0a149a3273bd0578aeddbe862533187d

Sharing

Copy URL Twitter E-mail

General

Target

0a149a3273bd0578aeddbe862533187d
Size

168KB
MD5

0a149a3273bd0578aeddbe862533187d
SHA1

822389050f7ec924e35e7533b1866039cb01f913
SHA256

e96d08413667eb8e00ca154cead573aebd57e614b119286334a703725b5e9d86
SHA512

ac0b8380510da3510c43b0762bb8df4a1dde8cbbea2684b4c2bbc8b2b550a895b9e3fbdb6a562c1410dba0c3da2d4b8078b91ee891fa48ed8d2be9efe0039a20
SSDEEP

3072:0e9xRqk3eMGkS7VpJlv/aVhaB+/o93E9MFZ:0ebR3eXkS7Vpvch5/ohE9q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a149a3273bd0578aeddbe862533187d

Files

0a149a3273bd0578aeddbe862533187d
.dll windows:4 windows x86 arch:x86

20d18dd051fa43e459954638c7d03f5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetFullPathNameW
CreateProcessW
OpenProcess
TerminateProcess
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetComputerNameW
GetTickCount
SetVolumeLabelW
EnterCriticalSection
LeaveCriticalSection
GetLastError
Sleep
lstrlenW
CreateEventW
CreateThread
CloseHandle
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryW
FindNextFileW
FindFirstFileW
GetTempPathW
GetTempFileNameW
DeleteFileW
GetSystemDirectoryW
Module32FirstW
GetFileAttributesW
FindClose
GetFileAttributesExW
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetLongPathNameW
SetFileTime
CreateFileW
GetFileTime
InitializeCriticalSection
GetExitCodeThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ResetEvent
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentProcess
lstrcpyW
DeleteCriticalSection
lstrcatW
lstrlenA
GetVersionExW
SetEvent
ExitThread
WideCharToMultiByte
CreateDirectoryW

user32

GetDC
IsWindow
PostMessageW
GetMessageW
PostThreadMessageW
ReleaseDC

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW

shell32

ShellExecuteW
SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderLocation
SHBindToParent
SHGetPathFromIDListW
SHGetMalloc

ole32

OleUninitialize
CoTaskMemFree
OleInitialize

ws2_32

htons
gethostbyname
inet_ntoa
select
sendto
ntohl
inet_addr
connect
closesocket
WSAStartup
ntohs
recvfrom
send
recv
WSAGetLastError
getsockname
bind
socket
setsockopt
htonl

wininet

InternetOpenUrlW
InternetOpenW
InternetReadFile
InternetCloseHandle

msvcrt

_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
sprintf
_vsnprintf
fwrite
fflush
fclose
_msize
_purecall
_lseeki64
_lseek
_filelengthi64
_filelength
_write
_read
_close
_wopen
_ltow
_wcsdup
wcsstr
_wfopen
wprintf
malloc
free
_wcsicmp
time
localtime
swprintf
remove
wcsrchr
wcsncpy
wcscat
rename
_errno
wcslen
wcschr
wcscpy
??2@YAPAXI@Z
??3@YAXPAX@Z
_wtoi
__CxxFrameHandler
_vsnwprintf
_strdup

iphlpapi

GetIpAddrTable
GetAdaptersInfo

avicap32

capGetDriverDescriptionW

mfc42u

ord538
ord5679
ord4124
ord858
ord800

comctl32

ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetBkColor

winmm

timeGetDevCaps
timeGetTime
timeSetEvent
timeEndPeriod
timeKillEvent
timeBeginPeriod

shlwapi

StrRetToStrW
StrRetToBufW

gdi32

GetDIBits
GetObjectW

Exports

Exports

LlzdSet
LlzdStart
LlzdStop

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20d18dd051fa43e459954638c7d03f5a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

wininet

msvcrt

iphlpapi

avicap32

mfc42u

comctl32

winmm

shlwapi

gdi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 28KB - Virtual size: 30KB

.rsrc Size: 44KB - Virtual size: 41KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 44KB - Virtual size: 41KB

.reloc
Size: 8KB - Virtual size: 7KB