0d370fa9c7fa681d846c52a9c98349847a7ebde9c34929aef9f1da197541a6e7

Sharing

Copy URL Twitter E-mail

General

Target

0d370fa9c7fa681d846c52a9c98349847a7ebde9c34929aef9f1da197541a6e7
Size

11.4MB
MD5

5e7fdfdf752db00dd238aa512f6fbbbc
SHA1

8800e61c26e47a070027bb9efc6d6b30e8a90a6c
SHA256

0d370fa9c7fa681d846c52a9c98349847a7ebde9c34929aef9f1da197541a6e7
SHA512

6d6da8648c604f3b0bfd45e2ed31c8f2d99a63c968efb5db1f941950126ff3807575aa6aa3e8b9ede4fd425f48082afad3cbc4356df3991fc11bc708a6761b05
SSDEEP

49152:TqFc/XVGMNBN/gc328yEOrZPHifoqgu/+zUHgP4+sCP7TBPYYpfjLKMs7LV:m+f8M/FTG8G1HwxLgPReIfjOlLV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d370fa9c7fa681d846c52a9c98349847a7ebde9c34929aef9f1da197541a6e7

Files

0d370fa9c7fa681d846c52a9c98349847a7ebde9c34929aef9f1da197541a6e7
.exe windows:5 windows x86

42dc994846163b454cea1240722be357

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
SizeofResource
FindResourceW
SetCurrentDirectoryW
MultiByteToWideChar
RaiseException
GetLastError
GetPrivateProfileStringA
FindFirstFileW
LocalFree
LocalAlloc
Process32NextW
SetFilePointer
CloseHandle
ReadFile
GetComputerNameW
GetCurrentDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
GetLocalTime
GetPrivateProfileStringW
GetTempPathW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FreeLibrary
LoadLibraryW
GetSystemInfo
GetProcAddress
Sleep
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
lstrlenW
ExitProcess
FreeResource
InterlockedIncrement
GetFileSize
CreateFileW
lstrcpyW
FormatMessageW
VerSetConditionMask
GetCurrentProcess
GetFileType
SetFileTime
DuplicateHandle
SystemTimeToFileTime
GlobalAlloc
SleepEx
WaitForSingleObject
GetStdHandle
PeekNamedPipe
SetLastError
FormatMessageA
GetModuleHandleA
QueryPerformanceCounter
GetSystemTime
IsDebuggerPresent
SetEvent
WaitForSingleObjectEx
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InitializeSListHead
RtlUnwind
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetDriveTypeW
FileTimeToSystemTime
SetFilePointerEx
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
GetFullPathNameW
SetStdHandle
SetEndOfFile
HeapSize
FindFirstFileExW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
VirtualAlloc
VirtualProtect
GetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
FindResourceExW
EnumResourceNamesA
EnumResourceLanguagesW
EnumResourceTypesA
CreateFileW
LoadLibraryW
FlushFileBuffers
CreateFileA
WriteConsoleW
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
SetHandleCount
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
HeapCreate
HeapDestroy
HeapReAlloc
GetStringTypeA
GetStringTypeW
HeapSize
SetFilePointer
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
GetModuleFileNameW
GetProcessAffinityMask
Sleep
FreeLibrary
GetModuleHandleA

user32

CharNextW
SetCapture
ReleaseDC
EndPaint
GetUpdateRect
GetClientRect
GetCaretBlinkTime
SetCaretPos
ScreenToClient
IntersectRect
IsRectEmpty
PtInRect
SetWindowLongW
GetWindow
SetWindowRgn
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
RegisterClassExW
GetClassInfoExW
GetMenu
SetPropW
AdjustWindowRectEx
LoadIconW
SetForegroundWindow
CreateAcceleratorTableW
FillRect
GetGUIThreadInfo
UpdateLayeredWindow
DrawTextW
EnableMenuItem
AppendMenuW
ShowCaret
IsWindowEnabled
GetKeyNameTextW
MapVirtualKeyExW
GetUserObjectInformationW
TranslateMessage
OffsetRect
UnionRect
InflateRect
FindWindowW
MoveWindow
PostMessageW
GetWindowLongW
SendMessageW
GetClassNameW
WindowFromPoint
MessageBoxW
IsWindowVisible
GetWindowThreadProcessId
GetShellWindow
GetDesktopWindow
GetForegroundWindow
ShowWindow
wsprintfW
GetLastInputInfo
KillTimer
ReleaseCapture
EnumChildWindows
SetFocus
GetCursorPos
InsertMenuW
CreatePopupMenu
GetProcessWindowStation
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

DeregisterEventSource
ReportEventA
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegEnumValueW
RegisterEventSourceA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
DragQueryFileW
ShellExecuteW

oleaut32

version

GetFileVersionInfoSizeW
VerQueryValueW

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

gdi32

SetWindowOrgEx
PtInRegion
SelectObject
RestoreDC
GetDeviceCaps
DeleteObject
DeleteDC
CreateDIBitmap
GetTextMetricsW
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
RoundRect
SetBkMode
GetEnhMetaFileHeader
CreateEnhMetaFileW
CreateCompatibleDC
SetTextColor
MoveToEx
TextOutW
CreateCompatibleBitmap
BitBlt
SetBitmapBits
GdiFlush

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

gdiplus

GdipDisposeImage
GdipGetImageHeight
GdipImageGetFrameDimensionsList
GdipGetPropertyItem
GdipDrawImageRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusStartup

wldap32

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.png0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.png1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42dc994846163b454cea1240722be357

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

oleaut32

version

urlmon

wininet

gdi32

imm32

gdiplus

wldap32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 448KB - Virtual size: 448KB

.data Size: 60KB - Virtual size: 60KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.png0 Size: 3.1MB - Virtual size: 3.1MB

.png1 Size: 6.0MB - Virtual size: 6.0MB

.rsrc Size: 32KB - Virtual size: 32KB

.l1 Size: 13KB - Virtual size: 13KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 448KB - Virtual size: 448KB

.data
Size: 60KB - Virtual size: 60KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.png0
Size: 3.1MB - Virtual size: 3.1MB

.png1
Size: 6.0MB - Virtual size: 6.0MB

.rsrc
Size: 32KB - Virtual size: 32KB

.l1
Size: 13KB - Virtual size: 13KB