0b8886b9394c4925b50a36f553542909

Sharing

Copy URL Twitter E-mail

General

Target

0b8886b9394c4925b50a36f553542909
Size

1.3MB
MD5

0b8886b9394c4925b50a36f553542909
SHA1

1a1c82616dd2e6403869b92e0ffb7b8c7e3a4019
SHA256

26bff20c60d15d819520fe66774e270af2e670db9cda93242b50ef48531cd4ab
SHA512

71b1cac290ccd51fc4323a8bf32db0941e6392a039dab019435655050124a32a2ada3d10fe09e764d116465a2af630f2bd44de213d3c02f866436a199cf4b01d
SSDEEP

12288:T0kIO1CHzt/amyOqP74MecGLo4ZVZf7JA941Yfb3f/9m2wbi4NjgGZCu6fmsHgvr:T0kIO1CTlaQ2xm2wb7JgeCeiU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b8886b9394c4925b50a36f553542909

Files

0b8886b9394c4925b50a36f553542909
.exe windows:4 windows x86 arch:x86

9c31b938ff6137db35b1cc535cc4386c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleInformation

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

inet_addr
htons
closesocket
accept
htonl
select
ioctlsocket
ntohs
send
recv
inet_ntoa
WSAGetLastError
bind
connect
WSAStartup
socket
listen
__WSAFDIsSet
shutdown
gethostbyaddr
gethostbyname
WSACleanup
sendto

kernel32

lstrcatA
lstrcpyA
GetVersionExA
lstrcmpW
CompareStringW
GlobalDeleteAtom
FreeResource
lstrlenW
GlobalFree
GlobalUnlock
GlobalLock
MulDiv
LocalFree
GlobalAlloc
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
InterlockedIncrement
GetThreadLocale
WriteFile
SetFilePointer
FlushFileBuffers
TlsSetValue
UnlockFile
SetEndOfFile
DuplicateHandle
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
GetFileAttributesW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetFileAttributesA
RtlUnwind
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
MoveFileA
DeleteFileA
HeapReAlloc
VirtualAlloc
GetSystemInfo
HeapSize
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
TlsGetValue
TlsFree
TlsAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileMappingA
Sleep
GetProcessVersion
VirtualQueryEx
GetCurrentThread
GetThreadContext
lstrlenA
CreateFileA
GetFileSize
GetModuleHandleW
VirtualProtect
VirtualProtectEx
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
Module32FirstW
Module32NextW
GetModuleHandleA
IsBadReadPtr
Thread32First
GetCurrentThreadId
OpenThread
SuspendThread
Thread32Next
GetVersion
GetVersionExW
FindFirstFileA
FindNextFileA
FindClose
VirtualQuery
GetModuleFileNameA
FindResourceExW
GetCurrentProcessId
OutputDebugStringA
InterlockedDecrement
CreateThread
GetStartupInfoW
ReadFile
GetExitCodeProcess
WaitForSingleObject
WideCharToMultiByte
GetACP
FormatMessageW
GetPrivateProfileStringA
GetCurrentProcess
Process32FirstW
OpenProcess
ResumeThread
GetTickCount
TerminateProcess
OutputDebugStringW
CreateProcessW
GetPrivateProfileIntW
MultiByteToWideChar
Process32NextW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateToolhelp32Snapshot
GlobalFindAtomW
GlobalAddAtomW
GetProcAddress
FreeLibrary
LoadLibraryW
SetLastError
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
LockResource
FindResourceW
GetModuleFileNameW
LoadLibraryA
SizeofResource
LoadResource
CloseHandle
GetLastError
InterlockedCompareExchange
LockFile

user32

GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
LoadCursorW
UnregisterClassW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
CharUpperW
RegisterClipboardFormatW
PostThreadMessageW
DestroyMenu
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IsWindowEnabled
MoveWindow
IsDialogMessageW
SetMenuItemBitmaps
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
ReleaseDC
GetDC
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetFocus
SetFocus
ClientToScreen
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
KillTimer
SetWindowTextW
UnregisterClassA
EnableWindow
CreatePopupMenu
SetTimer
AppendMenuW
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
MessageBoxA
GetKeyState
PostMessageW
SetPropW
LoadImageW
GetWindowLongW
GetMenuItemCount
FindWindowW
SetWindowLongW
GetClassNameW
RemovePropW
EnumChildWindows
SetWindowPos
RegisterHotKey
GetWindowRect
DrawAnimatedRects
SetLayeredWindowAttributes
GetLayeredWindowAttributes
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetCursor
PostQuitMessage
GetClientRect
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
ValidateRect
SendMessageW
GetCursorPos
SetForegroundWindow
MessageBoxW
IsIconic
GetDesktopWindow
ShowWindow
GetWindowTextW
GetWindow
UnregisterHotKey
IsWindow
GetPropW
GetSystemMetrics
LoadIconW
GetMenuCheckMarkDimensions

gdi32

SetMapMode
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
RestoreDC
SaveDC
GetDeviceCaps
ExtTextOutW
CreateBitmap
CreateRectRgnIndirect
GetObjectW
Escape
SetBkColor
SetTextColor
GetClipBox
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
TextOutW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
ReportEventA
RegisterEventSourceA
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteW
SHFileOperationA
Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

StrStrW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
StrCpyW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CoTaskMemFree
StgCreateDocfile
StgOpenStorageEx
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromString
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
VariantInit
SystemTimeToVariantTime
SysStringLen
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
OleCreateFontIndirect
LoadTypeLi

dbghelp

StackWalk
SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymGetLineFromAddr
SymInitialize
SymFunctionTableAccess

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable

Sections

.text
Size: 992KB - Virtual size: 991KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c31b938ff6137db35b1cc535cc4386c

Headers

File Characteristics

Imports

psapi

version

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

dbghelp

wininet

Sections

.text Size: 992KB - Virtual size: 991KB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 56KB - Virtual size: 126KB

.rsrc Size: 40KB - Virtual size: 39KB

.vmp0 Size: 8KB - Virtual size: 5KB

.text
Size: 992KB - Virtual size: 991KB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 56KB - Virtual size: 126KB

.rsrc
Size: 40KB - Virtual size: 39KB

.vmp0
Size: 8KB - Virtual size: 5KB