0de3a2dca1cd6a397c59e4773658512141344b6ea30f768111d52b09a4da8426

Sharing

Copy URL Twitter E-mail

General

Target

0de3a2dca1cd6a397c59e4773658512141344b6ea30f768111d52b09a4da8426
Size

871KB
MD5

61c731f392671f904fbb87d7c743f3e3
SHA1

32f649b045b42be376b115c9e5c9bdb73e9ae696
SHA256

0de3a2dca1cd6a397c59e4773658512141344b6ea30f768111d52b09a4da8426
SHA512

b0d55bfc819d4407e30d7499121dbee163e30d0ee0532106aac243793e45e8858923936383bbec3e6e46b10ee28314194fa9aa514fd3941654169eddc9004111
SSDEEP

12288:48rgCQTAm9jU4Zp6IS5TFrlL5bjsLtTP5u2IkPQo59dKVeWpX:eTxS5fxjshVu2zYgwpX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0de3a2dca1cd6a397c59e4773658512141344b6ea30f768111d52b09a4da8426

Files

0de3a2dca1cd6a397c59e4773658512141344b6ea30f768111d52b09a4da8426
.exe windows:5 windows x64

b9945f5f20a993fafaaece72567904a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

LoadLibraryA
FormatMessageA
Sleep
WriteFile
FlushFileBuffers
SetFilePointer
CloseHandle
GetDriveTypeW
CreateDirectoryW
CreateFileW
GetProcAddress
GetLongPathNameW
OpenProcess
GetLastError
LoadResource
GetFileSize
ReadFile
FindClose
GetSystemInfo
lstrlenW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
FindResourceExW
GetCurrentDirectoryW
RemoveDirectoryW
QueryDosDeviceW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
GetVersionExW
WideCharToMultiByte
GetUserDefaultLangID
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
GetCurrentThreadId
WaitForSingleObject
CreateProcessW
CopyFileW
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
ReleaseMutex
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
RtlPcToFileHeader
RaiseException
RtlUnwindEx
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
GetACP
HeapAlloc
HeapReAlloc
HeapFree
CreateProcessA
GetFileAttributesExW
GetFileType
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateThread
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetProcessHeap
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateMutexW
QueryPerformanceFrequency
GetTempPathW
DuplicateHandle
ReadConsoleW
MoveFileExW
CreatePipe
SetEndOfFile
GetSystemTimeAsFileTime
MultiByteToWideChar

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

shlwapi

PathRemoveFileSpecW

msi

ord113

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

user32

ShowWindow
DestroyWindow
CreateDialogParamW
GetDlgItem
SetDlgItemTextW
GetSystemMetrics
SendMessageW
PostMessageW
DispatchMessageW
GetDC
LoadIconW
SetWindowTextW
MessageBoxW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage
GetMessageW
GetWindowPlacement
IsWindow
CallNextHookEx
SetWindowPlacement
IsDialogMessageW

gdi32

GetTextExtentPoint32W

advapi32

RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFolderPathW
ord165
SHCreateDirectoryExW

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9945f5f20a993fafaaece72567904a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

shlwapi

msi

version

user32

gdi32

advapi32

shell32

Sections

.text Size: 457KB - Virtual size: 457KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 23KB - Virtual size: 23KB

.gfids Size: 512B - Virtual size: 444B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 221KB - Virtual size: 221KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 457KB - Virtual size: 457KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 23KB - Virtual size: 23KB

.gfids
Size: 512B - Virtual size: 444B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 221KB - Virtual size: 221KB

.reloc
Size: 4KB - Virtual size: 4KB