0ce187cdd11849b3b2eba46d291fcfcf

Sharing

Copy URL Twitter E-mail

General

Target

0ce187cdd11849b3b2eba46d291fcfcf
Size

199KB
MD5

0ce187cdd11849b3b2eba46d291fcfcf
SHA1

225a7430935d7a170ca50f1daea711bef8491b21
SHA256

c2532929cd37a2b12ea090949b6c5a6366b54b3c5521295a7ac193ef0061c0aa
SHA512

7dd7a7aab0fd2d076f2124ef04656449db5053e3a924d3a3dd7e8c29d1f27fdd03339b3931613cb2bef5d05e80ea52dda591fe0ca276fef2e5aa2650a2f0c396
SSDEEP

1536:pfI9wDzObRHh7YMzl2fwV5/MvZAFFRkpGKohP4mRXJyErXutihdr:pQ9wDzCRHh0Mzlsy1tFRkLohPlH+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ce187cdd11849b3b2eba46d291fcfcf

Files

0ce187cdd11849b3b2eba46d291fcfcf
.exe windows:5 windows x86 arch:x86

5b174f6695e016be15a38e3edb911f80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegEnumValueW
RegEnumKeyExA
GetAce
GetLengthSid
InitializeAcl
GetAclInformation
ImpersonateLoggedOnUser
RegSetValueExA
AdjustTokenPrivileges
IsValidAcl
MakeSelfRelativeSD
EqualSid
GetTokenInformation
GetTraceEnableLevel
OpenServiceW
GetSecurityDescriptorControl
RegEnumKeyW
RegSetValueExW
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
OpenProcessToken
RegOpenKeyA
RegOpenKeyW
UnregisterTraceGuids
StartServiceW
CryptDestroyKey
OpenThreadToken
IsValidSecurityDescriptor
ReportEventW
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegEnumKeyExW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGetHashParam
SetSecurityDescriptorDacl
SetEntriesInAclW

user32

GetDesktopWindow
LoadCursorA
GetWindowRect
CheckDlgButton
LoadBitmapA
GetMessageW
MessageBoxW
EndDialog
RegisterClassExW
PeekMessageA
FindWindowA
GetMenu
CallWindowProcA
ClipCursor
TranslateMessage
GetClassNameW
GetSystemMenu
GetCapture
GetFocus
SetCapture
CallWindowProcW
DragObject
GetSysColorBrush
GetActiveWindow
GetSubMenu
ReleaseCapture
GetCursorPos
IntersectRect
IsChild
GetSystemMetrics
IsWindow
PostMessageA
GetClientRect

msvcrt

_XcptFilter
wcsrchr
_ultoa
__wgetmainargs
memset
_strnicmp
__p__osver
_fileno
fseek
_iob
rand
wcsncat
isleadbyte
_itoa
time
sscanf
wcstol
towupper
fclose
_stat
strstr
_ftol
_strdup
strrchr
srand
iswdigit
_rotr
_controlfp
_except_handler3
towlower
__set_app_type

comdlg32

GetOpenFileNameA
ChooseFontA
ChooseColorA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameA
FindTextA
GetFileTitleA

kernel32

FormatMessageA
GetUserDefaultLCID
CreateDirectoryA
GetCurrentThreadId
RemoveDirectoryW
lstrcmpW
FileTimeToSystemTime
LeaveCriticalSection
ReadFile
lstrcatA
GetOEMCP
GetThreadLocale
CloseHandle
CompareStringW
SetFileAttributesW
ReleaseMutex
DeviceIoControl
WriteConsoleW
lstrcpynA
GetModuleHandleA
IsDBCSLeadByte
LCMapStringA
ExitProcess
CreateFileA
VirtualAlloc
ReleaseSemaphore
GetCommandLineW
lstrcpynW
FileTimeToLocalFileTime
FreeLibrary

shell32

SHGetMalloc
DragQueryFileW
DragQueryFileA
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHFileOperationW
ShellExecuteExW

ole32

OleLoadFromStream
StgCreateDocfile
CoUnmarshalInterface
CoInitialize
StringFromGUID2
OleUninitialize
OleInitialize
CoDisconnectObject
OleRegGetMiscStatus
StgIsStorageFile
CreateILockBytesOnHGlobal
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
CoReleaseMarshalData
OleSaveToStream
OleRegGetUserType
GetRunningObjectTable
CoCreateInstanceEx
CoTaskMemFree
CoSetProxyBlanket
ReleaseStgMedium
CreateDataAdviseHolder

oleaut32

SysAllocStringLen
RegisterTypeLib
SafeArrayCreate
VariantChangeTypeEx
SysStringLen
VariantCopy
SysReAllocStringLen
GetErrorInfo
SafeArrayPtrOfIndex

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 69KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b174f6695e016be15a38e3edb911f80

Headers

File Characteristics

Imports

advapi32

user32

msvcrt

comdlg32

kernel32

shell32

ole32

oleaut32

Sections

.rdata Size: 7KB - Virtual size: 6KB

.text Size: 10KB - Virtual size: 9KB

DATA Size: 34KB - Virtual size: 34KB

BSS Size: 69KB - Virtual size: 81KB

.rdata Size: 77KB - Virtual size: 126KB

.rdata
Size: 7KB - Virtual size: 6KB

.text
Size: 10KB - Virtual size: 9KB

DATA
Size: 34KB - Virtual size: 34KB

BSS
Size: 69KB - Virtual size: 81KB

.rdata
Size: 77KB - Virtual size: 126KB