0dc133ce15a6888591a4fce83d1dba49

Sharing

Copy URL

Twitter E-mail

General

Target

0dc133ce15a6888591a4fce83d1dba49
Size

176KB
MD5

0dc133ce15a6888591a4fce83d1dba49
SHA1

6d19c04154996ea836adf56bd89b9733ef1bab2f
SHA256

79f94d3a0703cca0d0d855f97c05bdb0f61490c0067174f02ecf1fe59a7417a2
SHA512

95312d0a2d4abb80f7a577a02c9166ab4b4b00e4f3860be45fa9cb0231bb2feba0372adbe97b1abe77d48ba58f8844400dd18ff7003301abe92e620eed4a8625
SSDEEP

3072:gHK2hrU9LIZBvCrmfGwQ2PJqEhv6TO9hWGxRaadsWBorQ20UAa4HaelJ4/lEc492:gXS+GwQ2PJqEhv6TO6Uoaa8orga46elJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc133ce15a6888591a4fce83d1dba49

Files

0dc133ce15a6888591a4fce83d1dba49
.exe windows:4 windows x86 arch:x86

90ad2e1065ffbaa1ff70a9a80de2d49f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHEnumValueA
SHDeleteValueA
SHQueryInfoKeyA
SHQueryValueExA
PathIsContentTypeA
SHSetValueA
PathGetCharTypeA
SHDeleteKeyA
PathFileExistsA
SHStrDupA
PathIsDirectoryA
SHQueryInfoKeyA
SHStrDupA
SHSetValueA

user32

GetKeyState
GetKeyNameTextA
GetIconInfo

kernel32

GetVersionExA
ReadFile
ResetEvent
GetLastError
ExitProcess
SetEndOfFile
GlobalAlloc
lstrlenA
ExitThread
LoadLibraryA
GetProcAddress
VirtualAlloc
GetModuleHandleA
LocalAlloc
IsBadReadPtr

ole32

CoGetContextToken
CreateStreamOnHGlobal
CoGetMalloc
PropVariantClear
StgOpenStorage
GetHGlobalFromStream
CLSIDFromString

comctl32

ImageList_Create
ImageList_Add
ImageList_Draw
ImageList_Write
ImageList_DrawEx
ImageList_GetBkColor
ImageList_Destroy
ImageList_Destroy
ImageList_DragShowNolock
ImageList_Create
ImageList_Draw
ImageList_Read
ImageList_Write
ImageList_GetBkColor

msvcrt

time
cos

shell32

SHGetFileInfoA
SHGetDesktopFolder
Shell_NotifyIconA
SHGetFolderPathA
DragQueryFileA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileA

comdlg32

ChooseColorA

gdi32

GetBitmapBits
CreatePalette
GetDIBits
CreateCompatibleDC
SetTextColor
SetPixel
CreatePenIndirect
GetCurrentPositionEx
GetDCOrgEx

advapi32

GetUserNameA
RegQueryValueExA
RegDeleteValueA

oleaut32

SafeArrayCreate
GetErrorInfo
RegisterTypeLib
SafeArrayPtrOfIndex
SysReAllocStringLen
SafeArrayUnaccessData
VariantCopyInd
OleLoadPicture

Sections

CODE
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata
Size: 1024B - Virtual size: 566B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90ad2e1065ffbaa1ff70a9a80de2d49f

Headers

File Characteristics

Imports

shlwapi

user32

kernel32

ole32

comctl32

msvcrt

shell32

version

comdlg32

gdi32

advapi32

oleaut32

Sections

CODE Size: 45KB - Virtual size: 45KB

.rdata Size: 1024B - Virtual size: 80KB

.data Size: 8KB - Virtual size: 7KB

.bdata Size: 1024B - Virtual size: 566B

.adata Size: 115KB - Virtual size: 115KB

.fdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 996B

CODE
Size: 45KB - Virtual size: 45KB

.rdata
Size: 1024B - Virtual size: 80KB

.data
Size: 8KB - Virtual size: 7KB

.bdata
Size: 1024B - Virtual size: 566B

.adata
Size: 115KB - Virtual size: 115KB

.fdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 996B