0c3bd53ab6d0eb845e9dd5bb07d0839d7fb946cd23f6093c07bcf3909a708804

Sharing

Copy URL Twitter E-mail

General

Target

0c3bd53ab6d0eb845e9dd5bb07d0839d7fb946cd23f6093c07bcf3909a708804
Size

1.7MB
MD5

ff056aa9c6924af6ccb70c1bbfd3a945
SHA1

d5b5d95f230a7bd14404f9df0c9bad738b36d438
SHA256

0c3bd53ab6d0eb845e9dd5bb07d0839d7fb946cd23f6093c07bcf3909a708804
SHA512

64710985d0fbdf6b86965338801b07ab50e5f814a616d6464561e8d199deca983b9173bc979619bb71376e49bb4ed9043dda297f886ea28bb57cda9f87037279
SSDEEP

24576:OYAvs6vjJ8rcAxzEm4szZvFPy8GTVjlFJEYzB3L+ZTrdUODAXb5:Ms6OfxpzZvFP4VJ1zBETu5b5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c3bd53ab6d0eb845e9dd5bb07d0839d7fb946cd23f6093c07bcf3909a708804

Files

0c3bd53ab6d0eb845e9dd5bb07d0839d7fb946cd23f6093c07bcf3909a708804
.dll windows:6 windows x86

6591c346db12d7408b9c27cc7fc02b15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationA
CreateProcessA
LocalAlloc
LocalReAlloc
LocalFree
lstrcpyA
lstrcatA
lstrlenA
GetLogicalDriveStringsA
MoveFileA
OutputDebugStringA
CancelIo
InitializeCriticalSection
GetSystemInfo
GetVersionExA
GetProcAddress
LoadLibraryA
LocalSize
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
TerminateProcess
GetSystemDirectoryA
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WriteFile
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapQueryInformation
HeapSize
HeapReAlloc
SetConsoleCtrlHandler
EnumSystemLocalesW
GetDiskFreeSpaceExA
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
ExitProcess
HeapValidate
QueryPerformanceFrequency
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
GetModuleFileNameW
SetFilePointer
RemoveDirectoryA
ReadFile
GetFileSize
GetFileAttributesA
GetOEMCP
GetDriveTypeA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
CreateDirectoryA
GetTickCount
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
SetLastError
GetLastError
DecodePointer
VirtualFree
VirtualAlloc
ResumeThread
TerminateThread
CreateThread
Sleep
CreateEventA
WaitForSingleObject
SetEvent
RtlUnwind
CreateFileW
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
RaiseException
IsDebuggerPresent
GetCurrentThreadId
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
WideCharToMultiByte
EncodePointer
GetLocaleInfoEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
GetUserDefaultLCID
CloseHandle

user32

SetCursorPos
SetCapture
MapVirtualKeyA
mouse_event
keybd_event
WindowFromPoint
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
BlockInput
GetDC
ReleaseDC
OpenClipboard
GetDesktopWindow
LoadCursorA
DestroyCursor
EnumDisplaySettingsA
GetCursorInfo
PostMessageA
ShowWindow
IsWindowVisible
GetWindowTextA
EnumWindows
SendMessageA
MoveWindow
DialogBoxParamA
EndDialog
SetDlgItemTextA
SetFocus
SetTimer
KillTimer
LoadIconA
GetMessageA
TranslateMessage
GetSystemMetrics
CharNextA
SystemParametersInfoA
DispatchMessageA
UnregisterClassA
CreateWindowExA
GetClientRect
GetCursorPos
wsprintfA

gdi32

SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
CreateDIBSection

advapi32

EnumServicesStatusA
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceA
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
LockServiceDatabase
RegCloseKey
ControlService
CloseServiceHandle
ChangeServiceConfigA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA

shell32

SHGetFileInfoA

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

vld_x86

?g_vld@@3VVisualLeakDetector@@A

winmm

waveOutGetNumDevs
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInReset
timeBeginPeriod
timeEndPeriod
PlaySoundA
waveInGetNumDevs

ws2_32

closesocket
connect
htons
inet_addr
inet_ntoa
gethostname
getsockname
WSAIoctl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv

avicap32

capGetDriverDescriptionA

msvfw32

ICSendMessage
ICOpen
ICCompressorFree
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICClose

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

IsExit
IsStoped
StopRun
TestRun

Sections

.textbss
Size: - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6591c346db12d7408b9c27cc7fc02b15

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

vld_x86

winmm

ws2_32

avicap32

msvfw32

psapi

Exports

Exports

Sections

.textbss Size: - Virtual size: 617KB

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 286KB - Virtual size: 285KB

.data Size: 9KB - Virtual size: 31KB

.idata Size: 9KB - Virtual size: 9KB

.msvcjmc Size: 5KB - Virtual size: 5KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 45KB - Virtual size: 45KB

.textbss
Size: - Virtual size: 617KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 286KB - Virtual size: 285KB

.data
Size: 9KB - Virtual size: 31KB

.idata
Size: 9KB - Virtual size: 9KB

.msvcjmc
Size: 5KB - Virtual size: 5KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 45KB - Virtual size: 45KB