0de405ab371f7f9e59a42554bcd306cf

Sharing

Copy URL Twitter E-mail

General

Target

0de405ab371f7f9e59a42554bcd306cf
Size

554KB
MD5

0de405ab371f7f9e59a42554bcd306cf
SHA1

f9a31d763c49baec00bea4e015d325d905d03739
SHA256

8f7190e1e87300eeca5d538ca89dade765f6fbd93606e3083556e640d78661c2
SHA512

8dd3c819fe1d1251b842f776378edd15a9ef0a573d8486bcf1dd98b500ccdfbff8bd836ac894ba4af3998b5c1cce21b62dbfdb5a76e024d6560c703b1ccf2f82
SSDEEP

6144:1uvfLGpnbz46YRtEDhAcxzeEy0XnpHpQZwrMfgeCg5LNTBkbXpH8E2ibAO3gaHaq:QLAg6YRtEvZ9pQWx9T7pH/2kBd1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0de405ab371f7f9e59a42554bcd306cf

Files

0de405ab371f7f9e59a42554bcd306cf
.exe windows:4 windows x86 arch:x86

1998bc76036757f0d99c30cc5ee6c04b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutOpen
midiOutClose
midiOutShortMsg

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceExA
CreateEventA
SetEvent
WaitForSingleObject
GetCPInfo
GetOEMCP
GetACP
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GlobalLock
GetFileType
GetStdHandle
SetHandleCount
WriteFile
ReadFile
HeapSize
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetWindowsDirectoryA
DeleteCriticalSection
TlsAlloc
SetCurrentDirectoryA
TlsFree
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
CreateThread
ResumeThread
TlsGetValue
TlsSetValue
GlobalUnlock
GetCurrentThread
SetThreadPriority
GetLocalTime
GetModuleFileNameA
UnhandledExceptionFilter
lstrlenA
Sleep
CreateFileA
SetFilePointer
SetEndOfFile
CloseHandle
InitializeCriticalSection
ExitThread
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
CompareStringA
VirtualQuery
GetSystemInfo
VirtualProtect
LoadLibraryA
GetCommandLineA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
GetCurrentThreadId
GetTickCount
HeapDestroy
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapAlloc
RtlUnwind
RaiseException
HeapFree
GetLastError
DeleteFileA
GetStartupInfoA
SetStdHandle

user32

GetForegroundWindow
PostMessageA
FindWindowA
SetForegroundWindow
LoadIconA
RegisterClassA
CreateWindowExA
UnregisterClassA
GetSystemMetrics
DestroyWindow
LoadCursorA
SetCursor
DefWindowProcA
GetCursorPos
WindowFromPoint
GetDC
FillRect
ReleaseDC
SetWindowPlacement
GetWindowRect
SendMessageA
SetWindowLongA
SetWindowPos
GetWindowPlacement
PeekMessageA
TranslateMessage
DispatchMessageA
GetClientRect
ClientToScreen
OpenClipboard
GetClipboardData
CloseClipboard
ShowWindow
MessageBoxA
PostQuitMessage

gdi32

StretchBlt
GetStockObject
CreateSolidBrush
CreateRectRgn
DeleteObject
BitBlt

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize

wsock32

accept
WSACancelBlockingCall
WSACleanup
getsockname
ioctlsocket
WSAAsyncGetHostByName
setsockopt
connect
inet_ntoa
recv
socket
bind
WSAGetLastError
listen
WSAStartup
WSAAsyncSelect
closesocket
send

ddraw

DirectDrawCreate

dsound

ord1

dinput

DirectInputCreateA

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1998bc76036757f0d99c30cc5ee6c04b

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

wsock32

ddraw

dsound

dinput

Sections

.text Size: 428KB - Virtual size: 427KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 72KB - Virtual size: 86KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 428KB - Virtual size: 427KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 72KB - Virtual size: 86KB

.rsrc
Size: 4KB - Virtual size: 3KB