0d157f136b0243375671ba0acf2533c3

Sharing

Copy URL Twitter E-mail

General

Target

0d157f136b0243375671ba0acf2533c3
Size

417KB
MD5

0d157f136b0243375671ba0acf2533c3
SHA1

b5404fa127f13e66f179c09be8326f13d573b53d
SHA256

a8c29ff4b385aceac0d629efa3020a98d02d838ef60790e67102389ccee25cc1
SHA512

1a1be33a98c0a1fe26101d1a76aeefb308f5e9efee3f1a044c70c9512ca163fecf88d10358002492281373314f470ff954b17de1476a40f98db32f9c52c0edec
SSDEEP

12288:aWr+vcAiKaW2Fr0Lj9ApjTx9jNxEHiNqSI:D5u9mjTrXa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d157f136b0243375671ba0acf2533c3

Files

0d157f136b0243375671ba0acf2533c3
.exe windows:4 windows x86 arch:x86

0fc15688a8f35d8667fdfb24b4df8663

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
SetFileAttributesW
SetThreadAffinityMask
GlobalAddAtomA
ResumeThread
lstrcmp
EraseTape
VirtualFreeEx
GetCurrencyFormatW
GetComputerNameA
LoadResource
SetLocaleInfoW
GetCompressedFileSizeW
CreateFileA
LockFileEx
SetThreadContext
GetPrivateProfileStructW
DeleteCriticalSection
SetVolumeLabelA
DefineDosDeviceA
LoadLibraryExW
LocalFree
FindResourceA
SetConsoleScreenBufferSize
ReadConsoleOutputCharacterA
lstrcpynA
DisableThreadLibraryCalls
lstrlen
SignalObjectAndWait
TransactNamedPipe
lstrcmpiW
GetVersionExA
LoadLibraryExA
GlobalReAlloc
OpenMutexW
InitializeCriticalSection
EnumCalendarInfoExA
GetProcessTimes
MultiByteToWideChar
GetFileType
TransmitCommChar
FlushConsoleInputBuffer
ExitThread
OpenSemaphoreW
EnumResourceNamesA
CreateWaitableTimerA
MoveFileA
ReadConsoleOutputCharacterW
FindAtomA
SetConsoleOutputCP
LocalCompact
SuspendThread
GetDiskFreeSpaceW
RtlMoveMemory
SetComputerNameW
GetCurrentDirectoryA
GetProcessVersion
GetConsoleMode
GetWindowsDirectoryA
GetPrivateProfileStringW
DeleteFileW
TlsAlloc
FreeResource
GetCompressedFileSizeA
ContinueDebugEvent
ReleaseMutex
GetMailslotInfo
GetAtomNameW
GetFullPathNameW
LocalLock
SetLocalTime
GetProcessShutdownParameters
VirtualFree
IsDebuggerPresent
GetConsoleTitleW
GetExitCodeProcess
WaitForMultipleObjectsEx
SetEnvironmentVariableW
FillConsoleOutputCharacterW
GetDriveTypeW
lstrcmpA
SetConsoleWindowInfo
CreateMailslotA
GetFileAttributesA
RtlFillMemory
SetCurrentDirectoryW
AddAtomA
CreateEventW
GetStartupInfoA
SetWaitableTimer
DuplicateHandle
GetStringTypeExA
FoldStringW
SetConsoleCursorInfo
EnumCalendarInfoExW
lstrcpy
FindCloseChangeNotification
FlushViewOfFile
GetFileTime
Module32First

