0a45f040306a97a117df4f7104ffe048

Sharing

Copy URL Twitter E-mail

General

Target

0a45f040306a97a117df4f7104ffe048
Size

132KB
MD5

0a45f040306a97a117df4f7104ffe048
SHA1

fbe691fd2b698535f8595238774ed5f1b8327945
SHA256

b6226ae9727e6197ff73e413787e62b6eb8eb53cd593371f6b730a588bc69a62
SHA512

850e400476a413b4d7a98b3ca52f76c541f92dfbaab211a6ab90ca2c2d09af21e4096c6fcaef88512b23c55388bb1f5a815c2c4cdf46d4af43151c268d338325
SSDEEP

3072:/im2sIUqeDPaHAfKDnyuxzP1L77fni/IG1shn662vhoi2j6fEzby5J:/i4TqeDPagfKDnyurjq/IRUv6iGy5J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a45f040306a97a117df4f7104ffe048

Files

0a45f040306a97a117df4f7104ffe048
.exe windows:5 windows x86 arch:x86

31c452a9d8aa08a0c89b5c731ac851b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
WaitForMultipleObjects
lstrcmpiW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
CloseHandle
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResetEvent
CreateEventW
GetNativeSystemInfo
GetVersionExW
SetLastError
MoveFileExW
GetModuleFileNameW
GetUserDefaultUILanguage
SetThreadPriority
GetLocalTime
ExitProcess
GetCommandLineW
SetErrorMode
GetComputerNameW
GetFileAttributesExW
OpenEventW
DuplicateHandle
GetCurrentProcessId
lstrcmpiA
WTSGetActiveConsoleSessionId
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateRemoteThread
TerminateThread
Process32FirstW
GetProcessId
Process32NextW
lstrcatW
GetWindowsDirectoryW
GlobalLock
GlobalUnlock
GetThreadContext
SetThreadContext
GetEnvironmentVariableW
FileTimeToDosDateTime
GetLastError
OpenMutexW
GetFileSizeEx
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
GetTimeZoneInformation
GetTempFileNameW
HeapReAlloc
ReadFile
Thread32Next
CreateMutexW
FindFirstFileW
SetEndOfFile
FreeLibrary
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
GetFileAttributesW
HeapCreate
HeapDestroy
ReadProcessMemory
Sleep
LoadLibraryW
VirtualFreeEx
WideCharToMultiByte
Thread32First
OpenProcess
WriteFile
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetCurrentThread
GetTickCount
GetSystemTime

user32

LoadImageW
CharLowerW
DispatchMessageW
ExitWindowsEx
CharLowerBuffA
GetCursorPos
GetIconInfo
MsgWaitForMultipleObjects
CharToOemW
TranslateMessage
DrawIcon
GetClipboardData
ToUnicode
GetKeyboardState
CharUpperW
PeekMessageW
CharLowerA

advapi32

CryptAcquireContextW
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
RegEnumKeyExW
EqualSid
GetLengthSid
IsWellKnownSid
InitiateSystemShutdownExW
ConvertSidToStringSidW
CryptHashData
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
CryptGetHashParam

shlwapi

PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathRemoveBackslashW
PathRemoveFileSpecW
StrCmpNIA
wvnsprintfA
PathRenameExtensionW
PathQuoteSpacesW
PathFindFileNameW
StrCmpNIW
StrStrIA
StrStrIW
PathIsURLW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathMatchSpecW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

socket
bind
recv
setsockopt
shutdown
select
getsockname
WSAGetLastError
recvfrom
sendto
WSAEventSelect
getpeername
WSASend
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
WSASetLastError
closesocket
send
listen
accept
freeaddrinfo

crypt32

PFXImportCertStore
CryptUnprotectData
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx

wininet

HttpOpenRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31c452a9d8aa08a0c89b5c731ac851b2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 123KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB