0b009ac9b4917abbbff83732e7006e56

General

Target

0b009ac9b4917abbbff83732e7006e56
Size

181KB
MD5

0b009ac9b4917abbbff83732e7006e56
SHA1

0c6c7d0eb17a6ad03836c297d54e08a239c62bef
SHA256

14c5b9f631510ca93dd7544df7b93e0208d649e8fb8475683db329c6b0f7ce89
SHA512

9bd98c96032863f4907fd778dec9a949b6702c065334c789b60447cd556b11344a415e4de5f3948114247aea7e9e08d0b0cd227411fd2ce9e7eafaa1d6da2ae2
SSDEEP

3072:1SPCj+XfxxffCKz10GHt/bTvVqbMg4m5gx+MIcZjJnQj32ZH6bsMl9f0R0lId8Xp:oP/bDz1tBbTdG4mDVcXnK3O8frll3yNW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b009ac9b4917abbbff83732e7006e56

Files

0b009ac9b4917abbbff83732e7006e56
.exe windows:4 windows x86 arch:x86

822f817033d24f1a1c03112c0cd8b685

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetProfileStringA
EnumDateFormatsA
GetProcAddress
GetSystemPowerStatus
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetLastError
SetFilePointer
CompareStringA
WideCharToMultiByte
CompareStringW
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocaleInfoA
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
RtlUnwind
InterlockedExchange
HeapSize
GetStringTypeW

gdi32

GetCharWidthW
MaskBlt
CreatePen
EudcLoadLinkW
GetCharABCWidthsA

shlwapi

PathStripToRootW
PathSkipRootW
StrToIntA
UrlIsNoHistoryW
StrRChrIA
StrPBrkA
PathUnmakeSystemFolderA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

822f817033d24f1a1c03112c0cd8b685

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

shlwapi

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 29KB - Virtual size: 230KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 29KB - Virtual size: 230KB

.rsrc
Size: 2KB - Virtual size: 1KB