wininet

InternetQueryFortezzaStatus
InternetErrorDlg
UpdateUrlCacheContentPath
GetUrlCacheEntryInfoExW
ShowClientAuthCerts
InternetConnectW
InternetCombineUrlW
InternetSetFilePointer
InternetFindNextFileA
CreateUrlCacheGroup
GopherCreateLocatorA
ShowCertificate
FtpCommandA
DeleteUrlCacheEntry
FindNextUrlCacheContainerW
InternetCheckConnectionW
CommitUrlCacheEntryW
FtpCreateDirectoryA
FtpSetCurrentDirectoryW
InternetGoOnlineW
RetrieveUrlCacheEntryFileW
GopherCreateLocatorW
DeleteUrlCacheEntryA
InternetOpenA
InternetAttemptConnect
InternetFindNextFileW
InternetSetOptionExW
IsHostInProxyBypassList
FtpRemoveDirectoryW
InternetQueryDataAvailable
DeleteIE3Cache
InternetHangUp
FindFirstUrlCacheEntryExW
InternetSetDialState
GopherGetLocatorTypeA
InternetGoOnlineA
FtpGetCurrentDirectoryA
DetectAutoProxyUrl
InternetOpenUrlW
CommitUrlCacheEntryA
InternetConfirmZoneCrossingA
SetUrlCacheEntryGroupA
UnlockUrlCacheEntryFile
CreateUrlCacheContainerA
FtpFindFirstFileA
FreeUrlCacheSpaceA
FtpGetFileSize
UnlockUrlCacheEntryFileA
HttpCheckDavCompliance
InternetCombineUrlA
GopherOpenFileA
HttpSendRequestA
SetUrlCacheEntryGroup
ReadUrlCacheEntryStream
SetUrlCacheEntryGroupW
FtpDeleteFileA
InternetSetDialStateW
InternetDialW
SetUrlCacheConfigInfoA
RegisterUrlCacheNotification
InternetSecurityProtocolToStringW
InternetGetCertByURL
InternetShowSecurityInfoByURL
CreateUrlCacheContainerW
InternetOpenUrlA
InternetConnectA
SetUrlCacheGroupAttributeW
HttpSendRequestExW
FindNextUrlCacheContainerA
InternetSetDialStateA
FreeUrlCacheSpaceW
FtpRenameFileA
FindFirstUrlCacheContainerW
HttpOpenRequestA
InternetSetOptionExA
CreateUrlCacheEntryW
InternetWriteFile
HttpOpenRequestW
GetUrlCacheGroupAttributeW
FindNextUrlCacheEntryExA
HttpSendRequestW
IsUrlCacheEntryExpiredW
InternetGetConnectedStateEx
FindFirstUrlCacheEntryA
InternetWriteFileExA
FindFirstUrlCacheEntryW
InternetReadFile
InternetShowSecurityInfoByURLW
CreateUrlCacheEntryA
GetUrlCacheEntryInfoA
FindNextUrlCacheEntryW
HttpEndRequestA
InternetGetConnectedStateExW
FindCloseUrlCache
InternetAutodial
ShowSecurityInfo
HttpAddRequestHeadersW
FtpCommandW
FtpSetCurrentDirectoryA
ResumeSuspendedDownload
DeleteUrlCacheEntryW
FtpRemoveDirectoryA
FtpPutFileW
InternetCanonicalizeUrlW
InternetTimeFromSystemTimeA
HttpSendRequestExA
HttpQueryInfoW
InternetConfirmZoneCrossingW
InternetGetCertByURLA
SetUrlCacheConfigInfoW
InternetCheckConnectionA
RetrieveUrlCacheEntryStreamA
GopherGetLocatorTypeW
FtpDeleteFileW
InternetGetLastResponseInfoA
InternetReadFileExW
InternetDialA
InternetSetCookieA
FtpFindFirstFileW
InternetAlgIdToStringW
InternetWriteFileExW
GopherGetAttributeW
FtpOpenFileA
RetrieveUrlCacheEntryFileA
DeleteUrlCacheContainerW
FtpCreateDirectoryW
InternetGetCookieW
FindNextUrlCacheGroup
SetUrlCacheEntryInfoW
FtpRenameFileW
InternetReadFileExA
InternetDial
GetUrlCacheEntryInfoExA
GetUrlCacheHeaderData
FindFirstUrlCacheEntryExA
InternetConfirmZoneCrossing
HttpEndRequestW
FtpOpenFileW
DeleteUrlCacheContainerA
InternetGetLastResponseInfoW
FindNextUrlCacheEntryA
SetUrlCacheHeaderData
IsUrlCacheEntryExpiredA
InternetTimeToSystemTime
InternetAlgIdToStringA
InternetOpenW
GetUrlCacheConfigInfoA
InternetSecurityProtocolToStringA
GopherFindFirstFileW
DeleteUrlCacheGroup
UnlockUrlCacheEntryStream
HttpAddRequestHeadersA
InternetAutodialHangup
FtpGetCurrentDirectoryW
InternetGoOnline
RetrieveUrlCacheEntryStreamW
GetUrlCacheConfigInfoW
InternetGetConnectedStateExA
GopherGetAttributeA
UrlZonesDetach
IncrementUrlCacheHeaderData
LoadUrlCacheContent
InternetTimeToSystemTimeA
FindNextUrlCacheEntryExW
InternetUnlockRequestFile
FtpPutFileA
InternetGetConnectedState
InternetCrackUrlW
InternetTimeFromSystemTime
InternetInitializeAutoProxyDll
InternetTimeFromSystemTimeW
InternetFortezzaCommand
GetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeA
HttpQueryInfoA
FtpGetFileA
InternetSetOptionW

