0b508e8a07b91758e0240bb5a881a0bb

Sharing

Copy URL

Twitter E-mail

General

Target

0b508e8a07b91758e0240bb5a881a0bb
Size

84KB
MD5

0b508e8a07b91758e0240bb5a881a0bb
SHA1

43caaf2bb84394547805903616714e7dede32025
SHA256

4499ff51f9e44e4a55b0d2f33d1791ee1f18c60e4b472c274bfadde149c992dc
SHA512

9595b823aeddfb36e9c21908c8b890106f30e4c8a336259b353718acf9ad157c8549d8a8d583bcd9fe7084049a0f73183214e6efbc3472d652c7c3478cc42359
SSDEEP

1536:uc1tCIbP5Q++oqcLaGv6SzLdeytury3J5MWY3cYsmgSwPMJ0:uc1tCIK++omGv6CLdbtury33/xNdv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b508e8a07b91758e0240bb5a881a0bb

Files

0b508e8a07b91758e0240bb5a881a0bb
.exe windows:4 windows x86 arch:x86

ef148b962a0fc7e1fd074bc4d51751aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegConnectRegistryW
RegCloseKey
IsValidSid

user32

GetKeyboardType
DestroyWindow
MessageBoxA
CharNextA
SetWindowWord
SetForegroundWindow
IsZoomed
IsWindow
GetForegroundWindow
EnumPropsA
CharLowerA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
MultiByteToWideChar
GetStartupInfoA
GetModuleFileNameA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteProcessMemory
VirtualProtect
TerminateProcess
SizeofResource
SetThreadContext
SetLastError
ResumeThread
ReadProcessMemory
LockResource
LoadResource
IsBadWritePtr
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetThreadContext
GetTapeStatus
GetSystemDefaultLangID
GetProcAddress
GetModuleHandleA
GetDriveTypeA
GetCurrentProcess
GetConsoleCP
GetCommandLineA
GetACP
FreeLibrary
FindResourceA
CreateProcessA
CloseHandle

gdi32

SetPixel
SetMetaRgn
SetBoundsRect
SetBkColor
GetTextAlign

Sections

.text
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef148b962a0fc7e1fd074bc4d51751aa

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

Sections

.text Size: 23KB - Virtual size: 24KB

.itext Size: 2KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 8KB

.bss Size: - Virtual size: 16KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: - Virtual size: 8KB

.reloc Size: - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 23KB - Virtual size: 24KB

.itext
Size: 2KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 8KB

.bss
Size: - Virtual size: 16KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: - Virtual size: 8KB

.reloc
Size: - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 26KB