0e8bf2b598d18b36ea5a7461a6d52fa7

Sharing

Copy URL Twitter E-mail

General

Target

0e8bf2b598d18b36ea5a7461a6d52fa7
Size

3.6MB
MD5

0e8bf2b598d18b36ea5a7461a6d52fa7
SHA1

5252fb4a4f709395d350b2e1064cfb2bb0c8ce49
SHA256

ea945c26d867aabb358885ca19acac64c0ab57c6039769c71611317322c3c750
SHA512

2bbd259335b415afbaae4a26d269d73618edd0a6d84aaa52b5b63fd2cac10071fe1363b8a7cd0f7e627224ce2f4bacae7588bf993835855d5bfd36f591973f94
SSDEEP

98304:YbaCNbxnhnxQf273cMiW0TDw+a1mDiDjDDDphhkebAtthtFvI1qZe+:JCNbxnhnaf273cMiW0TDw+a1mDiDjDDc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e8bf2b598d18b36ea5a7461a6d52fa7

Files

0e8bf2b598d18b36ea5a7461a6d52fa7
.exe windows:4 windows x86 arch:x86

502fa097ecb49cd9b7030b7ab6135a3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetIMEFileNameA
ImmGetDefaultIMEWnd
ImmGetCompositionStringA
ImmGetCompositionWindow
ImmGetDescriptionA
ImmGetContext
ImmGetOpenStatus
ImmSetOpenStatus
ImmGetConversionStatus
ImmSetConversionStatus
ImmReleaseContext
ImmSetCompositionWindow

dsound

ord1
ord2

opengl32

glColor4f
glDisable
glEnd
glVertex2f
glTexCoord2f
glColor4ub
glBegin
glColor3f
glTexImage2D
glBindTexture
glFlush
glClear
glPopMatrix
glAlphaFunc
glDepthFunc
glTranslatef
glRotatef
glLoadIdentity
glPushMatrix
glMatrixMode
glVertex3fv
glColor3fv
glFogf
glFogfv
glClearColor
glVertex3f
glDepthMask
glPolygonMode
glFrontFace
glStencilFunc
glColorMask
glStencilOp
glTexParameteri
glTexEnvf
glScalef
glGetFloatv
glReadPixels
glBlendFunc
glViewport
glFogi
wglDeleteContext
wglMakeCurrent
glGetString
wglCreateContext
glTexEnvi
glGenTextures
glGetIntegerv
glDeleteTextures
glEnable

glu32

gluPerspective
gluOrtho2D

winmm

mmioAscend
mmioOpenA
mmioClose
timeGetTime
mmioDescend
mmioRead
timeGetDevCaps
timeBeginPeriod
mmioWrite
timeEndPeriod

kernel32

ReleaseMutex
TerminateThread
CreateThread
OpenMutexA
EnterCriticalSection
LeaveCriticalSection
lstrcatA
OpenEventA
GetComputerNameA
lstrcmpA
ExitProcess
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
FlushFileBuffers
GetTickCount
IsBadReadPtr
lstrlenA
GlobalUnlock
GlobalLock
OutputDebugStringA
GetCurrentThreadId
Sleep
MoveFileA
GetFileAttributesA
CreateFileA
GetCommandLineA
CloseHandle
ReadFile
GetFileSize
GetLastError
GetPrivateProfileStringA
GetCurrentDirectoryA
DeleteFileA
CopyFileA
SetFileAttributesA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
WinExec
FindClose
FindFirstFileA
CreateMutexA
GetLocalTime
GetModuleFileNameA
DuplicateHandle
WriteFile
GetSystemDirectoryA
lstrcmpiA
GetVersionExA
QueryPerformanceCounter
SetProcessAffinityMask
SetThreadPriority
SetPriorityClass
GetProcessAffinityMask
GetThreadPriority
GetPriorityClass
GetCurrentThread
GetCurrentProcess
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalMemoryStatus
SetConsoleMode
GetStdHandle
AllocConsole
FreeConsole
SetConsoleTitleA
GetConsoleTitleA
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
ReadConsoleOutputA
GetCurrentProcessId
WaitForSingleObject
CreateEventA
CreateProcessA
WaitForMultipleObjects
GetExitCodeProcess
GetModuleHandleA
ResetEvent
ResumeThread
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSection
SetEvent
WideCharToMultiByte
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
FindNextFileA
RemoveDirectoryA
CreateDirectoryA
GetThreadContext
lstrcpynA
Module32First
Module32Next
SetUnhandledExceptionFilter
GetACP
GetOEMCP
SetHandleCount
GetFileType
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetLocaleInfoW
SetStdHandle
CreatePipe
PeekNamedPipe
lstrcpyA
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetStartupInfoA
GetVersion
GetSystemTimeAsFileTime
HeapReAlloc
FatalAppExitA
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
HeapSize
TlsSetValue
TlsAlloc
TlsFree
SetLastError
SetFilePointer

user32

ShowWindow
GetDC
SetWindowPos
SetWindowTextA
GetWindowTextA
GetCaretPos
GetWindowLongA
SendMessageA
CallWindowProcA
OpenClipboard
GetClipboardData
IsWindowVisible
SetWindowLongA
DestroyWindow
GetFocus
SetRect
GetActiveWindow
GetCursorPos
ScreenToClient
GetDoubleClickTime
PtInRect
OffsetRect
MessageBoxA
PostMessageA
GetAsyncKeyState
GetScrollPos
CreateWindowExA
SetTimer
IntersectRect
GetDesktopWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetWindowRect
RegisterHotKey
UnregisterHotKey
SetCursorPos
FindWindowA
ShowCursor
ChangeDisplaySettingsA
ReleaseDC
SystemParametersInfoA
ReleaseCapture
SetCapture
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
KillTimer
RegisterClassA
LoadCursorA
LoadIconA
SetForegroundWindow
GetSystemMetrics
SetScrollPos
SetFocus
AdjustWindowRect
IsIconic
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
UpdateWindow
EnumDisplaySettingsA
GetKeyboardLayoutNameA
GetKeyboardLayout
wvsprintfA
EnumChildWindows
RemoveMenu
DrawMenuBar
GetSystemMenu
GetClassNameA
GetWindowThreadProcessId
CloseClipboard
wsprintfA

gdi32

SwapBuffers
GetStockObject
SetPixelFormat
ChoosePixelFormat
SetBkColor
CreateDIBSection
SelectObject
GetTextExtentPoint32A
CreateFontA
DeleteObject
SetTextColor
DeleteDC
TextOutA
CreateCompatibleDC
GetTextExtentPointA

advapi32

SetSecurityDescriptorDacl
CryptGetHashParam
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegDeleteKeyA
GetUserNameA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
InitializeSecurityDescriptor
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

ws2_32

gethostbyname
WSAAsyncSelect
setsockopt
socket
shutdown
recv
WSASend
WSAStartup
WSACleanup
send
WSAGetLastError
inet_addr
htons
connect
closesocket

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wzaudio

wzAudioStop
wzAudioPlay
wzAudioGetStreamOffsetRange
wzAudioDestroy
wzAudioOption
wzAudioCreate

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 118.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

502fa097ecb49cd9b7030b7ab6135a3e

Headers

File Characteristics

Imports

imm32

dsound

opengl32

glu32

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

version

wzaudio

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 124KB - Virtual size: 118.2MB

.rsrc Size: 8KB - Virtual size: 8KB

.nrdata Size: 20KB - Virtual size: 20KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 124KB - Virtual size: 118.2MB

.rsrc
Size: 8KB - Virtual size: 8KB

.nrdata
Size: 20KB - Virtual size: 20KB