0ec12005196c384953848fcb424a10c9

Sharing

Copy URL Twitter E-mail

General

Target

0ec12005196c384953848fcb424a10c9
Size

257KB
MD5

0ec12005196c384953848fcb424a10c9
SHA1

33abbee4f7721b125f02291cb11520b6d20d384e
SHA256

19815c2c1e00b7eabbda7b0731d30c8c51dd585acbc03a95563b06fe88035415
SHA512

ad41028119e7439ed35148d50e22c45a935b0ed91bac261ea0d642ad0787b3aa18d3faf5edb1e74a51c716953b39c71819f7305eaf7b919a74fc4ec1566fcb24
SSDEEP

6144:Kdb3aOuux7CpPkBWal2l+4LpYbBZVnpsbZjPenR:KdTxqPkZECVnp+PenR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ec12005196c384953848fcb424a10c9

Files

0ec12005196c384953848fcb424a10c9
.exe windows:8 windows x86 arch:x86

e25c6652ecfbdfc03fef1503250467b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

CreateCompatibleDC
DeleteDC
GetDeviceCaps
SelectObject
CreateSolidBrush

hid

HidP_GetCaps
HidD_GetHidGuid
HidD_GetAttributes
HidP_MaxUsageListLength
HidD_GetPreparsedData

atl

ord45
ord20
ord30
ord23
ord57
ord32

advapi32

OpenThreadToken
RegCloseKey
SetSecurityDescriptorDacl
RegQueryValueExW
SetSecurityDescriptorOwner

kernel32

lstrlenW
GetProcessHeap
GetOverlappedResult
CreateEventW
WaitForMultipleObjectsEx
ReadFile
GlobalDeleteAtom
InterlockedDecrement
GetCurrentProcess
GetModuleHandleA
GetStdHandle
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
OpenProcess
CreateWaitableTimerW
VirtualAlloc
VerifyVersionInfoW
GlobalAddAtomW
SetEvent
MulDiv
VirtualFree
CloseHandle
GetTickCount
DuplicateHandle
FlushInstructionCache
MapViewOfFile
OpenEventW
GetTickCount
DeleteCriticalSection
SetPriorityClass
InitializeCriticalSectionAndSpinCount
QueueUserAPC
SetProcessShutdownParameters
GetCurrentThread

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExW
SetupDiEnumDeviceInfo

msvcrt

_CxxThrowException
_XcptFilter
??3@YAXPAX@Z
_wcmdln
__p__commode
_exit
_onexit
free
malloc
_controlfp
_wcsicmp
_vsnwprintf
??2@YAPAXI@Z

user32

PtInRect
GetSysColorBrush
DispatchMessageW
GetClientRect
GetSystemMetrics
GetUserObjectInformationW
PostThreadMessageW
EnumDisplaySettingsW
UnregisterDeviceNotification
DrawIconEx
DestroyWindow
GetMessageW
SetWindowLongW
CallNextHookEx
CreateWindowExW
EqualRect
OpenInputDesktop
IsWindow
EnumDisplayMonitors
GetDoubleClickTime
SendInput
IntersectRect
GetPropW
GetSysColor

ole32

CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e25c6652ecfbdfc03fef1503250467b4

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

hid

atl

advapi32

kernel32

setupapi

msvcrt

user32

ole32

Sections

.text Size: 216KB - Virtual size: 216KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 16KB - Virtual size: 560KB

.text
Size: 216KB - Virtual size: 216KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 16KB - Virtual size: 560KB