0a62b3a263c580c169c4a7026e00cc7c

Sharing

Copy URL

Twitter E-mail

General

Target

0a62b3a263c580c169c4a7026e00cc7c
Size

212KB
MD5

0a62b3a263c580c169c4a7026e00cc7c
SHA1

fcd6223c396238b7827642d1d619eec50c0f1791
SHA256

84e6a66931e4f33337d101d2a60e72d882c8583863b1da3ae041bdd2a4e32808
SHA512

6adcd2fe85debd0645634bc383a5b131231df919aabbaada40ee9e15e3485971a72601ad58d1477edb6f76c202349cba991e547468562b992e6d4cca5eba7347
SSDEEP

3072:pHNQea7rAtOxD7goGReoZH1eTSQ3yrjY3uHlgvvBqVLyEmS5gk2WDdJjOLW2Mbzt:wrbtQATPgY3u2RS+nWDEWlWXoqoOhVg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a62b3a263c580c169c4a7026e00cc7c

Files

0a62b3a263c580c169c4a7026e00cc7c
.exe windows:5 windows x86 arch:x86

c55342a8ba880f93ff171b6ee7706a2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_strnicmp
_lock
__dllonexit
_unlock
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_snprintf
_beginthreadex
atol
mbstowcs
wcstombs
_errno
sprintf
strncmp
atoi
realloc
strncat
srand
rand
printf
_time64
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
malloc
strchr
memmove
ceil
strstr
memcpy
memset
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z

shlwapi

SHDeleteKeyA

kernel32

SetEvent
GetProcAddress
LoadLibraryA
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
lstrlenA
TerminateThread
lstrcatA
lstrcpyA
GetWindowsDirectoryA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
CloseHandle
ReadFile
GetModuleFileNameA
SetLastError
GetCurrentProcess
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
OpenProcess
ExitThread
GetTickCount
ExitProcess
GetSystemDirectoryA
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GlobalMemoryStatus
GetSystemInfo
OpenEventA
SetErrorMode
CreateMutexA
lstrcpyW
GlobalMemoryStatusEx
WinExec
Process32Next
lstrcmpiA
Process32First
Module32First
GetModuleHandleA
GetCurrentThreadId
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateEventA
CreateRemoteThread
Sleep
MoveFileA
GetPrivateProfileSectionNamesA

user32

GetCursorInfo
ReleaseDC
GetDC
GetDesktopWindow
GetCursorPos
SetProcessWindowStation
OpenWindowStationA
LoadCursorA
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
ExitWindowsEx
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetProcessWindowStation
DestroyCursor
GetUserObjectInformationA
DispatchMessageA
OpenDesktopA
PostMessageA
CloseWindow
SendMessageA
IsWindow
CreateWindowExA
TranslateMessage
GetMessageA
wsprintfA
CharNextA
GetWindowTextA
GetForegroundWindow
SetRect

gdi32

GetDIBits
SelectObject
CreateDIBSection
DeleteDC
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC

advapi32

GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
SetEntriesInAclA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegCreateKeyA
RegSetValueExA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateServiceA
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegRestoreKeyA
RegSaveKeyA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
EnumServicesStatusA
ChangeServiceConfig2A

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveInStop
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveInReset
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutClose
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutWrite
waveOutUnprepareHeader

ws2_32

gethostbyname
socket
sendto
connect
WSAIoctl
select
recv
send
setsockopt
closesocket
WSAStartup
ioctlsocket
listen
accept
getpeername
__WSAFDIsSet
recvfrom
bind
ntohs
getsockname
WSAGetLastError
WSACleanup
htonl
gethostname
inet_ntoa
htons
inet_addr
WSASocketA

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICSendMessage
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrameStart

iphlpapi

GetIfTable

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetUserSetInfo
NetLocalGroupAddMembers
NetUserAdd
NetUserDel

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSLogoffSession
WTSDisconnectSession
WTSFreeMemory
WTSQuerySessionInformationA

Sections

BBB
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AAA
Size: 1024B - Virtual size: 947B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BUFF
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.6652
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

QQQ
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SSS
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c55342a8ba880f93ff171b6ee7706a2e

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

msvcp90

wininet

avicap32

msvfw32

iphlpapi

netapi32

psapi

wtsapi32

Sections

BBB Size: 2KB - Virtual size: 2KB

.text Size: 126KB - Virtual size: 126KB

AAA Size: 1024B - Virtual size: 947B

.BUFF Size: 2KB - Virtual size: 2KB

.6652 Size: 5KB - Virtual size: 4KB

QQQ Size: 4KB - Virtual size: 4KB

.SSS Size: 6KB - Virtual size: 5KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 28KB - Virtual size: 29KB

BBB
Size: 2KB - Virtual size: 2KB

.text
Size: 126KB - Virtual size: 126KB

AAA
Size: 1024B - Virtual size: 947B

.BUFF
Size: 2KB - Virtual size: 2KB

.6652
Size: 5KB - Virtual size: 4KB

QQQ
Size: 4KB - Virtual size: 4KB

.SSS
Size: 6KB - Virtual size: 5KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 28KB - Virtual size: 29KB