0ca66fb15dd2ce99529a789c06876f7d

Sharing

Copy URL Twitter E-mail

General

Target

0ca66fb15dd2ce99529a789c06876f7d
Size

1.0MB
MD5

0ca66fb15dd2ce99529a789c06876f7d
SHA1

6b7d8b0a7d1be82175b19136a950d8dcfb3167d5
SHA256

014925efc962940327aa4786c9469a486d938b5ad9fb3f7625dd4df36c5dd653
SHA512

9d11da89ca98b0dc0fded36ec20653fc7d988f6585c6cb352a0c4cac225dbe0b6ad7e703ec149a2c1c60da62a30cbf52cba0a2c1fd57811af430627ffdec3606
SSDEEP

24576:D5v65G5/nS5rK5WOS565Kp5HdDJ0qqr7Q29WbPbX4Y7xz:VvMo/nEAWOEMaHdDJyJ9mPr4Y7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ca66fb15dd2ce99529a789c06876f7d

Files

0ca66fb15dd2ce99529a789c06876f7d
.exe windows:5 windows x86 arch:x86

114400a373e9516bbcff6700ad79d629

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmMetrics

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
__setusermatherr
memset

kernel32

GetCurrentThreadId
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileTime
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileIntW
GetProcAddress
GetProcessHeap
GetShortPathNameW
GetStartupInfoW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetUserDefaultLangID
GlobalAddAtomW
GetCurrentThread
GlobalGetAtomNameW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
lstrlenA
lstrlenW
MulDiv
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadFile
ResetEvent
ResumeThread
SetErrorMode
SetEvent
SetFileAttributesW
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
GetVersion
InitializeCriticalSection
GetTickCount
LoadLibraryA
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameA
FormatMessageW
FlushFileBuffers
FindResourceW
FindResourceExW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
EnterCriticalSection
DisconnectNamedPipe
DeviceIoControl
DeleteCriticalSection
CreateFileW
CreateEventW
ExitProcess
GetOEMCP
GlobalDeleteAtom

user32

OffsetRect
MsgWaitForMultipleObjects
MapWindowPoints
LoadIconW
LoadCursorW
KillTimer
IsWindowVisible
IsWindowEnabled
IntersectRect
InsertMenuW
InflateRect
GetWindowRect
GetSystemMenu
GetParent
PeekMessageW
GetMenuItemID
GetMenuItemCount
GetKeyState
GetFocus
GetDlgItem
GetClassInfoW
FrameRect
FindWindowExW
EnableWindow
DispatchMessageW
DestroyAcceleratorTable
DeleteMenu
DefWindowProcW
GetWindowLongW
PostMessageW
RedrawWindow
RegisterWindowMessageW
RemoveMenu
SendMessageTimeoutW
SendMessageW
SetCursor
SetRectEmpty
SetTimer
SetWindowLongW
UpdateWindow
TranslateMessage
GetMenuItemInfoW
SystemParametersInfoW

gdi32

SetBkColor
SelectObject
GetStockObject
GetObjectW
ExtTextOutW
SetBrushOrgEx
CreateSolidBrush

advapi32

GetSidSubAuthority
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RevertToSelf
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CopySid
DuplicateToken
FreeSid
GetAclInformation
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetTokenInformation
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
MakeSelfRelativeSD
MapGenericMask
OpenProcessToken
OpenThreadToken
GetSidLengthRequired

shell32

StrChrW
StrRChrW

oleaut32

GetErrorInfo

shlwapi

PathIsUNCW
PathIsRootW
PathIsURLW
PathRemoveFileSpecW
PathSkipRootW
PathIsUNCServerShareW
PathIsUNCServerW
StrToIntW
PathStripToRootW

Sections

.text
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sif
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 596KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

114400a373e9516bbcff6700ad79d629

Headers

File Characteristics

Imports

msacm32

msvcrt

kernel32

user32

gdi32

advapi32

shell32

oleaut32

shlwapi

Sections

.text Size: 424KB - Virtual size: 422KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 648B

.sif Size: 8KB - Virtual size: 4KB

.rsrc Size: 596KB - Virtual size: 593KB

.text
Size: 424KB - Virtual size: 422KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 648B

.sif
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 596KB - Virtual size: 593KB