0a4dbcd87357056519bf1a954effddec

Sharing

Copy URL

Twitter E-mail

General

Target

0a4dbcd87357056519bf1a954effddec
Size

1.1MB
MD5

0a4dbcd87357056519bf1a954effddec
SHA1

40c0135a91ea2b53ab3016e05a5ff8bd54157edf
SHA256

98bc7d007397635d7c668004aabfbe18609def2aa3df2f463ce636bfe295baff
SHA512

3a73d185e7ec735fc8c8b9c496c705fc05137f4677223ccd60f66d7725d4a4b92e56d49316f9337bfe11bab3034e5c2f1c5fcade948e57ffd093968dc731b839
SSDEEP

24576:7Q9sKkzy5S/UO53jEONtV4usreqK7fXqytJVsT/iJWnZ222:ov6j9Ou/tfrt0/ioZ222

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a4dbcd87357056519bf1a954effddec

Files

0a4dbcd87357056519bf1a954effddec
.exe windows:4 windows x86 arch:x86

79bf5eb4b0533a7da8311585eb2c4b49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
WSARecv
WSASend
connect
setsockopt
socket
WSAWaitForMultipleEvents
WSACleanup
WSAStartup
htons
gethostbyname
ntohl
closesocket
WSACreateEvent
WSACloseEvent
send
recv

kernel32

LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetFileTime
GetTickCount
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
GetThreadLocale
GetDriveTypeA
CreateFileA
GetFullPathNameA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
VirtualQuery
ExitProcess
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
SetStdHandle
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetCurrentProcessId
GetModuleHandleA
RaiseException
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetModuleHandleW
GetProcAddress
GetVersionExA
GlobalAlloc
FormatMessageW
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
LockFile
LockFileEx
UnlockFile
GetSystemInfo
FindFirstFileW
FindNextFileW
FindClose
ResetEvent
SignalObjectAndWait
ReleaseMutex
CreateMutexW
GetSystemTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetEnvironmentVariableW
GetTempPathW
FlushFileBuffers
GetFileInformationByHandle
GetDiskFreeSpaceW
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
CreateFileW
GetFileAttributesW
MoveFileW
MoveFileExW
DeleteFileW
GetCurrentThreadId
GetVersionExW
GetVersion
FormatMessageA
SetLastError
PulseEvent
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetSystemDirectoryW
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
GetLastError
WideCharToMultiByte
lstrcmpW
lstrlenW
WaitForSingleObject
CreateEventW
SetEvent
FreeLibrary
LoadLibraryW
GetWindowsDirectoryW
Sleep
CreateThread
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileType

user32

UnregisterClassW
RegisterClipboardFormatW
PostThreadMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetWindowThreadProcessId
GetCursorPos
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
UnregisterClassA
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetNextDlgGroupItem
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetWindowPos
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
CharUpperW
CharNextW
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
DestroyMenu
GetSysColorBrush
GetMessageW
DrawIcon
GetSystemMetrics
IsIconic
LoadIconW
CopyIcon
LoadCursorW
InflateRect
ReleaseDC
GetDC
GetParent
GetWindowRect
InvalidateRect
IsWindow
SetWindowLongW
SetCursor
SetCapture
RedrawWindow
ReleaseCapture
PtInRect
GetClientRect
MessageBeep
GetSysColor
UpdateWindow
SendMessageW
EnableWindow
OffsetRect
SetPropW

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
SetViewportExtEx
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
GetWindowExtEx
GetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
SetTextColor
GetClipBox
GetDeviceCaps
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
RectVisible
GetStockObject
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
PtVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegQueryValueW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
StgIsStorageFile
StgOpenStorage
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
OleUninitialize

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
SysAllocString
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SysFreeString

wsock32

ioctlsocket
bind
listen
accept
htonl
WSASetLastError
inet_ntoa
ntohs
gethostname
WSAGetLastError

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 956KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79bf5eb4b0533a7da8311585eb2c4b49

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

iphlpapi

Sections

.text Size: 956KB - Virtual size: 952KB

.rdata Size: 148KB - Virtual size: 144KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 956KB - Virtual size: 952KB

.rdata
Size: 148KB - Virtual size: 144KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 20KB - Virtual size: 18KB