0e165f7a05eebde377c591922015f0e0

Sharing

Copy URL Twitter E-mail

General

Target

0e165f7a05eebde377c591922015f0e0
Size

276KB
MD5

0e165f7a05eebde377c591922015f0e0
SHA1

aa3138b8203fac71bc43eff8effbcb49b00bfada
SHA256

09cdb07cb9be456f9e3318d68dbdd1a33813977b7a609f48c8e7078c6e326b67
SHA512

2124a1dee2db40bc3934fc4bf672705aac730bbdea57c0fa93123cfd71c273b58a20390c13c77f243e9930541e23c1885ade68da15a03c432481240b00566c74
SSDEEP

3072:BHX4hEklcFz3zeFRB5ErsSAJJYoXfKYwWu/YTVZqM+VezxkYjrBqatmD2w4mCorW:gEklcoFRBKsRYyxwNYRzeRYy2ZNorFDE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e165f7a05eebde377c591922015f0e0

Files

0e165f7a05eebde377c591922015f0e0
.exe windows:5 windows x86 arch:x86

f44caf8e06d7e8a49b8e7f3ce65a7c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
ioctlsocket
WSAStartup
WSACleanup
recv
setsockopt
connect
htons
socket
inet_addr
gethostbyname
send
closesocket

kernel32

Sleep
CreateThread
DeleteFileA
CloseHandle
WaitForSingleObject
TerminateThread
IsDebuggerPresent
GetLastError
CreateMutexA
SetConsoleCtrlHandler
WinExec
GetModuleFileNameA
GetExitCodeProcess
WriteFile
ReadFile
PeekNamedPipe
CreateProcessA
GetStartupInfoA
CreatePipe
TerminateProcess
OpenProcess
GetCurrentProcess
CopyFileExA
CreateFileA
MoveFileExA
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
GetComputerNameA
LocalFree
FormatMessageA
GetStringTypeA
ExpandEnvironmentStringsA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetThreadLocale
MultiByteToWideChar
Process32Next
Process32First
CreateToolhelp32Snapshot
SetEndOfFile
SetFilePointer
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
GetLocaleInfoA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetModuleHandleA
HeapSize
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileW
GetProcessHeap
CompareStringA
CompareStringW
GetVersionExA
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
GetModuleHandleW
ExitProcess
HeapAlloc
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

user32

GetAsyncKeyState
GetKeyState
PostMessageA
FindWindowA
OpenClipboard
EmptyClipboard
CloseClipboard
EnumChildWindows
SendMessageA
GetForegroundWindow
GetWindowTextA
MessageBoxA

advapi32

LogonUserA
RegQueryValueExA
LookupAccountNameA
IsValidSid
GetUserNameA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
CreateProcessAsUserA
RevertToSelf

shell32

SHGetFolderPathA
SHChangeNotify
ShellExecuteExA

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f44caf8e06d7e8a49b8e7f3ce65a7c96

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 222KB - Virtual size: 222KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 222KB - Virtual size: 222KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B