0cf6d17b4983137f4c409274f9b78a68

Sharing

Copy URL Twitter E-mail

General

Target

0cf6d17b4983137f4c409274f9b78a68
Size

2.1MB
MD5

0cf6d17b4983137f4c409274f9b78a68
SHA1

932fcb75661f2148c51f80c657c1b5c4bc548ffe
SHA256

051b4e9537e9895997e3afdac0e0c565d0fbbaddfad25aeed24674a266695691
SHA512

31e58d850c7d1faccb8214e9949225c4f7a80ffa8c6efef0ed04ebe91ad67bf2632c4d7023c240950ed56294d8bb8060858adf07df438824a4455e9557ecad12
SSDEEP

24576:S0PkJVPNb6uam6KPX/2e/m6PUj2UNtnwp0GhVLCQ/6c3l0w/YDZf2itr594lgCI4:SLr7Mv2ULwp7ac3l0buiNn4lCmNJN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cf6d17b4983137f4c409274f9b78a68

Files

0cf6d17b4983137f4c409274f9b78a68
.exe windows:4 windows x86 arch:x86

86dd7f0744f9a7ea429b385921fb7043

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

ole32

OleUninitialize
CoInitialize
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
StringFromGUID2

kernel32

VirtualFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
Sleep
VirtualAlloc
LoadLibraryA
InterlockedCompareExchange
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
QueryPerformanceCounter
WideCharToMultiByte
GetCurrentThreadId
EnterCriticalSection
GetSystemTimeAsFileTime
TerminateProcess
GetLastError
GetStartupInfoA
IsDebuggerPresent
FreeLibrary
GetProcAddress
HeapAlloc
HeapFree
CloseHandle

comdlg32

GetOpenFileNameW
GetFileTitleW
GetOpenFileNameA

advapi32

GetTokenInformation
RegisterEventSourceW
RegCloseKey
CryptHashData
RegOpenKeyExW
SetSecurityDescriptorDacl
OpenThreadToken
RegCreateKeyExW
CryptDeriveKey
RegOpenKeyExA
OpenSCManagerW
RegDeleteValueW
RegUnLoadKeyW
GetFileSecurityA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueW
VerQueryValueA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc

gdi32

SetTextColor
GetTextMetricsA
CreateDIBSection
StretchBlt
SetViewportOrgEx
BitBlt
LineTo
DeleteObject
TextOutW
SetBkMode
GetTextMetricsW
SetBkColor
SetWindowExtEx
ExtTextOutW
GetDeviceCaps
DeleteDC
GetStockObject
EndPage
DPtoLP
GetObjectW
SelectObject

oleaut32

VariantClear
SysAllocStringLen
VariantCopyInd
SysStringLen
GetActiveObject
VariantChangeTypeEx
LoadTypeLi
SafeArrayPutElement
RegisterTypeLi
SafeArrayCreate

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86dd7f0744f9a7ea429b385921fb7043

Headers

File Characteristics

Imports

msvcrt

ole32

kernel32

comdlg32

advapi32

version

shell32

gdi32

oleaut32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 84KB - Virtual size: 81KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 84KB - Virtual size: 81KB