0fdf124e0a2ccdd5348ca9965a4f8eb7

Sharing

Copy URL

Twitter E-mail

General

Target

0fdf124e0a2ccdd5348ca9965a4f8eb7
Size

154KB
MD5

0fdf124e0a2ccdd5348ca9965a4f8eb7
SHA1

7b142cab188aee144b21cf51534f2f45d0e14673
SHA256

a0aca11bcdabe05eed52a5ef7f517c0fdbd865e6b9d7a20c9f2098c378a866a7
SHA512

ba107ef2c0b36c8cc7964a51b8b9bf25491ababfd295653491b62d8d7f0cc870b5fa22c7be4893eddc7f3ffe2c59a172767a0c491d65f694fc0e0f9fba0f7409
SSDEEP

3072:L1wPTULM4w8YA+hRf27IPvPtJ2DOtCKoIg9kSb0UbOAky:L1IxeX7IvSOQNTwUbOxy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fdf124e0a2ccdd5348ca9965a4f8eb7

Files

0fdf124e0a2ccdd5348ca9965a4f8eb7
.exe windows:6 windows x86 arch:x86

753a5d8f9ff8e4ca8d64572f232e982e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW
PathFindFileNameW
PathFindFileNameA
PathAppendA

wininet

HttpOpenRequestA
InternetSetOptionA
HttpAddRequestHeadersA
InternetOpenA
InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetGetConnectedState
InternetConnectA
InternetReadFile

ws2_32

WSAStartup
gethostbyname
WSACleanup
inet_ntoa

crypt32

CryptBinaryToStringA

shell32

SHGetFolderPathA
SHCreateDirectoryExA
SHCreateDirectoryExW
SHGetSpecialFolderPathA
ShellExecuteA

gdiplus

GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipFree
GdipSaveImageToFile
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipGetImageEncodersSize

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
CreateCompatibleBitmap
BitBlt

advapi32

GetUserNameW
CryptGenRandom
RegCloseKey
RegCreateKeyExA
RegDeleteKeyExA
RegSetValueExA
GetCurrentHwProfileA
GetUserNameA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

user32

wsprintfA
TranslateMessage
RegisterClassW
DispatchMessageW
wsprintfW
GetSystemMetrics
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
GetDC
UnregisterClassW

kernel32

GetTimeZoneInformation
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetCommandLineW
GetCommandLineA
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW
FreeLibrary
SetEnvironmentVariableW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
WaitForMultipleObjects
CloseHandle
CreateThread
MultiByteToWideChar
WideCharToMultiByte
ReadFile
UnmapViewOfFile
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetVolumeInformationA
Sleep
GetComputerNameA
GetLogicalDrives
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetProcAddress
GetModuleHandleW
GetDriveTypeW
DeleteFileW
CreateFileW
LoadLibraryA
DecodePointer
GetTempFileNameA
FindFirstFileW
FindNextFileW
WriteFile
TerminateProcess
FindClose
OpenProcess
MoveFileExA
QueryFullProcessImageNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetVolumeInformationW
CopyFileW
CreateProcessA
GetFileTime
GetLastError
FindFirstFileExW
GetFileAttributesExW
SetFilePointerEx
FormatMessageW
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

753a5d8f9ff8e4ca8d64572f232e982e

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

ws2_32

crypt32

shell32

gdiplus

gdi32

advapi32

user32

kernel32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 5KB - Virtual size: 8KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 5KB - Virtual size: 8KB

.reloc
Size: 7KB - Virtual size: 7KB