0b50f86f5a8695ebde1e7222feccea32

Sharing

Copy URL Twitter E-mail

General

Target

0b50f86f5a8695ebde1e7222feccea32
Size

45KB
MD5

0b50f86f5a8695ebde1e7222feccea32
SHA1

55d236c7e7770e935f8d590a0e0d872090cff460
SHA256

e6574dcc17b91def0fad0a32e4092df9a7ac575a306a2cc622cd1343ceca6ed2
SHA512

3eee27ddd1274ab5c21017a6a925e90fa98d549d74a636cc0117de39cf20efb30e13a95d8abeea0627eb8d73ddcc481d082947c3b83513e222b7c0d2db3fdbca
SSDEEP

768:oNIPu8S3MEqmHkCchktKcon2hCOLQHUY57JKt+g:oNIW8S31qwkCcetfzLQHJKt+g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b50f86f5a8695ebde1e7222feccea32

Files

0b50f86f5a8695ebde1e7222feccea32
.exe windows:4 windows x86 arch:x86

2e71bb852040a96e70c55401d0633457

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemTime
CreateProcessA
SetFilePointer
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
CreateMutexA
GetLastError
CloseHandle
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW

user32

PostQuitMessage
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RegisterDeviceNotificationA
UnregisterDeviceNotification
RegisterClassExA
CreateWindowExA
KillTimer
SetTimer
DefWindowProcA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize
CoUninitialize
MkParseDisplayName
CoGetMalloc
CoCreateInstance
CreateBindCtx

oleaut32

SysFreeString
SysAllocString

ksproxy.ax

KsSynchronousDeviceControl

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e71bb852040a96e70c55401d0633457

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ksproxy.ax

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 22KB

.WYCao Size: 1KB - Virtual size: 12KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 22KB

.WYCao
Size: 1KB - Virtual size: 12KB