0b53bb47f81fec54673331fef59b1d42

Sharing

Copy URL Twitter E-mail

General

Target

0b53bb47f81fec54673331fef59b1d42
Size

152KB
MD5

0b53bb47f81fec54673331fef59b1d42
SHA1

c5e2ad8080796b3a2dce833d19847a5639777c3f
SHA256

a382533b992248cb56408f340b10e15484c8f208d8459d9af61e1d191e6af388
SHA512

d174937c1dc8c4f5dd9e868975e61d7f997658f0eb0628c9ab146da9e1956be29617c2bb032155e951abcf5e0966e546a61181aa8bf6a639640dcf774d2c8858
SSDEEP

3072:X0CoD1h//HQia6kalYUPZsneByEmeqgCSC1N5XN9aWO/GBlqbMo:X0V1h/4i7LlYUP2nwyOXCSC1NLlqYo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b53bb47f81fec54673331fef59b1d42

Files

0b53bb47f81fec54673331fef59b1d42
.exe windows:4 windows x86 arch:x86

dc50ab00330426a3f4d63a6fb666bddf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleInitialize
OleSetContainedObject

ws2_32

ioctlsocket
listen
ntohl
inet_addr
recv
send
socket
WSAConnect
WSASocketA
WSAWaitForMultipleEvents

clusapi

ClusterNodeOpenEnum
AddClusterResourceDependency
BackupClusterDatabase
ChangeClusterResourceGroup
CloseClusterGroup
CloseClusterNetInterface
CloseClusterNetwork
CloseClusterNotifyPort
CloseClusterResource
ClusterControl
ClusterEnum
ClusterGetEnumCount
ClusterGroupCloseEnum
ClusterGroupControl
ClusterGroupEnum
ClusterGroupGetEnumCount
SetClusterServiceAccountPassword
SetClusterQuorumResource
SetClusterNetworkPriorityOrder
SetClusterNetworkName
SetClusterName
SetClusterGroupNodeList
SetClusterGroupName
ResumeClusterNode
RestoreClusterDatabase
RemoveClusterResourceNode
RemoveClusterResourceDependency
RegisterClusterNotify
PauseClusterNode
OpenClusterResource
OpenClusterNode
OpenClusterNetwork
OpenClusterNetInterface
OpenClusterGroup
OfflineClusterResource
OfflineClusterGroup
MoveClusterGroup
GetNodeClusterState
GetClusterResourceTypeKey
GetClusterResourceState
GetClusterResourceNetworkName
GetClusterResourceKey
GetClusterQuorumResource
GetClusterNotify
GetClusterNodeState
GetClusterNodeKey
GetClusterNodeId
GetClusterNetworkState
GetClusterNetworkKey
GetClusterNetworkId
GetClusterNetInterfaceState
GetClusterNetInterfaceKey
GetClusterNetInterface
GetClusterKey
GetClusterInformation
GetClusterFromResource
GetClusterFromNode
GetClusterFromNetwork
GetClusterFromNetInterface
GetClusterFromGroup
FailClusterResource
EvictClusterNodeEx
EvictClusterNode
CreateClusterResourceType
CreateClusterResource
CreateClusterNotifyPort
CreateClusterGroup
ClusterResourceTypeOpenEnum
ClusterResourceTypeEnum
ClusterResourceTypeControl
ClusterResourceTypeCloseEnum
ClusterResourceOpenEnum
ClusterResourceGetEnumCount
ClusterResourceEnum
ClusterResourceControl
ClusterResourceCloseEnum
ClusterRegSetValue
ClusterRegSetKeySecurity
ClusterRegQueryValue
ClusterRegQueryInfoKey
ClusterRegOpenKey
ClusterRegGetKeySecurity
ClusterRegEnumValue
ClusterRegEnumKey
ClusterRegDeleteKey
ClusterRegCreateKey
ClusterOpenEnum
ClusterGroupOpenEnum
ClusterNetworkOpenEnum
ClusterNetworkGetEnumCount
ClusterNetworkEnum
ClusterNetworkControl
ClusterNetworkCloseEnum
ClusterNetInterfaceControl

cryptui

CryptUIWizFreeDigitalSignContext
CryptUIWizDigitalSign
CryptUIDlgViewContext
CryptUIDlgSelectCertificateFromStore
CryptUIWizImport

dciman32

DCISetClipList
DCISetDestination
DCISetSrcDestClip
DCIOpenProvider
WinWatchGetClipList
WinWatchNotify
WinWatchOpen
DCIDestroy
DCICreatePrimary
DCICreateOverlay
DCIBeginAccess
GetDCRegionData

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
_exit
fopen
fseek
fread
fclose
strncmp
time

kernel32

GetStartupInfoA
GetModuleHandleA
CreateEventA
WaitForSingleObject
PulseEvent
VirtualProtect
WriteConsoleW
GetModuleFileNameA
GetFileTime
MultiByteToWideChar
ExitProcess
LoadLibraryA
ReleaseMutex
CreateMutexA
OpenMutexA
DeleteFileA
FindFirstChangeNotificationA
ResetEvent
GetEnvironmentVariableA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
GetCurrentThread

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc50ab00330426a3f4d63a6fb666bddf

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ws2_32

clusapi

cryptui

dciman32

msvcrt

kernel32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 36KB - Virtual size: 769KB

.rsrc Size: 4KB - Virtual size: 456B

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 36KB - Virtual size: 769KB

.rsrc
Size: 4KB - Virtual size: 456B