0cf32ce37b51443e14adfb690e362ba4

Sharing

Copy URL Twitter E-mail

General

Target

0cf32ce37b51443e14adfb690e362ba4
Size

403KB
MD5

0cf32ce37b51443e14adfb690e362ba4
SHA1

55260debf0a38628efcb6f000088e26f5b2f54a6
SHA256

6083a733c7c752901ecb2f7370e09e435b9edf8d9f972118ac9454c712196c96
SHA512

8538752e5db78cad75f5c2a58848d602503afeabd2ef68fdde370c472854d63740f83b2101fc6948871e52c700770c29180d702d44be0738b11250976ab14f5d
SSDEEP

6144:NDNW7utIbWK8If5QM2oItLham1A4zfwhzcvSC/kEjB81AWy3uA0BCvcEz5snJ82R:p6cIe/9NAUwhg6C3i15a28vhw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cf32ce37b51443e14adfb690e362ba4

Files

0cf32ce37b51443e14adfb690e362ba4
.exe windows:5 windows x86 arch:x86

8904424190e1365e6d55a79442542327

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrlenA
QueryPerformanceCounter
LoadLibraryA
GetStartupInfoW
RemoveDirectoryA
InterlockedCompareExchange
OutputDebugStringA
TzSpecificLocalTimeToSystemTime
FillConsoleOutputCharacterW
PeekConsoleInputW
GetCurrentProcessId
VerifyVersionInfoW
VirtualAlloc
GetSystemDefaultLangID
BaseCheckAppcompatCache
GetTickCount
GetConsoleAliasExesLengthA
GetConsoleOutputCP
LZOpenFileW
GetCurrentThreadId
GetModuleHandleW
GetUserDefaultLCID
SetSystemPowerState
GetDiskFreeSpaceW
EnumResourceNamesA
GetCommTimeouts
_lread
AllocateUserPhysicalPages
CreateJobObjectW

duser

FindGadgetMessages
GetMessageExA
SetGadgetRotation
GetGadgetRootInfo
DUserCastDirect
DUserFindClass
IsGadgetParentChainStyle
UtilDrawBlendRect
DUserDeleteGadget
InvalidateGadget
GetGadgetScale
EnumGadgets
UnregisterGadgetMessageString
DUserStopAnimation
GetGadgetMessageFilter
SetGadgetOrder
BuildDropTarget
GetGadgetBufferInfo
DUserGetRectPRID
SetGadgetRect
GetGadgetCenterPoint
InitGadgetComponent
UtilSetBackground
GetStdColorPenI
GetGadgetProperty

sqlunirl

_SetDlgItemText@12
_NDdeShareDel_@12
_IsCharUpper_@4
_SHGetFileInfo_@20
_GetSystemDirectory_@8
_DrawState_@40
_LoadBitmap@8
_ShellExecuteEx_@4
_MessageBoxIndirect_@4
_RegSetValueEx_@24
_LookupAccountName_@28
_LoadKeyboardLayout_@8
_WriteProfileSection_@8
_WritePrivateProfileSection_@12
_CharToOemBuff_@12
_CreateIC_@16
_NDdeGetErrorString_@12
_CopyEnhMetaFile_@8
_QueryServiceConfig_@16
_GlobalAddAtom_@4
_LoadAccelerators_@8
_FormatMessage@28
_DefFrameProc_@20
_CreateFont@56

msdart

?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
IrtlTrace
SetMemHook
?ReadUnlock@CSpinLock@@QAEXXZ
?TryReadLock@CFakeLock@@QAE_NXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z
?TryReadLock@CReaderWriterLock@@QAE_NXZ
??1CCritSec@@QAE@XZ
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?IsWin98@CMdVersionInfo@@SAHXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
??0CCritSec@@QAE@XZ
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?IsWriteUnlocked@CLKRHashTable@@QBE_NXZ
?Size@CLKRHashTable@@QBEKXZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA

msvcrt20

_wexecv
??0streambuf@@IAE@PADH@Z
exp
??0ostrstream@@QAE@PADHH@Z
_mtunlock
_except_handler3
_getche
_adj_fdivr_m32i
_adjust_fdiv
_wgetenv
_y0
_finite
_sys_errlist
vswprintf
_tcsrchr
_ismbclegal
_strdate
fgetc
??_Gostream_withassign@@UAEPAXI@Z
?text@filebuf@@2HB
_wpopen
strcpy
_mbsnbicoll
atan2
??0strstream@@QAE@PADHH@Z

user32

GetQueueStatus
AnyPopup
GetMenuInfo
CharToOemA
SetLastErrorEx
InsertMenuItemW
ValidateRect
DrawTextA
CopyRect
GetClassInfoW
SetDoubleClickTime
DrawTextExA
UserLpkTabbedTextOut
DrawStateW
OemToCharW
BeginDeferWindowPos
DdeConnect
DdeAddData
VkKeyScanW
DragObject
MessageBoxIndirectW
GetComboBoxInfo
EndPaint

efsadu

EfsDetail

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8904424190e1365e6d55a79442542327

Headers

File Characteristics

Imports

kernel32

duser

sqlunirl

msdart

msvcrt20

user32

efsadu

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 254KB - Virtual size: 658KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 254KB - Virtual size: 658KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 320B