shell32

SHGetPathFromIDList
SHBrowseForFolder
InternalExtractIconListW
FindExecutableW
ShellExecuteExA
SheSetCurDrive
SHFormatDrive
ShellExecuteExW
SHGetFileInfoA
SHGetSpecialFolderPathW
SHGetDataFromIDListA
SHBrowseForFolderA
DragQueryFile
SHGetDesktopFolder
SHGetFileInfo
RealShellExecuteExA
SheChangeDirA
SHLoadInProc
DoEnvironmentSubstW
DragFinish
SheGetDirA
SHFileOperationW
CheckEscapesW
SHFileOperation
SHFileOperationA
SHGetSpecialFolderLocation
FreeIconList
ShellHookProc
ShellAboutW
ExtractAssociatedIconW
SHGetFileInfoW
DragQueryFileA
SHFreeNameMappings
SHGetDataFromIDListW
SHQueryRecycleBinA
DoEnvironmentSubstA
RealShellExecuteW
DragQueryFileAorW
ExtractAssociatedIconA
SHGetSpecialFolderPathA
SHAppBarMessage
ShellAboutA
FindExecutableA
SHGetNewLinkInfo
SHAddToRecentDocs
SHChangeNotify
SHInvokePrinterCommandA
SHQueryRecycleBinW
SHUpdateRecycleBinIcon
DragQueryPoint
SheChangeDirExW
SHBrowseForFolderW
ExtractIconEx
ExtractIconA
SHEmptyRecycleBinW
RealShellExecuteExW
SHGetDiskFreeSpaceA
SHGetPathFromIDListA
SHGetPathFromIDListW

advapi32

CryptGetDefaultProviderA
CryptVerifySignatureW
RegEnumValueW
RegOpenKeyW
CryptDestroyHash
RegDeleteKeyA
RegNotifyChangeKeyValue
RegReplaceKeyA
CryptSetProviderW
RegEnumKeyExW
RegRestoreKeyA
CryptEnumProvidersA
RegSetValueA
CryptGetDefaultProviderW
RegQueryValueW
LogonUserA
RegQueryMultipleValuesW
CryptImportKey
LookupPrivilegeDisplayNameW
RegRestoreKeyW
CryptEnumProviderTypesA
CryptGenKey
LookupPrivilegeNameW
InitiateSystemShutdownW
RegConnectRegistryW
DuplicateTokenEx
RegCreateKeyExW
CryptGetUserKey
GetUserNameA
RegReplaceKeyW
AbortSystemShutdownW
LookupSecurityDescriptorPartsW
LookupAccountSidW
RegQueryValueExA
RevertToSelf
LookupPrivilegeValueW
CryptDeriveKey
RegSetValueExW
LookupSecurityDescriptorPartsA
RegQueryValueExW
RegEnumKeyExA
CryptSetProvParam
RegEnumKeyA
StartServiceA
CryptSetKeyParam
RegOpenKeyA
InitializeSecurityDescriptor
CryptSetProviderExA
RegSaveKeyA
RegCreateKeyA
CryptReleaseContext
CryptDecrypt
LogonUserW
RegQueryInfoKeyA
RegConnectRegistryA
CryptExportKey
CryptGetHashParam
RegEnumKeyW
StartServiceW
CryptContextAddRef
RegSetValueExA
LookupAccountSidA
CryptSetProviderExW
LookupAccountNameA
RegDeleteValueW
RegOpenKeyExA
InitiateSystemShutdownA
ReportEventA
RegSaveKeyW
RegEnumValueA
CryptEncrypt
CryptDuplicateHash
CryptEnumProviderTypesW
CryptCreateHash
RegSetValueW
RegLoadKeyW
RegQueryMultipleValuesA
ReportEventW
RegCreateKeyW
CryptDuplicateKey
CreateServiceA
CryptSetProviderA
RegQueryValueA
RegCloseKey
CryptSetHashParam
CryptGetProvParam
CryptVerifySignatureA
GetUserNameW
LookupPrivilegeNameA
CryptAcquireContextA
CryptHashSessionKey
CryptGenRandom
LookupAccountNameW
RegQueryInfoKeyW
RegDeleteKeyW
AbortSystemShutdownA

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0fc15688a8f35d8667fdfb24b4df8663

Headers

File Characteristics

Imports

kernel32

wininet

shell32

advapi32

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 287KB - Virtual size: 286KB

.reloc Size: 16KB - Virtual size: 15KB

.bss Size: 5KB - Virtual size: 5KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 287KB - Virtual size: 286KB

.reloc
Size: 16KB - Virtual size: 15KB

.bss
Size: 5KB - Virtual size: 5KB