0ad9cde37d3b1df07ceb25fdc76d33e8

Sharing

Copy URL Twitter E-mail

General

Target

0ad9cde37d3b1df07ceb25fdc76d33e8
Size

189KB
MD5

0ad9cde37d3b1df07ceb25fdc76d33e8
SHA1

6f8889ddfcc1ed5ffdbaa1c5d7158f1fd4aa47f3
SHA256

e7dfb4ca6fc59ce34eac54a954e8e697d54df02dd8f013efd9a2557757181431
SHA512

b5ea04d3cdb638083bb904ebe6198637446d5979bbfca6743c21d0be5eeba17a7348caa1bab6fa40f6818e62437a5faac0fcc7c7f47cdb60ad27c5f5e0fec5d2
SSDEEP

3072:ixZwnzeUFYBzLfcSSTj/IrJ16nidoRJVYiUkxMpANOMkUbmwFCBhZOpK+SsQt:iDwnzlYBzLWTbIrJ16nieRLYZ0iANOH/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ad9cde37d3b1df07ceb25fdc76d33e8

Files

0ad9cde37d3b1df07ceb25fdc76d33e8
.exe windows:4 windows x86 arch:x86

0ed43d6c3ed19398d631c6fb84b499ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvfw32

ICInfo

user32

MonitorFromWindow
wsprintfW
CharNextA
CharNextW

advapi32

CryptCreateHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash

kernel32

LoadLibraryExA
ExitProcess
GetSystemDirectoryA
DeleteFileA
InterlockedIncrement
GetProcessHeap
GetFileAttributesW
EndUpdateResourceW
CloseHandle
GlobalAlloc
OutputDebugStringA
CreateFiberEx
InterlockedDecrement
GetCurrentThreadId
UnhandledExceptionFilter
FindFirstFileW
HeapReAlloc
FindNextFileW
AreFileApisANSI
SizeofResource
GetVersion
IsDebuggerPresent
CreateDirectoryA
CopyFileW
EnumResourceTypesW
FreeResource
UpdateResourceW
DeleteFileW
_lwrite
_lread
MapViewOfFile
InterlockedCompareExchange
ReadFile
GlobalLock
DeleteCriticalSection
GetModuleHandleW
FindFirstFileA
GetProcAddress
GetVersionExW
DebugBreak
TerminateProcess
EscapeCommFunction
GlobalUnlock
EnumResourceLanguagesW
GetTempFileNameW
_lclose
GetACP
WriteFile
SetUnhandledExceptionFilter
GetTickCount
GetFileAttributesA
LeaveCriticalSection
GetFileInformationByHandle
GetStringTypeExW
GetCurrentDirectoryW
GetTempPathW
SetFileAttributesW
CreateFileA
LoadLibraryA
HeapSize
RemoveDirectoryA
EnumResourceNamesW
EnumResourceNamesA
HeapDestroy
GetOEMCP
FindClose
BeginUpdateResourceW
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
FindResourceW
HeapFree
FindResourceExW
Sleep
lstrlenA
LoadResource
lstrcmpiA
SetLastError
FatalExit
CreateFileMappingA
InitializeCriticalSection
GetSystemTimeAsFileTime
GetLocaleInfoA
SetFileAttributesA
LockResource
GetFullPathNameW
lstrlenW
GlobalFree
RemoveDirectoryW
GetThreadLocale
GetEnvironmentVariableA
GetVersionExA
MultiByteToWideChar
GetCurrentProcessId
LoadLibraryExW
MoveFileW
CopyFileA
EnterCriticalSection
FormatMessageW
InterlockedExchange
WideCharToMultiByte
GetCurrentProcess
FindNextFileA
GetLastError
GetFullPathNameA
HeapAlloc
GetFileSize
LocalFree
_llseek
RaiseException
SetFilePointer
FreeLibrary
CreateFileW
GetCommandLineW
CreateDirectoryW
lstrcpyA

psapi

GetProcessMemoryInfo

imagehlp

ImageGetDigestStream
ImageNtHeader
ImageRvaToVa
ImageDirectoryEntryToData

shell32

CommandLineToArgvW

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ed43d6c3ed19398d631c6fb84b499ba

Headers

File Characteristics

Imports

msvfw32

user32

advapi32

kernel32

psapi

imagehlp

shell32

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 14KB - Virtual size: 13KB

.lib Size: 512B - Virtual size: 72KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 14KB - Virtual size: 13KB

.lib
Size: 512B - Virtual size: 72KB