096b1b2fb34a9da8187810895f19d9c1

Sharing

Copy URL Twitter E-mail

General

Target

096b1b2fb34a9da8187810895f19d9c1
Size

434KB
MD5

096b1b2fb34a9da8187810895f19d9c1
SHA1

972fccba2e47e1766fbe7c83b32406230d01a9f1
SHA256

d1f6ad01dd950f64354c70fa98454f1251105cfbb2fbb5a94a7724827d0ed11e
SHA512

55f5cc8a7af2617bb7813f4c656fb8400dbd0fa45ed3bb60b2ac21ae4e15c0e5cafb056f50e0d8c499badf5d74530d7e4bd72d7a7447c2ba14261ec623e3741c
SSDEEP

12288:aB2biROzbzsFa25Ixs7xsHfBP4Yioa2IzXDa:aBmiaz72jsHft4AIzXDa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
096b1b2fb34a9da8187810895f19d9c1

Files

096b1b2fb34a9da8187810895f19d9c1
.exe windows:4 windows x86 arch:x86

00b540bec4373ccaf863f0972ffb9bad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrClientCall2
RpcEpResolveBinding
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcBindingFromStringBindingW
I_RpcExceptionFilter

ntdll

RtlUnicodeStringToAnsiString
NtAllocateVirtualMemory
RtlUnicodeToMultiByteSize
_chkstk
_vsnwprintf
RtlInitUnicodeStringEx
strlen
RtlIsNameLegalDOS8Dot3
RtlUnwind
_wcsicmp
RtlAnsiStringToUnicodeString
NtQueryVirtualMemory

kernel32

GetLocaleInfoW
GetFileAttributesW
TlsFree
LockResource
InterlockedExchange
GetSystemDefaultUILanguage
FindNextFileW
GetFullPathNameW
GetDriveTypeW
FreeLibraryAndExitThread
FindClose
TlsSetValue
SizeofResource
LocalReAlloc
QueryPerformanceCounter
FormatMessageW
GetUserDefaultLCID
FindFirstFileW
SetCurrentDirectoryW
lstrcpynW
GetModuleHandleW
DelayLoadFailureHook
WaitForSingleObject
LeaveCriticalSection
LocalFree
lstrcmpW
GlobalFree
DeleteCriticalSection
SetErrorMode
lstrcmpiW
GetVersionExA
GetCurrentThreadId
GlobalReAlloc
LocalSize
GetTickCount
MultiByteToWideChar
GetLastError
WideCharToMultiByte
EnterCriticalSection
TlsGetValue
DisableThreadLibraryCalls
lstrlenA
TlsAlloc
GetModuleHandleA
GetACP
UnhandledExceptionFilter
FreeResource
GetSystemTimeAsFileTime
CreateFileW
LocalAlloc
lstrcpyW
GlobalAlloc
GetTempFileNameW
CloseHandle
DeleteFileW
GetCurrentProcessId
GlobalLock
GetProfileStringW
GetCurrentDirectoryW
LoadLibraryA
CreateEventW
lstrlenW
CreateThread
SetEvent
InterlockedIncrement
LoadLibraryW
InterlockedDecrement
GetVolumeInformationW
ResetEvent
FindResourceW
FreeLibrary
GetShortPathNameW
FindResourceA
TerminateProcess
InterlockedCompareExchange
MulDiv
LoadResource
lstrcpyA
GlobalUnlock
GetModuleFileNameW
FindResourceExW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
GetProcessVersion
SetLastError
ExpandEnvironmentStringsW
GetProcAddress

userenv

RsopSetPolicySettingStatus

dnsapi

DnsReplaceRecordSetW

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 317KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00b540bec4373ccaf863f0972ffb9bad

Headers

File Characteristics

Imports

rpcrt4

ntdll

kernel32

userenv

dnsapi

mswsock

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 317KB - Virtual size: 920KB

.rdata Size: 21KB - Virtual size: 21KB

.rsrc Size: 78KB - Virtual size: 77KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 317KB - Virtual size: 920KB

.rdata
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 78KB - Virtual size: 77KB