0a30ba133878f9acfd154002aec6ab88

Sharing

Copy URL Twitter E-mail

General

Target

0a30ba133878f9acfd154002aec6ab88
Size

755KB
MD5

0a30ba133878f9acfd154002aec6ab88
SHA1

98c90dc3ee56b4c8ed30b09d0125e4a48bff4493
SHA256

edbd1def78ee55da59aaa2eb0b959ca209a3c66c348ccb0f73f2a9e1947acd06
SHA512

cbe9fe36725dd84c8bc4a4500e5cd15c1d47b4089d0267126bc1e5449420e970976edb8c8a48bd6d37954b9927423d2443085508f935844aa9e386b35936ba5a
SSDEEP

12288:4ORjLHaB9mtjKqoSyIu6WrhQ8pzk8SVcfrc1C8bYJqmJRNAfLs7zahUF5lS34Ooe:BRyB9ujEjIua8mC41nSPjNga5lSof

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a30ba133878f9acfd154002aec6ab88

Files

0a30ba133878f9acfd154002aec6ab88
.exe windows:4 windows x86 arch:x86

02af0c412d7f938bbf5ff41216070d2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
RegQueryValueExA
CryptGetDefaultProviderW
StartServiceW
CryptSignHashW
CryptExportKey
CryptEnumProviderTypesA
CryptGenRandom
RegSetValueA
RegSaveKeyW

shell32

SHAppBarMessage
DragQueryFileA
CommandLineToArgvW
SheGetDirA
DuplicateIcon
DragQueryFile
SHBrowseForFolderA
SHGetPathFromIDList
RealShellExecuteExA
SHGetDataFromIDListW

gdi32

ResetDCA
Polygon
GdiSetBatchLimit
GetRegionData
GetStockObject
PolyTextOutA
GetObjectType
CreateSolidBrush
RoundRect
SetViewportOrgEx
CreateCompatibleBitmap
GetGlyphOutlineA
CreateDIBPatternBrush
Polyline
DeleteDC
Pie
GetFontLanguageInfo
GetColorAdjustment
GetBrushOrgEx
SetTextAlign
SetPixel
GetOutlineTextMetricsA
GetEnhMetaFileHeader
SetBkMode

wininet

DeleteIE3Cache
InternetQueryOptionW
InternetCrackUrlA
HttpSendRequestW
InternetHangUp
FtpSetCurrentDirectoryW
InternetAutodial
FtpGetFileA
HttpEndRequestW
HttpQueryInfoW
FindFirstUrlCacheEntryA
RetrieveUrlCacheEntryStreamA
InternetQueryOptionA
FtpDeleteFileW

kernel32

VirtualQuery
SetConsoleCtrlHandler
HeapFree
EnterCriticalSection
CompareStringW
WideCharToMultiByte
TerminateProcess
FreeLibrary
GetStartupInfoA
EnumSystemLocalesA
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
FindFirstFileW
LCMapStringA
GetStringTypeW
TlsFree
GetProcAddress
CompareStringA
InterlockedDecrement
GetModuleFileNameW
IsValidCodePage
GetTimeFormatA
GetCurrentThread
HeapSize
GetACP
GetCPInfo
WriteFile
QueryPerformanceCounter
GetCurrentProcess
GetTickCount
ExitProcess
TlsGetValue
GetOEMCP
GetModuleHandleA
LeaveCriticalSection
DeleteFileW
SetUnhandledExceptionFilter
GetDateFormatA
HeapAlloc
CreateEventA
LCMapStringW
FreeEnvironmentStringsW
GetFileType
HeapReAlloc
SetHandleCount
Sleep
GetCommandLineW
GetStringTypeA
VirtualFree
GetLastError
IsValidLocale
DeleteCriticalSection
GetUserDefaultLCID
TlsSetValue
LoadLibraryA
GetLocaleInfoW
GetCurrentProcessId
TlsAlloc
GetLocaleInfoA
RtlZeroMemory
GetModuleFileNameA
LoadLibraryExW
CommConfigDialogW
GetCurrentThreadId
InterlockedExchange
RtlUnwind
HeapCreate
InterlockedIncrement
GetSystemTimeAsFileTime
GetEnvironmentStringsW
VirtualAlloc
SetEnvironmentVariableA
GetModuleHandleW
MultiByteToWideChar
SetLastError
HeapDestroy
GetStdHandle
IsDebuggerPresent
UnhandledExceptionFilter
GetTimeZoneInformation

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 590KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02af0c412d7f938bbf5ff41216070d2a

Headers

File Characteristics

Imports

advapi32

shell32

gdi32

wininet

kernel32

Sections

.text Size: 158KB - Virtual size: 157KB

.data Size: 590KB - Virtual size: 569KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 158KB - Virtual size: 157KB

.data
Size: 590KB - Virtual size: 569KB

.rsrc
Size: 5KB - Virtual size: 5KB