0b06ca85071fa11d8013261fa22046b8

Sharing

Copy URL Twitter E-mail

General

Target

0b06ca85071fa11d8013261fa22046b8
Size

359KB
MD5

0b06ca85071fa11d8013261fa22046b8
SHA1

8c80d4695d31086e35c1c13c47aa16d7b1804524
SHA256

774ad828002b059be065b2786058f6e0aee4e9a7df3debb41a0bc1aa1164ec81
SHA512

a5ebb35e078cfcc9f62f38554e8d3ee5c909899d20d327bd38403e6bee5fc2d89e4ef4cca177e8d447e627dab04cddfcdad38940efe89e25660538c742e4565d
SSDEEP

6144:3CY3xmibwBnN5OOrtdxec+C6yGz+4jxKGRIENu67VX4SuzkGeuXdYE822ttJgN:3CmxTwBn7tBRHGRIHOVoSuH7822

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b06ca85071fa11d8013261fa22046b8

Files

0b06ca85071fa11d8013261fa22046b8
.exe windows:5 windows x86 arch:x86

11c7158a1fab8a781528d2638f47b2c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsstr
wcscspn
wcsspn
isleadbyte
sscanf
_isatty
__p__osver
toupper
wcscat
fopen
wcstombs
tolower
_cexit
setlocale
_ltoa
??2@YAPAXI@Z
iswdigit
_rotl
_errno
ceil
_beginthreadex
_wtol
_wsplitpath
_ftol
wcsncmp
strrchr
strncpy
_wtoi
_itow
isxdigit
_onexit
sprintf
wcslen
?terminate@@YAXXZ
_purecall
time
_XcptFilter
fseek
__p__commode
_amsg_exit
_wcsdup
_unlock
exit
towlower
iswalpha
_vsnprintf
_local_unwind2
atoi
__getmainargs
_snwprintf
_lseeki64
ctime
_CIacos
_vsnwprintf
printf
fread
bsearch
_strdup
wcscmp
_lock
strtok
strchr
__set_app_type
realloc
??1type_info@@UAE@XZ
wcstol
??0exception@@QAE@ABV0@@Z
fprintf
_adjust_fdiv
_wcsnicmp
wcstok
_strlwr
atol
isdigit
iswspace
_access
_finite
free
calloc
isalpha
_c_exit
strstr
_wcsicmp
__CxxFrameHandler
srand
??3@YAXPAX@Z
floor
_ultoa
_strnicmp
_stat
fwrite
_CxxThrowException
malloc
wcsncat
_wfopen
__p__fmode
_wcslwr
memset
wcscpy
_ltow
_itoa
_except_handler3
fclose
wcschr
__pioinfo
strncmp
_stricmp
_exit
_acmdln
isspace
_iob

ole32

StgCreateDocfileOnILockBytes
CoDisconnectObject
CoGetInterfaceAndReleaseStream
CoCreateInstanceEx
CoGetClassObject
WriteClassStm
OleSaveToStream
CoTaskMemRealloc
CoUninitialize
OleInitialize
OleRegGetMiscStatus
CoCreateFreeThreadedMarshaler
StgOpenStorage
CoTaskMemFree
CoTaskMemAlloc
CreateILockBytesOnHGlobal
CoRegisterClassObject
CreateDataAdviseHolder
StgCreateDocfile
CoUnmarshalInterface
OleRun
CoMarshalInterThreadInterfaceInStream
StringFromIID
ProgIDFromCLSID
CoGetObjectContext
CreateOleAdviseHolder

comctl32

ImageList_Create
PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControls

rpcrt4

NdrClientCall2
NdrOleFree
UuidCreate
CStdStubBuffer_CountRefs
NdrServerCall2
NdrCStdStubBuffer2_Release
RpcServerInqBindings
RpcBindingSetAuthInfoExW
CStdStubBuffer_AddRef
IUnknown_AddRef_Proxy
NdrStubForwardingFunction
CStdStubBuffer_DebugServerQueryInterface
RpcBindingVectorFree
IUnknown_QueryInterface_Proxy
RpcEpResolveBinding
NdrStubCall2
RpcBindingFromStringBindingW
RpcServerUnregisterIf
CStdStubBuffer_IsIIDSupported
UuidToStringW
RpcServerRegisterAuthInfoW
NdrDllRegisterProxy
RpcStringFreeA
CStdStubBuffer_Invoke
RpcImpersonateClient
RpcServerUseProtseqEpW
UuidToStringA
NdrDllGetClassObject
NdrCStdStubBuffer_Release
RpcBindingSetAuthInfoW
CStdStubBuffer_Disconnect
IUnknown_Release_Proxy
NdrDllCanUnloadNow
RpcRevertToSelf
CStdStubBuffer_Connect
RpcServerRegisterIfEx
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
RpcStringBindingComposeW
RpcStringBindingParseW
RpcRaiseException
UuidFromStringW
CStdStubBuffer_QueryInterface

