0c57f57fab8502d358908908003f4b8e

Sharing

Copy URL Twitter E-mail

General

Target

0c57f57fab8502d358908908003f4b8e
Size

328KB
MD5

0c57f57fab8502d358908908003f4b8e
SHA1

b5b54e48ef4dc8a2aa37dfd90744e02b4e02d98b
SHA256

53a8cc3521b6eac51554d22c7fadf9c480fdc69d41e2645dd15b3a686dfd7aa6
SHA512

2c73a30f5275b63c11cbce5c484fd3c9c9907eb4e2d43a2dcd3e8f0865069e87026de9f1da51447d94040083a5fa0ad48e652e1a57d9e887030cc229158b0806
SSDEEP

6144:4rkbWSBDr2N2SJG0rPs9PPCDCOTJOk9fC0dENgSPILAz/X2M3:CkbvDr2kS80js9PYCOTJ7adNQS/X2M3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c57f57fab8502d358908908003f4b8e

Files

0c57f57fab8502d358908908003f4b8e
.exe windows:5 windows x86 arch:x86

d4c2faee87e444756799f7caab857a9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsicmp
_wcsnicmp
??2@YAPAXI@Z
memset
_vsnwprintf
memcpy
bsearch
qsort
_errno
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_CxxThrowException
??3@YAXPAX@Z

urlmon

ord108

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
lstrcmpW
LocalFree
lstrlenA
CreateProcessW
GetPrivateProfileIntW
CreateThread
GetTempPathW
SetFileAttributesW
CopyFileW
CreateFileW
CompareStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
DisableThreadLibraryCalls
InitializeCriticalSection
FreeLibrary
GetCurrentThreadId
GetVersionExW
GetModuleFileNameW
LocalAlloc
InterlockedIncrement
GetWindowsDirectoryW
lstrlenW
DeleteFileW
WritePrivateProfileStringW
CreateMutexW
GetLastError
CloseHandle
InterlockedDecrement
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
SetLastError
LoadResource
FindResourceExW
MapViewOfFile
GetExitCodeProcess
CreateFileMappingW
UnmapViewOfFile
DeleteCriticalSection
GetTickCount
WriteFile
WideCharToMultiByte
ReadFile
GetFileSize
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW
MultiByteToWideChar
GetFileAttributesW
IsDBCSLeadByte
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
OutputDebugStringA

user32

GetWindowLongW
CheckDlgButton
SetWindowLongW
SetWindowTextW
PostMessageW
SendMessageW
EndDialog
SetFocus
ShowWindow
EnableWindow
GetDlgItem
IsWindowEnabled
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
DestroyIcon
LoadImageW
LoadIconW
SendDlgItemMessageW
RegisterClipboardFormatW
DialogBoxParamW
LoadStringW
LoadBitmapW
GetWindowThreadProcessId
FindWindowExW
CharNextW
GetFocus
EnumChildWindows
GetParent
CheckRadioButton
SetCursor
LoadCursorW
GetSystemMetrics
MapWindowPoints
GetWindowRect
KillTimer
SystemParametersInfoA
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
DestroyWindow
GetSysColor
ReleaseDC
GetDC
IsDlgButtonChecked
SetTimer

gdi32

GetDeviceCaps
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteObject
GetTextMetricsW

advapi32

RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindExtensionW
PathFindFileNameW
StrCmpIW
StrChrW
PathCombineW
StrStrIW
SHGetValueW
PathIsDirectoryEmptyW
SHSetValueW
PathIsURLW
wnsprintfW
StrRChrW
StrStrW
ord217
StrToIntW
StrCmpW
SHQueryValueExW
StrRStrIW
ord439
SHDeleteKeyW
SHDeleteValueW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathFileExistsW
ord215
StrSpnW
StrCmpNIW
StrCSpnW
StrPBrkW
PathIsUNCServerW
PathIsRootW
PathSkipRootW
PathFindNextComponentW
ord437
PathGetCharTypeW
PathGetDriveNumberW
ord295
ord294

shell32

ExtractIconExW
ExtractIconExA
ExtractAssociatedIconW

comdlg32

GetSaveFileNameW

ole32

CoCreateGuid
CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SafeArrayUnaccessData
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysStringLen
SafeArrayAccessData
SysFreeString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringByteLen

imm32

ImmAssociateContext

cryptui

CryptUIWizDigitalSign

ieakeng

ModifyAuthCode
ModifyAuthCode
ModifyAuthCode
ModifyAuthCode
ModifyAuthCode
ModifyRatings

advpack

DelNodeW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CECB
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4c2faee87e444756799f7caab857a9e

Headers

File Characteristics

Imports

msvcrt

urlmon

kernel32

user32

gdi32

advapi32

shlwapi

shell32

comdlg32

ole32

oleaut32

imm32

cryptui

ieakeng

advpack

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 305KB - Virtual size: 308KB

.data Size: 2KB - Virtual size: 4KB

.CECB Size: 512B - Virtual size: 72KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 305KB - Virtual size: 308KB

.data
Size: 2KB - Virtual size: 4KB

.CECB
Size: 512B - Virtual size: 72KB

.rsrc
Size: 4KB - Virtual size: 3KB