0be6896bbbf217e8c68e2dba10b87349

Sharing

Copy URL Twitter E-mail

General

Target

0be6896bbbf217e8c68e2dba10b87349
Size

403KB
MD5

0be6896bbbf217e8c68e2dba10b87349
SHA1

fa33b684d08e39c33074913b83350d185bd50a73
SHA256

8715ab3995a52b03ee6307af6c51bbb74b392887eb08076a3938a3bf56598eee
SHA512

48093621beaaccdb056fcd866dd2596abe4f99c7437f35b7a35993d59ddd34cb61412c55c9760a9944cffdfcfa0cee22ce969ead5cad8a055604a740e945362b
SSDEEP

6144:BiWxUn6faXjDOrOPQ2mE3EkUepeyLTYyqglC0x4nf3yJYdQ66RliKfokEhgHhdCg:ZxUn6MDlkyLTYX7/nq2SHlrNEhmhdCg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0be6896bbbf217e8c68e2dba10b87349

Files

0be6896bbbf217e8c68e2dba10b87349
.exe windows:4 windows x86 arch:x86

cff43c2b625ad6715b7c9c20a10a844e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
VirtualFree
WritePrivateProfileStringA
EnterCriticalSection
SetLastError
GetCommandLineA
HeapAlloc
LoadLibraryA
GetFileType
LCMapStringA
FreeEnvironmentStringsA
GetPrivateProfileStructW
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTickCount
GetStartupInfoA
TlsGetValue
TlsSetValue
FreeEnvironmentStringsW
IsBadWritePtr
HeapDestroy
UnhandledExceptionFilter
InitializeCriticalSection
ReadConsoleOutputW
WideCharToMultiByte
MultiByteToWideChar
TlsFree
GetProcAddress
GetEnvironmentStrings
TlsAlloc
HeapFree
DeleteCriticalSection
HeapCreate
CreateFileMappingA
GetVersion
VirtualQuery
GetLastError
LeaveCriticalSection
GetSystemTimeAsFileTime
GetStdHandle
GetCurrentProcessId
GetEnvironmentStringsW
SetHandleCount
HeapReAlloc
WriteFile
ExitProcess
GetCurrentThread
GetACP
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
GetStringTypeW
GetModuleHandleA
LCMapStringW
GetModuleFileNameA
LockFileEx
GetCurrentThreadId
RtlUnwind

gdi32

FrameRgn
CreateRectRgn
GetNearestPaletteIndex
GetClipBox
GetEnhMetaFileHeader
GetFontData
CreateDIBPatternBrush
ResizePalette
GetEnhMetaFilePaletteEntries
GetWindowOrgEx
GetTextExtentPoint32W
GetWindowExtEx
AbortPath
Ellipse
GetSystemPaletteEntries
SetBrushOrgEx
DrawEscape
EnumFontsW
GetTextExtentPointW
CreateRoundRectRgn
GetEnhMetaFileA
CreateBrushIndirect
GetObjectW
GetMetaFileW

shell32

ExtractIconExA
FindExecutableW
ShellExecuteExA
ShellExecuteExW
SHGetPathFromIDListW
InternalExtractIconListW
SHAppBarMessage
SHGetSpecialFolderPathW
SHGetDiskFreeSpaceA
SHGetInstanceExplorer
SHUpdateRecycleBinIcon
DragQueryPoint
FreeIconList
DragFinish
DoEnvironmentSubstA
ShellHookProc
SHEmptyRecycleBinA

comdlg32

GetOpenFileNameA
GetFileTitleW
ChooseFontW
GetSaveFileNameA
FindTextW
ReplaceTextW
ReplaceTextA
PrintDlgA
ChooseColorA
ChooseFontA
ChooseColorW

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cff43c2b625ad6715b7c9c20a10a844e

Headers

File Characteristics

Imports

kernel32

gdi32

shell32

comdlg32

Sections

.text Size: 124KB - Virtual size: 124KB

.data Size: 267KB - Virtual size: 297KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 124KB - Virtual size: 124KB

.data
Size: 267KB - Virtual size: 297KB

.rsrc
Size: 11KB - Virtual size: 10KB