0ba3ba7cc0bf2e66d0dbe2e3a49b41c9

Sharing

Copy URL Twitter E-mail

General

Target

0ba3ba7cc0bf2e66d0dbe2e3a49b41c9
Size

212KB
MD5

0ba3ba7cc0bf2e66d0dbe2e3a49b41c9
SHA1

421f2ddb8e1912dc96b293b3c0231f1c6fb70daa
SHA256

415d53ddbb2e7cd81cde2e6a36127ce6eaf6b09295d1df987648a3898135c952
SHA512

a821f80c4ed6d88f016276c0a87e0d544a4c9829ceac14327cef401057cb7ca156870a09b81110acba7e097021f9bff3b6f9aa257987d35f41411bc86e215dd4
SSDEEP

6144:3e0jcvqqDLPnd6gdexr0wecybrjBWqxhIYsm:3e0jcyqnP4gAGcybxpIJm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ba3ba7cc0bf2e66d0dbe2e3a49b41c9

Files

0ba3ba7cc0bf2e66d0dbe2e3a49b41c9
.exe windows:5 windows x86 arch:x86

fac6b1f499960e215f3ad175c2f59767

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
Process32FirstW
RemoveDirectoryW
QueryDosDeviceW
Process32NextW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
GetModuleHandleA
SetEvent
OpenEventW
GetCommandLineW
Sleep
GetComputerNameW
GetVersionExW
DuplicateHandle
GetCurrentProcessId
GetLastError
TlsSetValue
TerminateProcess
SetThreadPriority
ResetEvent
lstrcmpiA
GetNativeSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
CreateRemoteThread
GetThreadContext
SetThreadContext
GetProcessId
SetHandleInformation
CreatePipe
MoveFileExW
GetUserDefaultUILanguage
WTSGetActiveConsoleSessionId
GlobalLock
GlobalUnlock
LoadLibraryW
VirtualFreeEx
WideCharToMultiByte
Thread32First
OpenProcess
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
OpenMutexW
GetFileSizeEx
GetTempPathW
lstrlenW
MultiByteToWideChar
GetTimeZoneInformation
ReadFile
Thread32Next
lstrcpynW
HeapCreate
HeapDestroy
TlsGetValue
ReadProcessMemory
GetCurrentThread
CreateDirectoryW
HeapFree
GetLogicalDriveStringsW
SetFilePointerEx
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
WaitForMultipleObjects
CreateEventW
GetLocalTime
WaitForSingleObject
ExitThread
GetFileAttributesExW
lstrcmpiW
GetModuleFileNameW
ExitProcess
CloseHandle
EnterCriticalSection
GetProcAddress
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
GetFileAttributesW
LeaveCriticalSection
InitializeCriticalSection
WriteFile
GetPrivateProfileStringW
GetModuleHandleW
ReleaseMutex
GetCurrentThreadId
SetLastError
GetTickCount
SetErrorMode

user32

GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerW
CharToOemW
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
EndPaint
GetUpdateRgn
RegisterClassExA
ExitWindowsEx
DefFrameProcA
OpenInputDesktop
BeginPaint
GetUpdateRect
GetDC
TranslateMessage
RegisterClassExW
GetClipboardData
GetDCEx
GetMenuItemCount
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
RegisterClassW
MessageBoxA
GetKeyboardLayoutList
PrintWindow
EqualRect
PostThreadMessageW
GetSystemMetrics
GetKeyboardState
ToUnicode
MapVirtualKeyW
DrawIcon
GetIconInfo
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
SetKeyboardState
GetSubMenu
OpenDesktopW
MenuItemFromPoint
GetMenu
TrackPopupMenuEx
GetMenuItemRect
SystemParametersInfoW
GetClassNameW
DefDlgProcW
GetMenuState
CallWindowProcA
CallWindowProcW
DefWindowProcW
HiliteMenuItem
GetUserObjectInformationW
EndMenu
GetShellWindow
CharLowerBuffA
FillRect
DefFrameProcW
RegisterClassA
GetMessageA
GetWindowRect
GetMessageW
SetCapture
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
SetWindowPos
GetCursorPos
DrawEdge
ReleaseDC
IntersectRect
SendMessageTimeoutW
IsWindow
ReleaseCapture
SendMessageW
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
IsRectEmpty
GetWindowDC

advapi32

CreateProcessAsUserA
CreateProcessAsUserW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
IsWellKnownSid
GetLengthSid
RegEnumKeyExW
ConvertSidToStringSidW
SetSecurityInfo
RegCreateKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
EqualSid

shlwapi

PathMatchSpecW
StrCmpNIW
PathQuoteSpacesW
StrStrIW
StrStrIA
PathRenameExtensionW
PathIsURLW
wvnsprintfA
StrCmpNIA
UrlUnescapeA
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBSection
RestoreDC
SaveDC
CreateCompatibleDC
SetRectRgn
SelectObject
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap

ws2_32

WSASend
getaddrinfo
accept
getsockname
WSAEventSelect
listen
WSASetLastError
freeaddrinfo
recvfrom
getpeername
inet_addr
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
closesocket
gethostbyname
send
bind
recv
sendto
setsockopt
shutdown
WSAGetLastError
select
socket

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore

wininet

InternetReadFileExA
InternetReadFile
HttpSendRequestW
HttpOpenRequestA
HttpEndRequestA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersA
InternetSetStatusCallbackA
InternetQueryOptionA
InternetOpenA
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetCloseHandle
HttpEndRequestW
HttpSendRequestA
InternetQueryDataAvailable
InternetSetFilePointer
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW
HttpOpenRequestW

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fac6b1f499960e215f3ad175c2f59767

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 199KB - Virtual size: 199KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 199KB - Virtual size: 199KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB