0eb72a1543a5632641d7fd22d60014a4

Sharing

Copy URL

Twitter E-mail

General

Target

0eb72a1543a5632641d7fd22d60014a4
Size

41KB
MD5

0eb72a1543a5632641d7fd22d60014a4
SHA1

8b55473f98e4fd160a9a98f26e5e00fc3e0c79de
SHA256

6e47a714b471396a1fc0f479119f0cc7298610b1051ebb038efbb49a2a3261d9
SHA512

17c142d2b24d1c2f8b7fd23bf6820cd07ebaa822ffcb5357134959a8140a0ce8e46c34b76cefe40db339fab58a52d1ab8f5b037ae536fa775f6e6df37569fa0b
SSDEEP

768:xsT8iIeui3OCtMyMBkKwh3LaXAD/92xPXg1kaLDks4SkUG0Aak/nnZoy:xsT8iIePOCtNMfs3OAkXg1p8SkUGJ5Zo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eb72a1543a5632641d7fd22d60014a4

Files

0eb72a1543a5632641d7fd22d60014a4
.exe windows:5 windows x86 arch:x86

1e35aff72972f53002b1437673072e42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
LZCopy
DebugBreak
GetDiskFreeSpaceW
GetLocalTime
GetDefaultCommConfigA
SetHandleCount
WriteProfileSectionA
VirtualAlloc
GetUserDefaultLCID
lstrcpyA
ZombifyActCtx
GetConsoleFontInfo
AllocConsole
GetConsoleInputWaitHandle
LoadResource
SetFirmwareEnvironmentVariableW
LoadLibraryA
lstrcmpiA
CreateTimerQueue
CreateEventA
Heap32First
GetLocaleInfoA
ExitProcess
EnumCalendarInfoExA
GetThreadSelectorEntry
SetTapeParameters
GetPrivateProfileSectionNamesW
GetOEMCP
EnumSystemLocalesA
FindFirstVolumeA
ShowConsoleCursor
FindVolumeMountPointClose
SetFirmwareEnvironmentVariableA
HeapFree
GetTickCount

sqlunirl

newMultiByteFromWideChar
_GetShortPathName_@12
_CommConfigDialog_@12
_ReadConsoleInput_@16
_CompareString_@24
_NDdeShareSetInfo_@24
newMultiByteFromWideCharEx
_WritePrivateProfileString_@16
_RegQueryInfoKey_@48
_GetUserName@8
_GetFileVersionInfoSize_@8
_SendNotifyMessage_@16
_CreateScalableFontResource_@16
_GetMessage_@16
_NDdeShareEnum_@24
_strerror_@4
_CreateFileMapping_@24
_CharLower@4
_CreateEnhMetaFile_@16
_IsCharUpper_@4
_GetEnvironmentStrings_@4
_CreateMutex_@12
_GetVolumeInformation_@32
_EnumFonts_@16
_RegisterServiceCtrlHandler_@8
_VerQueryValue_@16
_OpenSCManager_@12
_DefineDosDevice_@12
_CreateStatusWindow_@16

dnsapi

DnsRecordListFree
NetInfo_Copy
DnsIsAMailboxType
DnsNameCompareEx_UTF8
DnsDhcpSrvRegisterHostName
DnsUnicodeToUtf8
DnsNameCompare_A
DnsRecordSetCopyEx
DnsIsStringCountValidForTextType
DnsAcquireContextHandle_W
DnsCopyStringEx
DnsReplaceRecordSetA
DnsExtractRecordsFromMessage_UTF8
DnsNotifyResolverEx
DnsDowncaseDnsNameLabel
DnsQueryConfigAllocEx
Dns_ParsePacketRecord
DnsApiFree
Dns_SkipPacketName
DnsGetDnsServerList
Query_Main
Dns_BuildPacket
DnsNotifyResolverClusterIp
DnsUtf8ToUnicode
DnsFreeConfigStructure
DnsFree
Dns_InitializeMsgRemoteSockaddr
DnsUpdateTest_A

oleaut32

SafeArrayGetElement
OleLoadPicturePath
VarUI1FromStr
VarDecFromUI2
VarBoolFromDate
VarUI2FromUI1
VarR4CmpR8
SysReAllocString
VarMonthName
VarUI2FromDate
VarCyFromBool
VarDateFromDec
VarI2FromUI2
VarI1FromR8
VarCyFromR4
VarUI8FromI2
VarMod
OleLoadPictureEx
OleCreateFontIndirect
VarUI2FromUI4
VarI1FromUI4
OleLoadPictureFile
VariantChangeType
VarDecFromUI4
LPSAFEARRAY_UserUnmarshal
VarBoolFromDisp

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e35aff72972f53002b1437673072e42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlunirl

dnsapi

oleaut32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 472B

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 472B

.rsrc
Size: 6KB - Virtual size: 6KB