0a92daa19f2cc77a21cdbf8db6d8bb68

Sharing

Copy URL

Twitter E-mail

General

Target

0a92daa19f2cc77a21cdbf8db6d8bb68
Size

684KB
MD5

0a92daa19f2cc77a21cdbf8db6d8bb68
SHA1

2074cf815217641a38f5243b8d35bc4e74ec8d31
SHA256

ab097e8b19ec166a2ff65d10ab06a8d572216cee2b0c44ebe183a8cb60b2bae7
SHA512

3c4f44578df40d952df7330ed9ab6e7df14a2332a864a894e1c34215ad4e4399f9959bf53c60c8e98de15d806630e2a72d622d2eeced3eac22d579fb0f9f45ec
SSDEEP

12288:gysoBJKquCdZ6hMDi2WgjbA+Jyrd/PaL7hc4cQFGI:GYJKqNdlDi2WOJMdea4vGI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

0a92daa19f2cc77a21cdbf8db6d8bb68

resource
0a92daa19f2cc77a21cdbf8db6d8bb68

Files

0a92daa19f2cc77a21cdbf8db6d8bb68
.exe windows:4 windows x86 arch:x86

7b70caa8c97e7c06e62703509f0a668c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

usp10

ScriptLayout
ScriptTextOut
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptXtoCP
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars

xolehlp

ord5

kernel32

GetStartupInfoA
SetEndOfFile
GetLocaleInfoW
LoadLibraryA
SetStdHandle
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
IsBadCodePtr
IsBadReadPtr
HeapSize
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
VirtualQuery
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcess
QueryPerformanceCounter
GetWindowsDirectoryA
GetSystemTime
OpenProcess
GetVersionExA
GetModuleHandleA
GetDateFormatA
SizeofResource
HeapReAlloc
GetLocalTime
CreateFileA
HeapFree
HeapAlloc
CreateDirectoryA
DeleteFileA
ResetEvent
VirtualFree
VirtualAlloc
VirtualProtect
SetSystemTimeAdjustment
GetSystemInfo
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
GetCommandLineA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
GetCPInfo
ExitProcess
HeapDestroy
HeapCreate
IsBadWritePtr
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
ReadFile
CloseHandle
SetUnhandledExceptionFilter
WriteFile
FlushFileBuffers
TerminateProcess

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b70caa8c97e7c06e62703509f0a668c

Headers

File Characteristics

Imports

usp10

xolehlp

kernel32

Sections

.text Size: 232KB - Virtual size: 228KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 68KB - Virtual size: 211KB

.rsrc Size: 364KB - Virtual size: 363KB

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 68KB - Virtual size: 211KB

.rsrc
Size: 364KB - Virtual size: 363KB