0b774e9edc58b43b4816df65abac7b33

Sharing

Copy URL Twitter E-mail

General

Target

0b774e9edc58b43b4816df65abac7b33
Size

150KB
MD5

0b774e9edc58b43b4816df65abac7b33
SHA1

f2b712f9a8e7a60cbd5bc0c3718a94bda55bf9f8
SHA256

f25c85ff451dc2ae90f40b1568b22c8b96fcd9d77e263c52dfce7642448bdc79
SHA512

1b3959319e3bb191f1b6facfc2d13ecf772767a7fe6666bd5dfb51a875bdae6cc49da9ed9f92b7a931ee09601471842cc21112a0ad5c284f468ede6d1a57eba7
SSDEEP

3072:72PI/d/I0Co6qvvju2PIPpW80Mej9JyD:72PI/d/RCo6qHClPfZeJe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b774e9edc58b43b4816df65abac7b33

Files

0b774e9edc58b43b4816df65abac7b33
.exe windows:5 windows x86 arch:x86

371330e5de2773b9f773efa2ff14fd55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
WSAStartup
inet_addr
htons
WSACleanup
recv
socket
closesocket
gethostbyname
send

kernel32

MulDiv
RtlMoveMemory
GetProcAddress
LockResource
ExitProcess
GetCommandLineW
CreateMutexW
lstrcmpA
lstrlenA
lstrcpynA
GetModuleHandleW
VirtualFree
OpenProcess
SizeofResource
TerminateThread
Sleep
GetVersionExW
lstrcpynW
TerminateProcess
lstrcatA
lstrcmpW
lstrlenW
GetStartupInfoW
GetLastError
VirtualAlloc
lstrcatW
GetCurrentThreadId
CloseHandle
lstrcpyW
RtlZeroMemory
CreateThread
lstrcpyA
LoadLibraryW
GetProcessHeap
HeapFree
HeapAlloc
LoadResource
FreeLibrary
FindResourceW
FreeResource
WideCharToMultiByte

user32

MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExW
CreateWindowExW
FindWindowExW
CreateDialogParamW
ReleaseCapture
SetMenu
ShowWindow
LoadStringW
GetCursorPos
SetWindowPos
GetSysColor
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
EnableMenuItem
SetClassLongW
SystemParametersInfoW
GetWindowTextW
AppendMenuW
GetWindowLongW
SetRect
GetWindowTextA
LoadIconW
RegisterClassExW
wsprintfW
SetFocus
GetClientRect
FindWindowW
IsWindowEnabled
CreateIconFromResourceEx
LoadCursorW
AttachThreadInput
TrackMouseEvent
DialogBoxParamW
SetForegroundWindow
KillTimer
UnregisterClassW
SetCapture
FillRect
TrackPopupMenu
SendDlgItemMessageA
LockSetForegroundWindow
GetWindowRect
SetTimer
GetWindowTextLengthW
SetCursor
DestroyWindow
MapWindowPoints
EnableWindow
DestroyMenu
SetWindowTextW
DestroyIcon
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
GetDC
ReleaseDC
SendMessageW
CreatePopupMenu

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetTextExtentPoint32W
SetTextColor
SelectObject
GetDeviceCaps
DeleteDC
CreateSolidBrush
GetStockObject
TextOutW
GetObjectW
CreateFontW
SetBkMode

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

371330e5de2773b9f773efa2ff14fd55

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 11KB

.tls Size: 13KB - Virtual size: 13KB

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 11KB

.tls
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 116KB - Virtual size: 116KB