0bfd1ecf8ce49214325a3dc944813da6

Sharing

Copy URL Twitter E-mail

General

Target

0bfd1ecf8ce49214325a3dc944813da6
Size

51KB
MD5

0bfd1ecf8ce49214325a3dc944813da6
SHA1

db5d773fbd55870cf1d4dd4f18fd944c4efc5fc2
SHA256

bd8156fcf9d5a2a24df2c192d0cef67de95327cb473d94057d893981081d0362
SHA512

1421424d72e35e9954c177958a952cd12188bc875a8e0954879723f66d1a092c055e55a80c5e1d3cfcac408c82b4ac3c18ad081f97927f11b8b4ad024ff7f61a
SSDEEP

768:11cLhhfsE+1LsBG6AgNCMC0rWIAbpAtkUD4Ceh2VTqM:12LiLKvjNCMWA62R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bfd1ecf8ce49214325a3dc944813da6

Files

0bfd1ecf8ce49214325a3dc944813da6
.exe windows:5 windows x86 arch:x86

26af74e73a5684352073e779a4eb0c18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_LoadImageW
ImageList_GetIcon
CreateStatusWindowW
ImageList_AddMasked
ImageList_Write
ImageList_GetIconSize

kernel32

FindResourceW
CallNamedPipeW
FileTimeToLocalFileTime
OpenFileMappingA
GlobalAlloc
GetCommandLineW
GetLongPathNameW
CreateNamedPipeA
SetLocalTime
FreeResource
SetUnhandledExceptionFilter
LocalLock
MoveFileA
GetUserDefaultLangID
GetCommandLineA
DisconnectNamedPipe
GetShortPathNameA
Sleep
GetBinaryTypeA
EnterCriticalSection
GetSystemWindowsDirectoryA
GetSystemTimeAsFileTime
LoadLibraryExA
SetFileTime
EscapeCommFunction
SetThreadPriority
TlsGetValue
GetLocaleInfoW
GlobalMemoryStatus
lstrcatA
OpenFileMappingW
ExitThread
CreateDirectoryA
SleepEx
GlobalMemoryStatusEx
GetNumberFormatA
EnumResourceNamesW
GlobalGetAtomNameA
SetLastError
TerminateThread
IsValidLanguageGroup
CompareStringW
LocalSize
GlobalFlags
IsBadCodePtr
SetErrorMode
CompareStringA
UnlockFile
LoadLibraryA
lstrlenA
IsBadReadPtr
FindNextChangeNotification
EnumResourceNamesA
LoadResource
WaitForMultipleObjects

shlwapi

StrToIntW

msvcrt

clearerr
iswspace
strcspn
iswdigit
fprintf
strcpy
isalnum
sprintf
swscanf
putchar
_controlfp
iswxdigit
atol
strerror
system
__set_app_type
__p__fmode
malloc
wcslen
wcsrchr
wcstod
strtol
__p__commode
_amsg_exit
iswctype
strtok
fread
strcoll
fgets
wcsncpy
_initterm
wcstok
_ismbblead
printf
setlocale
_XcptFilter
qsort
isalpha
tolower
gets
_exit
_cexit
__setusermatherr
__getmainargs
fclose
wcstombs
wcstoul

user32

IsWindowUnicode
OpenIcon
GetWindowDC
ReplyMessage
InSendMessage
DrawFocusRect
GetDlgCtrlID
FindWindowW
ShowWindow
SetMenu
RegisterHotKey
CharLowerW
GetMenuStringW
GetMenuItemCount
GetMenuItemRect
CreateCaret
BeginDeferWindowPos
GetClassInfoExW
RegisterWindowMessageA
LockWindowUpdate
IsWindowEnabled
LoadAcceleratorsA
CharToOemBuffA
FindWindowExA
SetParent
TileWindows
DispatchMessageA
OffsetRect
AttachThreadInput
GetClassInfoExA
MonitorFromPoint
RedrawWindow
CloseDesktop
ShowCursor
SetTimer
TranslateAcceleratorA
GetWindowTextA
GetSystemMetrics
SetRect
CharLowerA
AppendMenuA
CheckRadioButton
LoadImageA
FrameRect
SetSysColors
CreateDialogIndirectParamW
MessageBoxW
DefDlgProcW
CharPrevW
SwitchToThisWindow
CreatePopupMenu
SendDlgItemMessageW
ClientToScreen
InsertMenuW
AdjustWindowRect
EnableScrollBar
KillTimer
CreateIconFromResource
SetWindowLongW
GetKeyboardLayoutNameW
DrawFrameControl
EqualRect
GetScrollRange
CreateIconIndirect
GetMonitorInfoW
CreateWindowExA
GetMessageW
ExitWindowsEx
DestroyWindow
WaitMessage
DestroyCursor
VkKeyScanW
LoadStringA
SendMessageW
GetMessageTime
LookupIconIdFromDirectory
GetNextDlgGroupItem
GetCaretPos
GetMessageExtraInfo
DrawMenuBar
ReleaseDC
InSendMessageEx
GetCursorPos
InflateRect
GetAsyncKeyState
SendMessageA
ChildWindowFromPoint
RegisterClassExW
UpdateWindow
GetMenuItemInfoW
LoadCursorW
CharToOemA
ShowWindowAsync
IsChild
GetScrollPos
IsIconic
GetWindowTextW
GetClassNameW
DrawStateA
GetMenuStringA
ActivateKeyboardLayout
wvsprintfA
CreateCursor
SetDlgItemTextA
GetUpdateRect
GetKeyboardType
CopyAcceleratorTableW
wsprintfA
EnumThreadWindows
DeleteMenu
SendMessageTimeoutW
ChangeMenuW
SetActiveWindow
wsprintfW
IsCharAlphaW
ShowOwnedPopups
WaitForInputIdle

Exports

Exports

?GetShiftAltInfo@@YGK_KHE:O

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bit
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.insec
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inmin
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wall
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26af74e73a5684352073e779a4eb0c18

Headers

File Characteristics

Imports

comctl32

kernel32

shlwapi

msvcrt

user32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.bit Size: 1KB - Virtual size: 1KB

.insec Size: 6KB - Virtual size: 5KB

.inmin Size: 512B - Virtual size: 86B

.wall Size: 512B - Virtual size: 444B

.zdata Size: 12KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.bit
Size: 1KB - Virtual size: 1KB

.insec
Size: 6KB - Virtual size: 5KB

.inmin
Size: 512B - Virtual size: 86B

.wall
Size: 512B - Virtual size: 444B

.zdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1KB - Virtual size: 1KB