree
GetModuleHandleA
lstrcmpiA
lstrcmpA
CreateSemaphoreA
GetCurrentProcess
VirtualProtect
WriteProcessMemory
FlushFileBuffers
GetACP
LoadLibraryA
lstrlenA
RtlUnwind
GetCommandLineA
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
SetFilePointer
GetCPInfo

user32

wsprintfA
MessageBoxA
CharUpperBuffA

advapi32

RegQueryValueExA
ControlService
DeleteService
CreateServiceA
StartServiceA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegSetValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

hid

HidD_GetAttributes
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetFeature
HidD_SetFeature
HidD_GetHidGuid
HidD_GetPreparsedData

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf90ac244a27f26de3f38a4a50768e75

Headers

File Characteristics

Imports

kernel32

user32

advapi32

setupapi

hid

Sections

.text Size: 320KB - Virtual size: 320KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

.text
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB