0b5dd23feff83d8467b6fc312529f6fa

Sharing

Copy URL Twitter E-mail

General

Target

0b5dd23feff83d8467b6fc312529f6fa
Size

3.3MB
MD5

0b5dd23feff83d8467b6fc312529f6fa
SHA1

7898b17ff48245a341a4d3ed485c1d5ce7fe221c
SHA256

341357943fd79c2c59953be3a6ac4d26786a12e9dffa37fd7cbd78e60c20ab50
SHA512

235b0a74854ba930c305dfe9f66db7ba9a9c2e35378cb251b43c74b39d0f6b3fc8f2c497dcd01c2aedb07d86310b881a5a536b3f041a43ff0e0895b5d8a291ee
SSDEEP

98304:Yvac4ql9XFpSWhvU3Y2uo0TJDeybdJ+0:YT4qljpSkvUgVTJDeybm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b5dd23feff83d8467b6fc312529f6fa

Files

0b5dd23feff83d8467b6fc312529f6fa
.exe windows:5 windows x86 arch:x86

4663c2a42efe82524350f981246d0fc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
exit
_XcptFilter
_exit
_except_handler3
_acmdln

imm32

ImmGetContext
ImmSetCandidateWindow
ImmNotifyIME
ImmReleaseContext
ImmGetCompositionStringW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetSetFilePointer
InternetReadFile
FtpOpenFileW
HttpQueryInfoW
InternetSetOptionW
HttpOpenRequestW
InternetWriteFile
InternetOpenW
InternetCrackUrlW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetConnectW

kernel32

GetStartupInfoA
LoadLibraryA
GetVersion
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
GetCommandLineA
FindNextFileW
TerminateProcess
RemoveDirectoryW
CreateNamedPipeW
WaitForMultipleObjects
CreatePipe
SetFilePointer
SetEndOfFile
CreateMutexW
FindClose
GetLocaleInfoW
ReleaseMutex
GetSystemDirectoryW
UnmapViewOfFile
GetModuleHandleA
DisconnectNamedPipe
GetLogicalDriveStringsW
GetFileAttributesExW
GetDiskFreeSpaceExW
TerminateThread
QueryPerformanceFrequency
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
SetCurrentDirectoryW
CreateProcessW
CreateFileMappingW
MapViewOfFile
MoveFileW
GetDriveTypeW
ConnectNamedPipe
SetUnhandledExceptionFilter
GetCommandLineW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindNextFileA
GetProcessHeap
GetOEMCP
FindFirstFileW
GetConsoleCP
WideCharToMultiByte
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapAlloc
GetACP
ExitThread
GetTimeZoneInformation
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
GetProcessAffinityMask
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
CompareStringW
GetStringTypeW
GetCPInfo
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetExitCodeThread
WaitForSingleObjectEx
DuplicateHandle
SetHandleInformation
CancelIo
GetVolumeInformationW
SetThreadAffinityMask
ReadFile
CreateDirectoryW
FindResourceW
LoadResource
CreateFileW
LocalAlloc
GetFileAttributesW
GetTempPathW
GetModuleFileNameW
CloseHandle
CreateFileA
LockResource
LeaveCriticalSection
WriteConsoleW
SizeofResource
GetPriorityClass
ResetEvent
GetThreadPriority
SetEvent
Sleep
MultiByteToWideChar
CreateEventW
SetThreadPriority
SetPriorityClass
GetProcAddress
OutputDebugStringW
OutputDebugStringA
DeleteCriticalSection
RaiseException
GetLastError
GetConsoleMode
FlushFileBuffers
WriteFile
ReadConsoleW
DeviceIoControl
LocalFree
FormatMessageW
IsValidCodePage
EnterCriticalSection

user32

GetParent
SystemParametersInfoW
EnableMenuItem
ShowCaret
DrawIconEx
GetClientRect
ToUnicode
SetClipboardData
SetCapture
LoadCursorW
FindWindowW
MoveWindow
GetMessageTime
GetForegroundWindow
IsChild
EmptyClipboard
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
GetAsyncKeyState
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
GetCursorPos
MessageBeep
SetWindowTextW
IsWindow
GetWindowLongW
DestroyWindow
RegisterClassExW
ReleaseCapture
GetDesktopWindow
UnregisterClassW
SendMessageW
SetWindowPos
EnumChildWindows
GetIconInfo
ScreenToClient
EndDialog
GetSystemMetrics
GetWindowRect
IsWindowVisible
MessageBoxW
GetClipboardData
MapVirtualKeyW
GetMessagePos
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
ReleaseDC
SetForegroundWindow
InvalidateRect
EndPaint
GetDC
GetMessageW
PostMessageW
SendMessageTimeoutW
GetFocus
DispatchMessageW
PeekMessageW
EnumWindows
SetFocus
TranslateMessage
GetWindowTextW
GetWindowThreadProcessId
SetWindowLongW
SetCursorPos
GetWindowPlacement

gdi32

GetTextMetricsW
GetDeviceCaps
EnumFontFamiliesExW
CreateCompatibleDC
GetKerningPairsW
SwapBuffers
CombineRgn
CreateBitmap
DeleteDC
ExcludeClipRect
SetMapperFlags
GetGlyphOutlineW
DeleteObject
SetMapMode
CreateFontIndirectW
GetObjectW
GetRegionData
CreateRectRgnIndirect
StretchDIBits
CreateDIBSection
SaveDC
GetOutlineTextMetricsW
SelectObject
RestoreDC
Rectangle

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

Shell_NotifyIconW
ExtractAssociatedIconW
ShellExecuteW

ole32

OleCreate
OleSetContainedObject
RevokeDragDrop
RegisterDragDrop
CoInitialize
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateGuid
CLSIDFromString
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoUninitialize
DoDragDrop

Sections

.Pc75a9
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Qc75aa
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 29.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cis0
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4663c2a42efe82524350f981246d0fc6

Headers

File Characteristics

Imports

msvcrt

imm32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.Pc75a9 Size: 1.6MB - Virtual size: 1.6MB

.Qc75aa Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 29.9MB

.tls Size: 512B - Virtual size: 12B

.cis0 Size: 648KB - Virtual size: 648KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.Pc75a9
Size: 1.6MB - Virtual size: 1.6MB

.Qc75aa
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 29.9MB

.tls
Size: 512B - Virtual size: 12B

.cis0
Size: 648KB - Virtual size: 648KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB