0e38b869ee11abaf350c3c315f03987d

Sharing

Copy URL Twitter E-mail

General

Target

0e38b869ee11abaf350c3c315f03987d
Size

357KB
MD5

0e38b869ee11abaf350c3c315f03987d
SHA1

25f65a46301cc950c68326f9810668708916fe9a
SHA256

7df44f630a8acca930c3af754f3b73e650d9184d37e7011c036af4b97ba60a43
SHA512

7c5bfc761a0cd2bfa5975a8722146d47262ebeb21209af5445c8680cceea9d849e8b405ab488947e12ecce3e439add0e8e7c5c1b40447d8f77d673651d6b9ba7
SSDEEP

6144:qVU6Wzl02sfsRFFtL0hq+2n92f5VbqH2hsLotQ6m7SMpvAwhHuXArbIsi/hSo67y:X6Wz6nGXAhq+2jLEUb7o67y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e38b869ee11abaf350c3c315f03987d

Files

0e38b869ee11abaf350c3c315f03987d
.exe windows:6 windows x86 arch:x86

16dc6faeea2193701a7d2b57debe5bc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW

kernel32

FindResourceExW
GetModuleHandleW
CloseHandle
OpenProcess
TerminateProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
GetLastError
CreateMutexW
CreateEventW
MultiByteToWideChar
FindResourceW
WideCharToMultiByte
GetPrivateProfileIntW
GetPrivateProfileStringW
CompareStringW
GetPrivateProfileSectionNamesW
WriteFile
CreateFileW
GetLocalTime
SetFilePointer
CreateDirectoryW
lstrlenA
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultLCID
GetUserDefaultUILanguage
lstrlenW
lstrcmpW
InterlockedExchange
GetModuleFileNameW
GetStringTypeExW
GetTickCount
DeleteFileW
GetTempFileNameW
GetTempPathW
LoadResource
LockResource
SizeofResource
HeapSetInformation
LoadLibraryW
GetProcAddress
FreeLibrary
GetCommandLineW
MulDiv
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
SearchPathW
UnmapViewOfFile
GetVersionExW
CreateFileMappingW
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
LoadLibraryExW
MapViewOfFile

gdi32

GetTextExtentPoint32W
GetObjectW
SelectObject
CreateFontIndirectW
DeleteObject
SetTextColor
SetBkColor
CreateSolidBrush

user32

GetSystemMenu
RemoveMenu
SetDlgItemTextW
LoadIconW
CheckRadioButton
GetSystemMetrics
LoadImageW
OffsetRect
MapWindowPoints
DrawTextW
GetSysColorBrush
GetSysColor
GetDlgItem
IsDlgButtonChecked
CheckDlgButton
IsWindowEnabled
ReleaseDC
GetDC
GetClientRect
GetWindowRect
SetWindowPos
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SendMessageW
EndDialog
PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
GetActiveWindow
CreateWindowExW
RegisterClassExW
GetWindowLongW
CallWindowProcW
DefWindowProcW
PostQuitMessage
LoadCursorW
GetClassInfoExW
KillTimer
SetTimer
PostMessageW
DestroyWindow
LoadStringW
FindWindowW
SetForegroundWindow
DialogBoxParamW
IsWindow
ShowWindow
IsIconic
SetWindowLongW
EnableWindow
UnregisterClassA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

shlwapi

UrlCreateFromPathW
PathIsRelativeW
PathCanonicalizeW
PathAddBackslashW
AssocQueryStringW
PathRemoveBlanksW
PathRemoveFileSpecW
PathAppendW

shell32

SHGetFolderPathAndSubDirW
Shell_NotifyIconW

psapi

GetProcessImageFileNameW
EnumProcesses

wininet

InternetCreateUrlW
InternetOpenW
InternetCloseHandle
InternetCrackUrlW
InternetOpenUrlW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

16dc6faeea2193701a7d2b57debe5bc3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

ole32

oleaut32

shlwapi

shell32

psapi

wininet

version

Sections

.text Size: 160KB - Virtual size: 160KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 97KB - Virtual size: 96KB

.reloc Size: 11KB - Virtual size: 11KB

.rdata Size: 76KB - Virtual size: 76KB

.text
Size: 160KB - Virtual size: 160KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 97KB - Virtual size: 96KB

.reloc
Size: 11KB - Virtual size: 11KB

.rdata
Size: 76KB - Virtual size: 76KB