0cb134961363d9ced0ce874e649e1a74

Sharing

Copy URL Twitter E-mail

General

Target

0cb134961363d9ced0ce874e649e1a74
Size

217KB
MD5

0cb134961363d9ced0ce874e649e1a74
SHA1

82bad03f662411bd3a79ce7c868d64cbfd62d9f8
SHA256

72b65f758a6ae34f694de4eed802ab82a3bbaa7437def61a8c0a7329f0ceb479
SHA512

b9e88285300b7ac5311b2df390bb40a94ec5ce3a1196589ae82cba4cb2bc458ae5e406add82b55dde7438e85749ac74e703e3211d8050dc446479f7dcecfdb73
SSDEEP

6144:7tjUnXdOFuiOFsAG7xmoDbxYJicc3kMXPO+ZAG:RUNxiOGB7xmSxY3c3kM/XA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cb134961363d9ced0ce874e649e1a74

Files

0cb134961363d9ced0ce874e649e1a74
.exe windows:4 windows x86 arch:x86

112974948199c5f91fc68cde8eb0f7d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
FreeLibrary
GetFullPathNameW
CreateNamedPipeA
OpenFile
lstrcpynA
lstrlen
GetCPInfo
CreatePipe
ReadDirectoryChangesW
MulDiv
OpenWaitableTimerA
FindResourceW
EndUpdateResourceW
GetLocalTime
GetCurrentThreadId
lstrcpyn
GetOEMCP
SearchPathW
Sleep
Beep
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryA
GetTempFileNameA
ReplaceFileW
TlsAlloc
CreateSemaphoreA
GetStringTypeW
lstrcmpW
GetSystemInfo
GlobalGetAtomNameA
GlobalFindAtomW
GetTempFileNameW
IsDebuggerPresent
IsBadStringPtrA
GetLongPathNameW
SystemTimeToFileTime
GlobalGetAtomNameW
HeapCreate
QueryPerformanceCounter
SleepEx

user32

GetSysColorBrush
ArrangeIconicWindows
CreateDesktopA
IsChild
FlashWindow
SetFocus
SetWindowLongA
SetWindowLongW
WaitForInputIdle
CreatePopupMenu
GetKeyState
CharPrevA
TrackPopupMenu
EnumWindows
SetDlgItemTextW
CallWindowProcW
GetMenuItemInfoA
SetMenu
GetForegroundWindow
GetClassInfoExA
CreateAcceleratorTableA
GetClassLongA
ShowCaret
GetWindowRect
SetWindowPos
MonitorFromWindow
EmptyClipboard
GetFocus
FindWindowW
DestroyCursor
DefDlgProcW
EndDialog
LoadMenuIndirectW
OffsetRect
GetActiveWindow
GetAsyncKeyState

gdi32

ExtTextOutW
SetDIBits
GetMetaFileW
LineTo
SetAbortProc
GetDeviceGammaRamp
SetColorSpace
GetEnhMetaFilePaletteEntries
CreateDCA

advapi32

RegCloseKey
RegDeleteKeyA
RegFlushKey
RegReplaceKeyA
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyW
RegRestoreKeyW
RegCreateKeyExW
RegOpenKeyExA

shlwapi

SHQueryValueExA
PathIsNetworkPathA
wnsprintfA
SHDeleteValueA
PathUnExpandEnvStringsA
StrChrNW
StrChrIW
IntlStrEqWorkerW
PathMatchSpecA
PathMakePrettyW
SHSkipJunction
StrFormatByteSizeA

version

VerInstallFileW
VerQueryValueA
GetFileVersionInfoW
VerLanguageNameA

wininet

DeleteIE3Cache
FindCloseUrlCache
InternetHangUp
InternetEnumPerSiteCookieDecisionA
CommitUrlCacheEntryA
RetrieveUrlCacheEntryFileW
InternetCanonicalizeUrlW
FtpGetCurrentDirectoryW
FtpRenameFileA
HttpEndRequestA
GopherGetLocatorTypeW
InternetAutodialCallback
FindNextUrlCacheGroup

winspool.drv

ReadPrinter
SetPrinterDataA
AddJobW
DeleteMonitorW
SpoolerPrinterEvent
EnumPortsW
AddFormW

Sections

.U
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZwpN
Size: 2KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Yp
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.g
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.la
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XU
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LhAI
Size: 5KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

112974948199c5f91fc68cde8eb0f7d4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

version

wininet

winspool.drv

Sections

.U Size: 5KB - Virtual size: 5KB

.ZwpN Size: 2KB - Virtual size: 449KB

.Yp Size: 86KB - Virtual size: 86KB

.g Size: 13KB - Virtual size: 13KB

.la Size: 4KB - Virtual size: 36KB

.XU Size: 85KB - Virtual size: 85KB

.data Size: 6KB - Virtual size: 259KB

.LhAI Size: 5KB - Virtual size: 70KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

.U
Size: 5KB - Virtual size: 5KB

.ZwpN
Size: 2KB - Virtual size: 449KB

.Yp
Size: 86KB - Virtual size: 86KB

.g
Size: 13KB - Virtual size: 13KB

.la
Size: 4KB - Virtual size: 36KB

.XU
Size: 85KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 259KB

.LhAI
Size: 5KB - Virtual size: 70KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B