0b25d7d6e0b074a167434c94e798ef77

Sharing

Copy URL Twitter E-mail

General

Target

0b25d7d6e0b074a167434c94e798ef77
Size

511KB
MD5

0b25d7d6e0b074a167434c94e798ef77
SHA1

b5c85f7c8d5a909bfdff43a509d7010ae9dd93a7
SHA256

bbe0f122bd72754cd034c19c59e7424d7ba9f70a1a40f7417931c8755f35e3d8
SHA512

a09e03f094c7ad24e1bf69e33d3b37bce05e4666d2536075197cd08398df4ef42921aa873d300d22f97c916f15d7daefd4302cba92454348f75f2f4531a581fa
SSDEEP

6144:mHzy0iqQIjBpQ2oCTwOEGhN89NHOPC642sEppFcX5liacJHYjqLRgCCS+i18MD6K:mHzyaQsbTLEnCF3IlSYMRgCZKMW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b25d7d6e0b074a167434c94e798ef77

Files

0b25d7d6e0b074a167434c94e798ef77
.exe windows:4 windows x86 arch:x86

f74125b82a9005c5fc3ca027d819880f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

GetCurrentProcess
GetCurrentThreadId
GetACP
CreateMutexW
TerminateProcess
GetUserDefaultLCID
GetConsoleScreenBufferInfo
GetVersionExA
LCMapStringA
GetCurrentProcessId
IsValidCodePage
GetSystemTimeAsFileTime
FreeLibrary
HeapFree
HeapDestroy
SetLastError
TlsFree
GetModuleHandleA
HeapAlloc
GetStdHandle
CreateFileA
FlushFileBuffers
TlsSetValue
GetCurrentThread
ExitProcess
GetProcessHeap
GetModuleFileNameW
CompareStringA
GetEnvironmentStrings
HeapReAlloc
UnhandledExceptionFilter
CloseHandle
GetDateFormatA
GetTimeFormatA
TlsAlloc
LCMapStringW
GetFileType
InitializeCriticalSection
LoadLibraryA
GetEnvironmentStringsW
ReadConsoleOutputW
WideCharToMultiByte
SetStdHandle
HeapCreate
LeaveCriticalSection
InterlockedDecrement
DeleteCriticalSection
GetProcAddress
GetLocaleInfoA
GetModuleFileNameA
TlsGetValue
GetConsoleMode
QueryPerformanceCounter
GetStartupInfoA
WriteConsoleW
GetOEMCP
EnterCriticalSection
HeapSize
GetConsoleOutputCP
IsValidLocale
WriteConsoleA
EnumSystemLocalesA
VirtualAlloc
ReadFile
Sleep
VirtualQuery
GetConsoleCP
GetCommandLineA
CompareStringW
IsDebuggerPresent
SetHandleCount
InterlockedExchange
GetTimeZoneInformation
SetUnhandledExceptionFilter
InterlockedIncrement
GetStringTypeW
WriteFile
CreateMutexA
SetConsoleCtrlHandler
SetEnvironmentVariableA
MultiByteToWideChar
VirtualFree
GetLocaleInfoW
SetFilePointer
GetStringTypeA
GetTickCount
OpenMutexA
GetLastError
RtlUnwind
FreeEnvironmentStringsW
GetCPInfo
FreeEnvironmentStringsA

advapi32

InitializeSecurityDescriptor
RegQueryMultipleValuesW
GetUserNameA
RegSetKeySecurity
StartServiceA
CryptCreateHash
CryptSignHashA
CryptGetProvParam
RegQueryMultipleValuesA
CryptSignHashW
RegEnumKeyA
CryptGetDefaultProviderA
RegCreateKeyExW
RegDeleteKeyA
CryptSetProviderA
LogonUserA
RegCloseKey
RegNotifyChangeKeyValue
CryptDestroyKey
CryptGenKey
RegEnumValueW

user32

PeekMessageW
DrawFrameControl
GetWindowPlacement
RegisterDeviceNotificationA
OpenInputDesktop
IsDialogMessageW
DdeCreateStringHandleA
DefMDIChildProcA
DrawAnimatedRects
DdeCreateDataHandle
RegisterClassA
RegisterClassExA
GetClassNameW

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f74125b82a9005c5fc3ca027d819880f

Headers

File Characteristics

Imports

comctl32

kernel32

advapi32

user32

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 19KB - Virtual size: 36KB

.data Size: 105KB - Virtual size: 105KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 19KB - Virtual size: 36KB

.data
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 13KB - Virtual size: 13KB