0b207ac310db2d0f8a2a3f52b2d4143a78b36643d562b8d7ce0fcd70e61b376f

Sharing

Copy URL

Twitter E-mail

General

Target

0b207ac310db2d0f8a2a3f52b2d4143a78b36643d562b8d7ce0fcd70e61b376f
Size

378KB
MD5

8e74e9c84d1b5bcbc9fc9ccd784d93e6
SHA1

a54ff469b8a5a517db7174d6454ef8034b4bd979
SHA256

0b207ac310db2d0f8a2a3f52b2d4143a78b36643d562b8d7ce0fcd70e61b376f
SHA512

0e2e03a79f84ae29182fc4e1a4151a9c085b3cf89ca391f5031332fa14a2b66335f3f7dfadb59b959970de0ce029061ea25ddaace4e2bed2148e54b403c6f170
SSDEEP

6144:0K7NAF5y5zerJBbHnV/FBwmyMX+pCAdL6hfhhS3p4sdLwuMeQP4pP5qxtv:N7NAFOzezBwmyMX+pCAdAfduGSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b207ac310db2d0f8a2a3f52b2d4143a78b36643d562b8d7ce0fcd70e61b376f

Files

0b207ac310db2d0f8a2a3f52b2d4143a78b36643d562b8d7ce0fcd70e61b376f
.exe windows:5 windows x64

47365ecd88bfdfcf724c60a6cabeeb77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
GetModuleFileNameW
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameA
GetCommandLineA
RtlLookupFunctionEntry
GetACP
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
CreateFileW
GetCommandLineW
RtlCaptureContext

advapi32

SystemFunction036

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47365ecd88bfdfcf724c60a6cabeeb77

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 285KB - Virtual size: 284KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 248B

.text
Size: 285KB - Virtual size: 284KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 248B