0d34d64c073d79c7af7636f29f979a04

Sharing

Copy URL Twitter E-mail

General

Target

0d34d64c073d79c7af7636f29f979a04
Size

434KB
MD5

0d34d64c073d79c7af7636f29f979a04
SHA1

260a44b6715b3175dc2633beb3c4d6f34c117064
SHA256

2ac9bab68752ae29e5f74f3266c0f601c257d8f5702561d74c28fea25ba0f9cf
SHA512

39932ec2e16c8c2a5a337f6ed4608356678d05a82ea97c1633688d2141a4bc821285684443546b86a380e6da8ca3e4ec7ec4e5f306cc1b8e7bb570f2c0563f5e
SSDEEP

12288:EJ5Yisnda7XUWCnMBHXBhS950icTjH2myV5WLFyq:E7Yisnk7XUW/ZC9OB/ryVMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d34d64c073d79c7af7636f29f979a04

Files

0d34d64c073d79c7af7636f29f979a04
.exe windows:4 windows x86 arch:x86

e8197b1e40e8ce37f1717a9a67232fb0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance

dnsapi

DnsReplaceRecordSetW

ntdll

memmove
RtlAnsiStringToUnicodeString
strlen
NtQueryVirtualMemory
RtlUnwind
_chkstk
wcslen
NtAllocateVirtualMemory
RtlUnicodeToMultiByteSize
_vsnwprintf
RtlIsNameLegalDOS8Dot3
RtlInitUnicodeStringEx

mswsock

GetAcceptExSockaddrs
AcceptEx

kernel32

InitializeCriticalSectionAndSpinCount
MulDiv
LocalSize
CreateFileW
SetCurrentDirectoryW
LocalFree
lstrcmpiW
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
LoadLibraryW
GetSystemDefaultUILanguage
DelayLoadFailureHook
WideCharToMultiByte
GetTempFileNameW
FindResourceExW
DeleteCriticalSection
SizeofResource
TerminateProcess
GetFullPathNameW
LoadLibraryA
GetLocaleInfoW
FreeResource
InterlockedExchange
lstrcpyA
FreeLibrary
WaitForSingleObject
GlobalFree
LoadResource
GlobalLock
GetTickCount
GetModuleHandleA
GetSystemTimeAsFileTime
GetACP
GetProfileStringW
FindClose
FindNextFileW
GetFileAttributesW
LockResource
GetModuleHandleW
GetCurrentThreadId
FormatMessageW
FindResourceW
TlsGetValue
InterlockedCompareExchange
CloseHandle
GetShortPathNameW
FindFirstFileW
lstrcpynW
lstrcmpW
QueryPerformanceCounter
GetUserDefaultLCID
GetCurrentProcessId
GlobalUnlock
GetProcAddress
LocalAlloc
GetCurrentDirectoryW
GetCurrentProcess
SetEvent
TlsAlloc
GetLastError
CreateEventW
GetModuleFileNameW
FindResourceA
InterlockedIncrement
MultiByteToWideChar
GetDriveTypeW
lstrcpyW
lstrlenA
GetVolumeInformationW
CreateThread
SetLastError
GlobalReAlloc
LocalReAlloc
GetProcessVersion
UnhandledExceptionFilter
TlsSetValue
GlobalAlloc
ResetEvent
GetVersionExA
lstrlenW
FreeLibraryAndExitThread
SetErrorMode
ExpandEnvironmentStringsW
DeleteFileW
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
TlsFree

userenv

RsopSetPolicySettingStatus

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8197b1e40e8ce37f1717a9a67232fb0

Headers

File Characteristics

Imports

ole32

dnsapi

ntdll

mswsock

kernel32

userenv

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 135KB - Virtual size: 920KB

.rdata Size: 216KB - Virtual size: 215KB

.rsrc Size: 65KB - Virtual size: 65KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 135KB - Virtual size: 920KB

.rdata
Size: 216KB - Virtual size: 215KB

.rsrc
Size: 65KB - Virtual size: 65KB