0f923311459e657968b80c1678d9bf77e6fcd6634655ed0e45a598c7a88b9e80

General

Target

0f923311459e657968b80c1678d9bf77e6fcd6634655ed0e45a598c7a88b9e80
Size

13.2MB
MD5

8195b16e0ae94c2cd7e731b3f370101b
SHA1

b2c4624a6a876a2a1e1093db1d89c8a9898a3135
SHA256

0f923311459e657968b80c1678d9bf77e6fcd6634655ed0e45a598c7a88b9e80
SHA512

86bea39846f9a0f34414ddd4ed8caab83ac660fdcd85dfa01586879a36d184b969a039868c2a7534117fcac264fb2a3840c1f51f279b06c3b71af2fececdeba9
SSDEEP

3072:ILlMPAZrIWw8BCEsDiM4lIzUt7dIWw8BCEsD7ALPY:ILaPAZUdnEOf4lDtudnEOq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f923311459e657968b80c1678d9bf77e6fcd6634655ed0e45a598c7a88b9e80

Files

0f923311459e657968b80c1678d9bf77e6fcd6634655ed0e45a598c7a88b9e80
.exe windows:5 windows x86

75b829e85e3d24a2c74419aafa0443bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
LoadLibraryA
LoadLibraryExA
GetVersionExW
GetTickCount
GetACP
GetConsoleAliasW
GetFileAttributesW
lstrcpyA
FindFirstFileW
GetCurrentProcess
GetStringTypeW
GetProcAddress
GetTickCount
GetStartupInfoA
ReadConsoleA
HeapAlloc
HeapFree
GetLogicalDriveStringsW
OpenSemaphoreW
SearchPathW

nddeapi

NDdeShareGetInfoA
NDdeShareSetInfoA

resutils

ClusWorkerCreate
ResUtilDupString

user32

DialogBoxParamW
LoadBitmapW
GetFocus
LoadCursorA
DispatchMessageA
GetClassLongA
CreateDesktopW
IsDialogMessageW
InsertMenuW
IsWindow
LoadIconW
LoadMenuW
GetMessageW

crypt32

CertDuplicateCRLContext
CertOpenStore
CertCreateCRLContext
CryptEnumOIDInfo
CertAlgIdToOID
CertDuplicateStore
CertControlStore
CertDeleteCRLFromStore
CertCreateContext
CryptMemAlloc
CertFindCRLInStore

shlwapi

UrlGetPartA
UrlGetLocationW
PathCompactPathW
UrlCreateFromPathW
UrlCanonicalizeA
PathIsPrefixA
UrlIsNoHistoryW
PathCommonPrefixA
SHDeleteKeyA
UrlHashA
UrlCompareA
UrlEscapeA
PathIsRootA

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vsdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rcrc
Size: 13.0MB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75b829e85e3d24a2c74419aafa0443bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

nddeapi

resutils

user32

crypt32

shlwapi

Sections

.text Size: 144KB - Virtual size: 144KB

.vsdata Size: 8KB - Virtual size: 8KB

.qdata Size: 1KB - Virtual size: 1KB

.rcrc Size: 13.0MB - Virtual size: 1KB

.text
Size: 144KB - Virtual size: 144KB

.vsdata
Size: 8KB - Virtual size: 8KB

.qdata
Size: 1KB - Virtual size: 1KB

.rcrc
Size: 13.0MB - Virtual size: 1KB