0c605276ff21b5150365b7d1991f5904

Sharing

Copy URL Twitter E-mail

General

Target

0c605276ff21b5150365b7d1991f5904
Size

354KB
MD5

0c605276ff21b5150365b7d1991f5904
SHA1

2d336978af261e07b1ecfaf65dc903b239e287a4
SHA256

720610b9067c8afe857819a098a44cab24e9da5cf6a086351d01b73714afd397
SHA512

3b43c3933997641f25a9f1ac9db54fe1773bdb3b10a1d9ef97993232cde8ae65f0e13deebb0833e709eefc81b8160efc15b3c0778c36e34ec2103513b0fed8e1
SSDEEP

6144:eDUHgB9QEtvTzMmXy1A8jxdBp16BO1ATk9irTx:aQEtvTImC1AuLMTx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c605276ff21b5150365b7d1991f5904

Files

0c605276ff21b5150365b7d1991f5904
.exe windows:5 windows x86 arch:x86

82d6e4bf4f14c83adb28faf787bd64d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
CloseHandle
GetDiskFreeSpaceA
LocalAlloc
LocalFree
lstrcatW
GetVolumeNameForVolumeMountPointW
GetSystemDirectoryW
GetVolumeNameForVolumeMountPointA
GetSystemDirectoryA
WriteFile
CreateFileA
SetFilePointer
GetCurrentProcessId
OutputDebugStringA
OpenEventA
CreateEventW
SetEvent
FindClose
Sleep
GlobalGetAtomNameA
GlobalAddAtomA
GetFileSizeEx
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
GetProcAddress
LoadLibraryA
GetCurrentProcess
CreateFileTransactedA
lstrcpyA
lstrcatA
GetModuleHandleA
GlobalDeleteAtom
DecodePointer
GetLastError
CompareFileTime
FindNextFileW
SystemTimeToFileTime
GetLocalTime
WideCharToMultiByte
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
ReadFile
GetProcessHeap
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
CreateFileW
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW

advapi32

CryptGenRandom
CryptAcquireContextA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExA
CryptReleaseContext

ole32

CLSIDFromString
IIDFromString
CoCreateGuid
CoTaskMemFree
StringFromCLSID

userenv

GetDefaultUserProfileDirectoryW

clfsw32

FlushLogBuffers
ReserveAndAppendLog
CLFS_LSN_INVALID
TruncateLog
LsnEqual
CloseAndResetLogFile
ReadNextLogRecord
ReadLogRecord
GetLogFileInformation
DeleteLogMarshallingArea
TerminateReadLog
CreateLogMarshallingArea
CreateLogFile

ktmw32

RollbackTransaction
CreateTransaction

psapi

GetModuleBaseNameA

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82d6e4bf4f14c83adb28faf787bd64d3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

userenv

clfsw32

ktmw32

psapi

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 95KB - Virtual size: 97KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 61KB - Virtual size: 61KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 95KB - Virtual size: 97KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 61KB - Virtual size: 61KB