shlwapi

PathFindExtensionA
SHSetValueW
PathRemoveBackslashW
PathGetDriveNumberW
SHDeleteValueA
StrTrimW
PathStripToRootW
PathRemoveBlanksW
PathIsUNCW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
PathIsURLW
StrCmpIW
StrStrW
wnsprintfW
StrRetToBufW
StrToIntExW
PathAppendW
SHDeleteKeyA
StrCmpW
StrRChrW
PathIsRootW
PathSkipRootW
StrStrIW
SHStrDupW
StrCmpNIW
PathFindExtensionW
PathAddBackslashW
PathRemoveExtensionW
UrlUnescapeW
StrStrIA
PathIsRelativeW
wnsprintfA
PathRemoveFileSpecA
StrCmpNW

kernel32

GetCommandLineW
GetTempPathA
GetWindowsDirectoryA
CloseHandle
GetLocalTime
GlobalFree
WaitForSingleObject
CreateMutexA
CreateFileMappingA
CreateDirectoryW
GetCurrentProcess
FormatMessageW
lstrcpyW
CreateFileA
FreeLibrary
GetOEMCP
SetUnhandledExceptionFilter
GetComputerNameW
InterlockedDecrement
OutputDebugStringW
HeapFree
GetModuleFileNameW
GetLocaleInfoW
SizeofResource
GetDriveTypeA
CreateThread
DeleteFileW
SetStdHandle
lstrcatA
CompareStringW
GetDriveTypeW
FormatMessageA
FindFirstFileW
GetLastError
GetFileSize
IsBadWritePtr
LocalAlloc
FindFirstFileA
LoadResource
DeleteFileA
DisableThreadLibraryCalls
lstrcpynA
GetThreadLocale
ReadFile
GetVersionExW
SetFileAttributesA
GetCurrentThreadId
GetEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
lstrcmpW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
WriteFile
LoadLibraryExA
GetCurrentProcessId
lstrcmpiA
FlushFileBuffers
LeaveCriticalSection
WriteConsoleW
TlsAlloc
ReleaseMutex
LCMapStringA
GetTickCount
TerminateProcess
OpenEventW
OpenMutexA
RtlUnwind
IsDBCSLeadByte
TlsSetValue
CreateFileW
lstrcatW
GetStartupInfoA
GetFileAttributesA
GetProcessHeap
TlsGetValue
MapViewOfFile
GetModuleHandleA
UnhandledExceptionFilter
HeapReAlloc
MulDiv
FindClose
ReleaseSemaphore
SetErrorMode
CreateEventA
FindResourceW
CompareStringA
VirtualProtect
LocalFree
GetStdHandle
DeleteCriticalSection
GetLocaleInfoA
TlsFree
CreateProcessA
GetCommandLineA
GlobalAlloc
OpenEventA
GetSystemTime
lstrcmpiW
CreateDirectoryA
InterlockedCompareExchange
GetSystemDirectoryA
ExpandEnvironmentStringsW
QueryPerformanceCounter
SetLastError
Sleep
SetFilePointer
SetEvent
UnlockFile
ResetEvent
InitializeCriticalSection
CreateFileMappingW
GetSystemTimeAsFileTime
ResumeThread
GetExitCodeThread
EnterCriticalSection
GetConsoleMode
GetCPInfo
GetVersion
SetHandleCount
WaitForMultipleObjects
lstrlenW
CreateMutexW
RaiseException
SystemTimeToFileTime
GetFileType
GetEnvironmentStrings
OutputDebugStringA
WideCharToMultiByte
GetUserDefaultLCID
InterlockedExchange
VirtualAlloc
GetStringTypeW
HeapSize
GetSystemDirectoryW
IsDebuggerPresent
FindNextFileA
GetCurrentThread
LCMapStringW
FreeEnvironmentStringsA
GetModuleHandleW
InterlockedIncrement
VirtualFree
MultiByteToWideChar
FreeEnvironmentStringsW
GetExitCodeProcess
IsBadReadPtr
HeapAlloc
VirtualQuery
lstrlenA
UnmapViewOfFile
FindResourceA

gdi32

CreateBitmap
Polyline
CreatePalette
GetClipBox
SetBkMode
CreateDCA
GetPaletteEntries
GetStockObject
SetViewportExtEx
CreateRectRgnIndirect
SetWindowExtEx
RestoreDC
RectVisible
Ellipse
GetDeviceCaps
GetNearestColor
RealizePalette
CreateFontIndirectA
DeleteObject
CreateDIBSection
SetWindowOrgEx
GetWindowExtEx
SetTextColor
TextOutA
CreateMetaFileA
GetTextExtentPointW
CreateSolidBrush
ExcludeClipRect
GetTextExtentPointA
ScaleViewportExtEx
LineTo
GetMapMode
GetBkMode
SetTextAlign
DeleteDC
ExtSelectClipRgn
GetViewportExtEx
GetPixel
FillRgn
SaveDC
CreateFontA
CreateCompatibleDC
CloseMetaFile
GetBkColor
OffsetViewportOrgEx
CreateMetaFileW
GetBitmapBits
SetViewportOrgEx
SelectClipRgn
UnrealizeObject
EndPage
MoveToEx
GetTextColor
ExtTextOutA
CreateBrushIndirect
PlayMetaFile
SetBkColor
GetTextExtentPoint32W
CreateHalftonePalette
ScaleWindowExtEx
ExtTextOutW
GetTextMetricsA
SelectPalette
LPtoDP
StartPage
CreateFontIndirectW
BitBlt
TextOutW
Escape
CreateDCW
GetTextMetricsW
GetTextExtentPoint32A
CombineRgn
SetROP2

