0b99ac7881e7531a814eec3b3048110d

Sharing

Copy URL Twitter E-mail

General

Target

0b99ac7881e7531a814eec3b3048110d
Size

413KB
MD5

0b99ac7881e7531a814eec3b3048110d
SHA1

ca18d79d4134ff46ed7979ef647ca974fed8f469
SHA256

3a6c7a3ba1754634ce935069dae27a9896184ed517a114a8c8d8f108ebb190dd
SHA512

b8de37b54029d9e119fa3a33f54db0b13404bb73eb3ad0a7e628724f7c055a5be2c5a5cb4441c2acb87e4a598daee55cca71c588a97277df0bb45d10ef357943
SSDEEP

12288:n1NXS0YwKLfntMyY+mAnsUknJ4b4hlzcL2:1onsub4fzcL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b99ac7881e7531a814eec3b3048110d

Files

0b99ac7881e7531a814eec3b3048110d
.exe windows:4 windows x86 arch:x86

2d135fecb13d550170da2bad1c958b1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextExtentPoint32A
EnumFontFamiliesExW
GetRgnBox
DescribePixelFormat
GdiSetBatchLimit
FillRgn
GetClipRgn
GetCharWidth32W
FloodFill
CreateSolidBrush
CloseFigure
SetMapperFlags
SetViewportExtEx
GetCharABCWidthsFloatA
GetTextCharacterExtra
GdiPlayJournal
GdiPlayDCScript
ResetDCA
DeleteColorSpace
GdiPlayScript
DPtoLP
MoveToEx

wininet

InternetHangUp
FindNextUrlCacheEntryA
FtpGetCurrentDirectoryW
InternetGetLastResponseInfoA
UnlockUrlCacheEntryStream
ShowCertificate
InternetCanonicalizeUrlW
FindFirstUrlCacheEntryExA
GopherGetLocatorTypeA
InternetDial
InternetFindNextFileW
InternetConfirmZoneCrossing
IsUrlCacheEntryExpiredA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetTimeFromSystemTimeA

shell32

InternalExtractIconListW
ShellExecuteW
SHGetDiskFreeSpaceA
ShellExecuteExW
SHAppBarMessage
ExtractIconExW
SHGetDataFromIDListA
ExtractIconW
SHGetSpecialFolderLocation
DragQueryPoint
SHGetDataFromIDListW
SheChangeDirExW
RealShellExecuteW
SHGetMalloc
CommandLineToArgvW
DragFinish
SHGetSpecialFolderPathA
RealShellExecuteA

advapi32

InitiateSystemShutdownW
RegSaveKeyA
RegEnumKeyExW
RegLoadKeyA
AbortSystemShutdownW
CryptHashData
CryptEnumProvidersA
CryptGenKey
CryptDestroyKey
RegQueryValueExW
CryptSetProviderExA
RegReplaceKeyA
CryptSetProviderA
CryptEnumProviderTypesA
CryptVerifySignatureW
RegDeleteKeyW
RegEnumValueA
RegSetKeySecurity
RegCreateKeyA
CreateServiceW
CryptGenRandom
CryptDestroyHash
CryptEnumProvidersW
RegSaveKeyW
GetUserNameW

kernel32

HeapFree
GetStringTypeA
GetCurrentThreadId
GetStartupInfoW
SetEnvironmentVariableA
GetTickCount
FreeEnvironmentStringsW
GetCurrentProcessId
GetModuleHandleA
WaitForMultipleObjectsEx
EnumSystemLocalesA
InitializeCriticalSection
CompareStringW
LoadLibraryA
WideCharToMultiByte
GetOEMCP
GetDateFormatA
GetCompressedFileSizeW
OpenSemaphoreA
GetCurrentThread
EnterCriticalSection
SetLastError
TerminateProcess
SetHandleCount
FreeEnvironmentStringsA
GetUserDefaultLCID
DeleteCriticalSection
UnhandledExceptionFilter
QueryPerformanceCounter
VirtualProtect
GetSystemTimeAsFileTime
VirtualQuery
ExitThread
VirtualFree
GetCommandLineW
WriteFile
CompareStringA
GetCPInfo
RtlFillMemory
SetConsoleCP
LCMapStringW
GetProcAddress
GetLastError
IsValidCodePage
HeapCreate
MultiByteToWideChar
LeaveCriticalSection
TlsFree
GetCommandLineA
GetCurrentProcess
GetLocaleInfoW
GetACP
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeW
GetSystemInfo
VirtualAlloc
GetFileType
RtlUnwind
TlsAlloc
InterlockedExchange
IsBadWritePtr
GetModuleFileNameA
GetThreadTimes
LCMapStringA
TlsSetValue
HeapSize
HeapReAlloc
TlsGetValue
GetVersionExA
GetTimeZoneInformation
GetTimeFormatA
IsValidLocale
ExitProcess
GetEnvironmentStrings
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapAlloc
GetModuleFileNameW

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d135fecb13d550170da2bad1c958b1a

Headers

File Characteristics

Imports

gdi32

wininet

shell32

advapi32

kernel32

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 277KB - Virtual size: 298KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 277KB - Virtual size: 298KB

.rsrc
Size: 10KB - Virtual size: 9KB