0b857df330c2101c5016bdb30f64cc1f

Sharing

Copy URL Twitter E-mail

General

Target

0b857df330c2101c5016bdb30f64cc1f
Size

499KB
MD5

0b857df330c2101c5016bdb30f64cc1f
SHA1

f13940d8cd8af6db1afffc5c9a9b2b47cd676d56
SHA256

f263d0eabc22cbfc75b8a6906cbe25b7476e29a9ea6fd4a0e2589af10fc0ee32
SHA512

a702a68f049ddb4f9dda58e36b2231f30daa03e20e7529b022ac25c0a00646d88313109e92d5472c04cf49561b6277f9c116d5423ed9a3cc52698e92d3d2f977
SSDEEP

12288:E4LmlaV2hrQkF1gcGdAig5YTAyJ9qdEncihqW:EPlmaQk6TgS8yXukHE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b857df330c2101c5016bdb30f64cc1f

Files

0b857df330c2101c5016bdb30f64cc1f
.exe windows:4 windows x86 arch:x86

b7ada4af70473c151b22319abe2df47e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
EnterCriticalSection
FlushFileBuffers
GetStringTypeA
HeapFree
WideCharToMultiByte
HeapDestroy
SetLocaleInfoA
ExitProcess
TlsFree
MultiByteToWideChar
GetStartupInfoA
InterlockedExchange
HeapCreate
InitializeCriticalSection
GetModuleFileNameA
GetStringTypeW
LeaveCriticalSection
ReadFile
CreateMutexA
GetVersion
GetOEMCP
GetStartupInfoW
CreateFileMappingA
VirtualProtect
LoadLibraryA
GetEnvironmentStrings
Sleep
TlsAlloc
GetCurrentThread
GetCurrentProcessId
GetCommandLineW
UnhandledExceptionFilter
ReadConsoleW
GetModuleFileNameW
GetACP
GetSystemInfo
IsValidLocale
GetProcessAffinityMask
EnumSystemLocalesA
SetFilePointer
GetStdHandle
GetLastError
GetVersionExA
HeapAlloc
GetSystemTimeAsFileTime
InterlockedExchangeAdd
GetCurrentProcess
GetTimeFormatA
TerminateProcess
GetCurrentThreadId
GetTimeZoneInformation
GetEnvironmentStringsW
OpenMutexA
ReadConsoleInputW
CloseHandle
DeleteCriticalSection
GetFileType
GetDateFormatA
VirtualQuery
GetLocaleInfoW
VirtualAlloc
RtlUnwind
LCMapStringA
FreeEnvironmentStringsW
GetCommandLineA
lstrcat
HeapSize
SetLastError
SetEnvironmentVariableA
CompareStringW
QueryPerformanceCounter
GetProcAddress
GetModuleHandleA
IsValidCodePage
SetStdHandle
FreeEnvironmentStringsA
GetCPInfo
GetTickCount
CommConfigDialogW
SetHandleCount
VirtualFree
GetLocaleInfoA
IsBadWritePtr
TlsGetValue
CompareStringA
LCMapStringW
HeapReAlloc
WriteFile
GetUserDefaultLCID

shell32

SHGetFileInfo
DoEnvironmentSubstW

gdi32

GdiFlush
GetBrushOrgEx
ColorMatchToTarget
StrokeAndFillPath

user32

CountClipboardFormats
RegisterClassExA
GetCursor
RegisterClassA
SetRect

comctl32

InitCommonControlsEx

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
GetOpenFileNameW

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7ada4af70473c151b22319abe2df47e

Headers

File Characteristics

Imports

kernel32

shell32

gdi32

user32

comctl32

comdlg32

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 8KB - Virtual size: 36KB

.data Size: 312KB - Virtual size: 312KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 8KB - Virtual size: 36KB

.data
Size: 312KB - Virtual size: 312KB

.rsrc
Size: 13KB - Virtual size: 13KB