0c08136ac017180480c560e00d7b6603

Sharing

Copy URL Twitter E-mail

General

Target

0c08136ac017180480c560e00d7b6603
Size

300KB
MD5

0c08136ac017180480c560e00d7b6603
SHA1

2c9d25a607e9475a8c14272c5c77e319a6a2e4c2
SHA256

a661cca8bfcf31526d5cddd112f39f05159ba22cde339466e2d10dd04438a903
SHA512

10d88c6a113764948d02ca396e13cdbd2556c7c296bc0b828d689903549dc69f6ee4b5ce1cd4f2943955d32a27dec67ae910a2dd5ac97d70852244dacd240f73
SSDEEP

6144:pdii+88vJ4hqLTBcvu3nRBXxtvL+dfOaosEcJ8E28kz/:pdii+88xnT6vuhBDCFOaYc+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c08136ac017180480c560e00d7b6603

Files

0c08136ac017180480c560e00d7b6603
.exe windows:4 windows x86 arch:x86

937807e176257cb859ebe75ee39571aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2915
ord5572
ord6877
ord5710
ord939
ord2763
ord4129
ord3183
ord941
ord2764
ord825
ord5856
ord5683
ord4277
ord4278
ord858
ord6874
ord860
ord354
ord5186
ord665
ord5773
ord5442
ord1979
ord3337
ord533
ord5194
ord798
ord3811
ord540
ord2818
ord6407
ord1997
ord537
ord535
ord800
ord1601
ord823

msvcrt

__dllonexit
strncpy
strncmp
clearerr
strerror
fputc
fflush
free
fwrite
malloc
_errno
_fdopen
fprintf
printf
abs
_mbscmp
strcmp
time
_stricmp
_onexit
_exit
rand
getenv
strcpy
fopen
fclose
fseek
ftell
fread
memset
strstr
sprintf
_vsnprintf
_except_handler3
_mbsicmp
memcmp
__CxxFrameHandler
memcpy
wcslen
_wcsicmp
strcat
strlen
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
srand
_controlfp
_strlwr

kernel32

VirtualProtectEx
WriteProcessMemory
GetSystemDirectoryA
CreateFileA
GetFileSize
CreateFileMappingA
ReadProcessMemory
UnmapViewOfFile
VirtualQueryEx
Process32First
Process32Next
GetCurrentProcess
CloseHandle
MultiByteToWideChar
SetErrorMode
GetModuleHandleA
GetThreadContext
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
GetSystemInfo
OutputDebugStringA
FreeLibrary
WaitForSingleObject
CreateRemoteThread
VirtualAllocEx
GetModuleFileNameA
GetCurrentProcessId
GetProcAddress
LoadLibraryA
CreateProcessA
GetStartupInfoA
GetSystemWindowsDirectoryA
SizeofResource
LockResource
CreateToolhelp32Snapshot
MapViewOfFile
IsBadReadPtr
LocalAlloc
LocalFree
ExitProcess
GetVersionExA
LoadLibraryExA
lstrcpyA
GetWindowsDirectoryA
GetLocalTime
SetLocalTime
Sleep
GetVersion
GetCommandLineA
lstrcatA
lstrlenA
SetFileTime
SetFileAttributesA
CopyFileA
CreateDirectoryA
FindFirstFileA
FindClose
CreateThread
FindResourceA
VirtualAlloc
SetThreadContext
ResumeThread
TerminateProcess
CreatePipe
GetStdHandle
WriteFile
LoadResource

user32

FindWindowA

advapi32

AdjustTokenPrivileges
OpenProcessToken
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
CloseServiceHandle
RegSetValueExA
CreateServiceA
OpenSCManagerA
FreeSid
SetSecurityInfo
AddAccessDeniedAce
InitializeAcl
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
LookupPrivilegeValueA

shell32

ShellExecuteA

msvcp60

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

937807e176257cb859ebe75ee39571aa

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

msvcp60

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 164KB - Virtual size: 162KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 164KB - Virtual size: 162KB