version

VerLanguageNameA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerFindFileW

oleaut32

LoadTypeLib
GetErrorInfo
GetActiveObject
SafeArrayGetUBound
CreateErrorInfo
SysFreeString
VariantClear
VariantCopy
SafeArrayGetLBound
SafeArrayPutElement
VariantChangeTypeEx
SysAllocStringLen
VariantChangeType
VariantCopyInd
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
RegisterTypeLib
SafeArrayCreate
SysStringByteLen
SysReAllocStringLen
OleLoadPicture
SysAllocStringByteLen

advapi32

GetSecurityDescriptorControl
UnlockServiceDatabase
GetSidIdentifierAuthority
RegQueryValueExA
IsValidSecurityDescriptor
LsaFreeMemory
CryptAcquireContextA
GetSidSubAuthorityCount
RegOpenKeyExW
CheckTokenMembership
ReportEventW
MakeSelfRelativeSD
OpenProcessToken
SetThreadToken
RegQueryInfoKeyW
RegEnumKeyW
RegFlushKey
CryptGetHashParam
ImpersonateLoggedOnUser
AddAce
OpenThreadToken
RegSetValueA
ConvertStringSidToSidW
GetAclInformation
RegEnumKeyExA
RegCreateKeyW
CryptDestroyKey
RegCreateKeyExW
CryptCreateHash
OpenServiceA
LookupAccountSidW
LsaClose
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableFlags
CryptGenRandom
LsaQueryInformationPolicy
RegSetValueExW
FreeSid
CryptDestroyHash
GetUserNameW
ConvertSidToStringSidW
LookupPrivilegeValueA
AddAccessAllowedAce
AllocateAndInitializeSid
CryptReleaseContext
RegQueryInfoKeyA
IsValidSid
RegConnectRegistryW
RegDeleteValueW
SetEntriesInAclW
RegCreateKeyA
OpenSCManagerW
SetSecurityDescriptorGroup
GetUserNameA
GetSidSubAuthority
RegNotifyChangeKeyValue
RegEnumValueW
CryptAcquireContextW
DeleteService
GetTraceEnableLevel
CloseServiceHandle
GetTraceLoggerHandle
GetSecurityDescriptorOwner
CopySid
DuplicateTokenEx
RegSetValueW
SetSecurityDescriptorOwner
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
InitializeAcl
SetSecurityDescriptorDacl
GetLengthSid
LsaOpenPolicy
RegCreateKeyExA
RegisterTraceGuidsW
RegOpenKeyA
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
RegQueryValueW
ChangeServiceConfigW
LookupPrivilegeValueW
LookupAccountNameW
LockServiceDatabase
DeregisterEventSource
RegSetValueExA
SetFileSecurityW
SetServiceStatus
RegQueryValueExW
InitializeSecurityDescriptor
CryptHashData
RegDeleteKeyW
AdjustTokenPrivileges
RegisterEventSourceW
UnregisterTraceGuids
SetNamedSecurityInfoW
OpenSCManagerA
RegOpenKeyW
RegCloseKey
GetTokenInformation
GetAce
RevertToSelf
GetSidLengthRequired

Sections

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textbss
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 485B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11c7158a1fab8a781528d2638f47b2c4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

comctl32

rpcrt4

shlwapi

kernel32

gdi32

version

oleaut32

advapi32

Sections

.tls Size: 2KB - Virtual size: 2KB

BSS Size: 2KB - Virtual size: 1KB

BSS Size: 2KB - Virtual size: 1KB

.bss Size: 2KB - Virtual size: 2KB

.textbss Size: 2KB - Virtual size: 2KB

.text Size: 327KB - Virtual size: 326KB

DATA Size: 1024B - Virtual size: 328KB

BSS Size: 1KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 485B

.tls
Size: 2KB - Virtual size: 2KB

BSS
Size: 2KB - Virtual size: 1KB

BSS
Size: 2KB - Virtual size: 1KB

.bss
Size: 2KB - Virtual size: 2KB

.textbss
Size: 2KB - Virtual size: 2KB

.text
Size: 327KB - Virtual size: 326KB

DATA
Size: 1024B - Virtual size: 328KB

BSS
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 485B