0a04cfd418a7cefac6c6caa60dd54727

Sharing

Copy URL Twitter E-mail

General

Target

0a04cfd418a7cefac6c6caa60dd54727
Size

59KB
MD5

0a04cfd418a7cefac6c6caa60dd54727
SHA1

87ee2770e171782b2d6512c2240a4a7b48a6bea2
SHA256

82296d5a045bc03ca3c26d875c86da2ad0af0978a3ed3cc57c7987772d9240e7
SHA512

ae363f69b62438f055d4ead2d9a41215233bf9fea81e4743ea87cb2cd7af2e65100ee013fa89e66dc94aa85cebbd5840b6b3f3885e06186b16bc76d464c81656
SSDEEP

384:ZzSv+vicU6HCShmk7/JNnMXLp9DZ8FaHCDLdJ8TQfJ3HNPrnX6:YviXCShmuNnMXF8espHF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a04cfd418a7cefac6c6caa60dd54727

Files

0a04cfd418a7cefac6c6caa60dd54727
.exe windows:4 windows x86 arch:x86

7cee3645c98707a98ef22dc4f1f94365

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
_CxxThrowException
_adjust_fdiv
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
malloc
_initterm
free
__CxxFrameHandler
sprintf
memset
memcpy
atoi
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z

user32

TranslateMessage
GetMessageA
DispatchMessageA
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
ShowWindow

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SysAllocString
VariantClear
SysFreeString

advapi32

RegOpenKeyExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus
OpenServiceA
DeleteService
ControlService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
RegQueryValueExA
RegCloseKey

iphlpapi

GetAdaptersInfo

ws2_32

ioctlsocket
closesocket
inet_addr
htonl
gethostbyname
WSAStartup
socket
htons
connect
gethostname
select
shutdown

mpr

WNetCancelConnection2A
WNetAddConnection2A

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

kernel32

lstrcpyA
HeapFree
HeapAlloc
GetProcessHeap
LocalFree
MultiByteToWideChar
DeleteFileA
CreateMutexA
GetLastError
ExitProcess
GetModuleFileNameA
CreateSemaphoreA
WaitForSingleObject
CreateThread
IsBadReadPtr
ReleaseSemaphore
InterlockedDecrement
DisableThreadLibraryCalls
lstrcpynA
GetExitCodeProcess
GetCurrentProcessId
CreateFileMappingA
MapViewOfFile
lstrlenA
lstrcatA
GetTempFileNameA
LoadLibraryA
GetProcAddress
FindResourceA
SizeofResource
LoadResource
GetTempPathA
FreeResource
CloseHandle
WriteFile
CreateFileA
OpenFileMappingA
GetStartupInfoA
ExpandEnvironmentStringsA
CreateProcessA
Sleep
GetFileSize
VirtualAlloc
ReadFile
VirtualFree

Exports

Exports

CPlApplet

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cee3645c98707a98ef22dc4f1f94365

Headers

File Characteristics

Imports

msvcrt

user32

ole32

oleaut32

advapi32

iphlpapi

ws2_32

mpr

wininet

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 39KB - Virtual size: 39KB