0c407163f3497d28eb7b45d88e2aaba1

Sharing

Copy URL

Twitter E-mail

General

Target

0c407163f3497d28eb7b45d88e2aaba1
Size

32KB
MD5

0c407163f3497d28eb7b45d88e2aaba1
SHA1

680e25a1197241daeef83e017bc272f86e23d058
SHA256

553761ef5a9b87e2d11112ca197c29140e01e63222ec78033b582ed1715cf048
SHA512

277719a12f3d8b9cb1a83ca0d78bd958e9ebad562629b65e125065788fe90887907e5ee916084883f51dafc39fd8313eb99cf8b0c3c833eb3964c2fa7f79f5ca
SSDEEP

768:+ncFTkrh78U/PY088xG+kpyqGwvgEd/9gH5eSvowlRAz:7TkrhIwPfq+oyquEd/9ggwbAz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c407163f3497d28eb7b45d88e2aaba1

Files

0c407163f3497d28eb7b45d88e2aaba1
.exe windows:4 windows x86 arch:x86

d33e403074398734143e1ee3d7b4a5cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dhcpcsvc

McastApiStartup

ntdll

NtCreateKey

ddraw

ReleaseDDThreadLock
CompleteCreateSysmemSurface
AcquireDDThreadLock
D3DParseUnknownCommand
DDInternalLock
DDInternalUnlock

ws2_32

WSAGetLastError

kernel32

IsBadReadPtr
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentProcessId
LocalReAlloc
Sleep
DisableThreadLibraryCalls
GetModuleHandleA
GetSystemInfo
GetModuleFileNameA
QueryPerformanceCounter
VirtualAlloc
FreeLibrary
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
IsBadCodePtr
VirtualFree
TerminateProcess
GetVersionExA
LocalAlloc
GetTickCount
SetUnhandledExceptionFilter
GetCurrentProcess
LocalFree

user32

IsRectEmpty
IntersectRect

msvcrt

malloc
free
fwrite
_CxxThrowException
exp
_CIexp
fseek
fflush
_adjust_fdiv
_CIsqrt
ftell
_except_handler3
__dllonexit
fclose
sprintf
fopen
_onexit
_CIpow
_purecall
__CxxFrameHandler
_initterm

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d33e403074398734143e1ee3d7b4a5cc

Headers

File Characteristics

Imports

dhcpcsvc

ntdll

ddraw

ws2_32

kernel32

user32

msvcrt

advapi32

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 436B

.idata Size: 45KB - Virtual size: 44KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 448B

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 436B

.idata
Size: 45KB - Virtual size: 44KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 448B