0bdd720e4a2baa57f35cfddc4c49f9fd

Sharing

Copy URL Twitter E-mail

General

Target

0bdd720e4a2baa57f35cfddc4c49f9fd
Size

251KB
MD5

0bdd720e4a2baa57f35cfddc4c49f9fd
SHA1

d3491efbf1440e97388a1db62b6f242677fc44b4
SHA256

c99e400f07502c3048aab2809af934cd6db3ebd6b1bc4178f7fb97b35f9bc430
SHA512

b19b29a2b154729bfaa0978a18f313952e6f3a2656b8e293608f8dbf53b9fb43c22dab20877308bcb20ce4d4b97aac877741d4fe02c499e40a8aab41bbf2638f
SSDEEP

6144:Ybih2nfJybfEOdme74s4g4uzfZC6wv+roE2JgPC:f0nfJIfwOzfgFEEgq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bdd720e4a2baa57f35cfddc4c49f9fd

Files

0bdd720e4a2baa57f35cfddc4c49f9fd
.exe windows:4 windows x86 arch:x86

286bac72b9a1dab085f6660b01069bd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
??3@YAXPAX@Z
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
memcpy_s
_recalloc
__CxxFrameHandler3
malloc
wcsncpy_s
_purecall
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??_U@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
_CxxThrowException
memmove_s
exit
??2@YAPAXI@Z
_wcsnicmp
wcscat_s
wcscpy_s
_wsplitpath_s
__argc
_set_sbh_threshold
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
wcsrchr
??_V@YAXPAX@Z
memset
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
free
_crt_debugger_hook
_except_handler3

comctl32

ord17

kernel32

GetVersionExA
GetThreadLocale
GetLocaleInfoA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetACP
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
LocalAlloc
OpenMutexW
CreateMutexW
ReleaseMutex
WaitForMultipleObjects
FindClose
DeleteFileW
FindNextFileW
FindFirstFileW
InterlockedExchange
RaiseException
GetModuleFileNameW
GetLastError
GetModuleHandleW
lstrlenW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetCurrentProcessId
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
CreateThread
GetCommandLineW
GetCurrentThreadId
lstrcmpiW
LockResource
Sleep
FormatMessageW
LocalFree
InterlockedIncrement
InterlockedDecrement

user32

PostThreadMessageW
GetMessageW
UnregisterClassA
PeekMessageW
MessageBoxW
CharNextW
SetForegroundWindow
ShowWindow
IsIconic
IsWindowVisible
LoadStringW

advapi32

RegEnumKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegSetKeySecurity
RegGetKeySecurity

shell32

CommandLineToArgvW

ole32

CoSuspendClassObjects
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
StringFromGUID2
OleUninitialize

oleaut32

CreateErrorInfo
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VarUI4FromStr
VarBstrCmp

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

286bac72b9a1dab085f6660b01069bd5

Headers

File Characteristics

Imports

msvcr80

comctl32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 7KB - Virtual size: 7KB

.rrdata Size: 76KB - Virtual size: 76KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 7KB - Virtual size: 7KB

.rrdata
Size: 76KB - Virtual size: 76KB