0f197a2a3318260156380406ace82209

Sharing

Copy URL Twitter E-mail

General

Target

0f197a2a3318260156380406ace82209
Size

69KB
MD5

0f197a2a3318260156380406ace82209
SHA1

17fedd620e6b9761ef35dbba9007e7b477796412
SHA256

e13fbda0e1748f73ffa18ee967939c29010060073719640d63215f7177b19c42
SHA512

c67204cf6f7bb560ba224aedc3a8111e37fa02cf45a1ca3927f35434f39214c2647c7d9ca9f4eb36eab243254dbeac6e32d3358cffd51cec43a6bf3a06bd6e49
SSDEEP

1536:MqcfsjOJcdZRdyd0Pek21Rl6CUZNdXL520Nam6Gqk7H1vQSF:MqckjtdZjyd0PekRZNd120NXP7H1QS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f197a2a3318260156380406ace82209

Files

0f197a2a3318260156380406ace82209
.dll windows:4 windows x86 arch:x86

7b5373aefed1d4c1c83bd03474321f5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
InterlockedDecrement
GetCurrentProcess
VirtualAlloc
GetProcessHeap
GetProcAddress
IsBadReadPtr
MulDiv
lstrlenW
lstrcmpW
InterlockedIncrement
GetCurrentThreadId
DisableThreadLibraryCalls
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
Sleep
GetCommandLineA
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
VirtualProtect
SetUnhandledExceptionFilter

user32

KillTimer
SetRect
SetTimer
IsDlgButtonChecked
GetDC
ReleaseDC
IsRectEmpty

advapi32

RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

gdi32

CreateFontIndirectA
SetBkMode
CreateDIBSection
SetTextColor
ExtTextOutA
SetBkColor
GetSystemPaletteEntries
GetDeviceCaps
GetTextColor
DeleteObject
SelectObject

ole32

CoFreeUnusedLibraries
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitialize

rpcrt4

NdrCStdStubBuffer_Release

msvcrt

malloc
_CxxThrowException
sprintf
_XcptFilter
free
_initterm
_amsg_exit
_adjust_fdiv
_except_handler3
memcpy

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b5373aefed1d4c1c83bd03474321f5d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

msvcrt

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 36KB - Virtual size: 69KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 36KB - Virtual size: 69KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 2KB - Virtual size: 1KB