0d1ba99382a83de90707cd728de62ee2

Sharing

Copy URL Twitter E-mail

General

Target

0d1ba99382a83de90707cd728de62ee2
Size

523KB
MD5

0d1ba99382a83de90707cd728de62ee2
SHA1

23e7b32e55e697797a73bc0061cd21e8eda9f366
SHA256

b793673440ca8713f22cc1961e74b26970da14ddeb09ff826ac597e900ef5a85
SHA512

8cb14054e9e398faaacf21eb292f10c1bc552fdd057505aa8c40fec0a270ef3aa756f0fd01b4800dfac3b14b6732a9df9928f7ba06c52a0f8d1740447239d2af
SSDEEP

12288:Ue+PnsUT/kRpYd2r016N+7JbMbiy5/whlIZNitgMA:f+PsS/kb67JbMbiyF+lIug

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d1ba99382a83de90707cd728de62ee2

Files

0d1ba99382a83de90707cd728de62ee2
.exe windows:4 windows x86 arch:x86

1667f69f8aea15d911045ee0c642dfbc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetProfileIntW
GetCurrentThreadId
GetUserDefaultLCID
SetConsoleCtrlHandler
MultiByteToWideChar
GetStdHandle
InterlockedExchange
GetModuleFileNameA
CreateFileA
GetACP
CompareStringA
CloseHandle
LCMapStringW
HeapReAlloc
HeapSize
GetStringTypeA
GetDateFormatA
UnhandledExceptionFilter
VirtualAlloc
EnumResourceTypesA
GetCurrentProcess
EnumSystemLocalesA
HeapDestroy
GetCPInfo
GetStartupInfoW
GetTimeZoneInformation
SetUnhandledExceptionFilter
SetFilePointer
LeaveCriticalSection
GetStartupInfoA
SetHandleCount
GetCurrentThread
GetTickCount
InterlockedDecrement
GetLocaleInfoW
HeapFree
GetLastError
TlsGetValue
Sleep
VirtualFree
VirtualQuery
FreeEnvironmentStringsW
QueryPerformanceCounter
GetConsoleOutputCP
GetTimeFormatA
ReadFile
WriteFile
CreateMutexA
GetProcessHeap
RtlUnwind
GetProcAddress
LCMapStringA
IsValidLocale
SetLastError
GetLocaleInfoA
DeleteCriticalSection
GetStringTypeW
FindFirstFileA
HeapAlloc
IsValidCodePage
GetEnvironmentStrings
InitializeCriticalSection
GetCommandLineW
IsDebuggerPresent
TlsAlloc
OpenMutexA
GetSystemTimeAsFileTime
GetCommandLineA
FreeEnvironmentStringsA
TlsSetValue
LoadLibraryA
InterlockedIncrement
CompareStringW
ExitProcess
GetModuleFileNameW
TerminateProcess
LockFileEx
GetEnvironmentStringsW
FlushFileBuffers
SetStdHandle
WriteConsoleA
HeapCreate
GetVersionExA
WriteConsoleW
WideCharToMultiByte
SetEnvironmentVariableA
EnterCriticalSection
TlsFree
GetOEMCP
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FreeLibrary
GetUserDefaultLangID
GetCurrentProcessId

comctl32

InitCommonControlsEx

user32

MoveWindow
IsCharAlphaA
RegisterClassExA
MonitorFromWindow
GetInputDesktop
GetOpenClipboardWindow
RegisterClassA
DispatchMessageA
GrayStringA
GetListBoxInfo

shell32

ExtractAssociatedIconExW

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1667f69f8aea15d911045ee0c642dfbc

Headers

File Characteristics

Imports

kernel32

comctl32

user32

shell32

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 20KB - Virtual size: 47KB

.data Size: 107KB - Virtual size: 107KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 20KB - Virtual size: 47KB

.data
Size: 107KB - Virtual size: 107KB

.rsrc
Size: 15KB - Virtual size: 14KB