0d5d839758ce461703e2cf751429a5cb

Sharing

Copy URL Twitter E-mail

General

Target

0d5d839758ce461703e2cf751429a5cb
Size

544KB
MD5

0d5d839758ce461703e2cf751429a5cb
SHA1

e270757a2775672ff4f80a7e265343cb5f23dfb9
SHA256

4ea7946b305ff073e74559f96e21243677eb96e70990bb7a233f87e51b221bc7
SHA512

ba1ae74feff38ccdb9ee504c40bdf65dd2559906479ee40c45e26ec1adcb28957ca1794371893be1105517ecfdce238e8f1bea3ababb786b48f489094aa99db9
SSDEEP

12288:gco9QzTNb15HhLdqA3/YLPPmLLjp3XOr:tZzJB5HhTQLnmPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d5d839758ce461703e2cf751429a5cb

Files

0d5d839758ce461703e2cf751429a5cb
.exe windows:4 windows x86 arch:x86

6271405c6f88dd8d9f2fa6221a24652a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
TlsFree
SetStdHandle
DuplicateHandle
GetModuleHandleA
VirtualAlloc
lstrcmpiA
LoadLibraryExW
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetCPInfo
GetStringTypeA
GetCompressedFileSizeW
GetVersionExA
GetCurrentThread
FreeEnvironmentStringsA
EnterCriticalSection
CreateToolhelp32Snapshot
GetSystemInfo
SetConsoleCP
MultiByteToWideChar
CommConfigDialogW
IsBadWritePtr
GetProfileSectionA
SetConsoleCtrlHandler
GetCurrentProcessId
InitializeCriticalSection
FindFirstFileW
FreeEnvironmentStringsW
EnumSystemLocalesA
FindAtomW
LoadLibraryA
GetModuleFileNameA
WritePrivateProfileStringA
WaitForDebugEvent
CreateMutexW
SetPriorityClass
IsValidLocale
GetEnvironmentStringsW
GetProcessAffinityMask
LeaveCriticalSection
GetSystemTimeAsFileTime
CloseHandle
CreateSemaphoreA
GetOEMCP
RtlUnwind
CompareStringW
GetACP
DeleteCriticalSection
GetTimeZoneInformation
LocalLock
LCMapStringA
VirtualProtect
GetPrivateProfileIntW
SetConsoleTextAttribute
GetStdHandle
WriteProfileStringA
GetStringTypeW
GetStartupInfoA
LCMapStringW
CompareStringA
GetCurrentThreadId
HeapReAlloc
FoldStringA
FindFirstFileExW
GetLongPathNameA
FindResourceExA
GetCompressedFileSizeA
RtlZeroMemory
MoveFileExA
GetLastError
FindClose
GetTimeFormatA
FormatMessageW
GetFileType
HeapDestroy
SleepEx
GetLocalTime
WideCharToMultiByte
GetLongPathNameW
WriteConsoleW
ReadFile
VirtualFree
AddAtomW
GetDateFormatA
GetExitCodeProcess
GlobalFix
GetFileAttributesExA
GetEnvironmentVariableA
IsValidCodePage
HeapAlloc
GetThreadLocale
lstrcmpiW
GetConsoleTitleW
GetTempFileNameA
OpenMutexA
WritePrivateProfileStructA
lstrcpynA
FindNextChangeNotification
GetDriveTypeA
GlobalAddAtomW
GetEnvironmentStrings
TlsAlloc
SetThreadPriority
VirtualLock
GetSystemTimeAdjustment
HeapCreate
UnhandledExceptionFilter
GetThreadSelectorEntry
TlsSetValue
OpenEventW
SetEnvironmentVariableA
SetFileAttributesA
WriteFile
SetFilePointer
GetTickCount
GetConsoleOutputCP
TlsGetValue
SetThreadLocale
UnlockFile
HeapFree
GetCommandLineA
GlobalAddAtomA
FlushFileBuffers
SetHandleCount
HeapSize
SetLastError
lstrcpynW
CreateThread
GetLocaleInfoA
DeleteFiber
WritePrivateProfileStringW
CreateMutexA
GetUserDefaultLCID
FormatMessageA
InterlockedExchange
GetProcAddress
OpenFile
GetProcessHeap
SetFileTime
VirtualQuery
GetLocaleInfoW

advapi32

CryptDuplicateKey

comctl32

ImageList_GetDragImage
ImageList_SetFilter
ImageList_SetFlags
ImageList_Remove
DrawStatusText
ImageList_Create
MakeDragList
ImageList_Read
ImageList_ReplaceIcon
ImageList_GetImageRect
InitCommonControlsEx
ImageList_DragShowNolock
DrawInsert
ImageList_Replace
ImageList_SetBkColor
ImageList_Draw
CreateToolbar

user32

DdeConnectList
FrameRect
RealChildWindowFromPoint
GetKeyboardType
DdeCreateStringHandleW
SetRectEmpty
OemToCharA
DdeGetLastError
CharLowerBuffW
GetDoubleClickTime
MessageBoxW
MonitorFromWindow
DispatchMessageW
EnumWindowStationsA
DdeFreeStringHandle
DestroyWindow
AnimateWindow
GetClassInfoA
SetScrollPos
CreateWindowExW
wsprintfW
InsertMenuItemW
GetWindowInfo
DdeDisconnectList
RegisterClassA
GetClassWord
OpenDesktopA
IsCharAlphaNumericW
GetShellWindow
SendDlgItemMessageW
RegisterHotKey
GetUserObjectInformationA
WindowFromPoint
CallMsgFilterW
DefWindowProcW
ChangeMenuW
WinHelpA
CloseDesktop
SetMenuItemInfoW
RemovePropW
GetQueueStatus
TranslateAcceleratorW
CallWindowProcW
GetMenuInfo
LoadMenuIndirectA
DlgDirListComboBoxW
SystemParametersInfoW
DdeConnect
RegisterClassW
RemovePropA
FlashWindowEx
DestroyCaret
wvsprintfA
ReplyMessage
SetClassLongA
CallWindowProcA
SetWindowPlacement
ShowWindow
EnumThreadWindows
MapVirtualKeyA
ArrangeIconicWindows
WindowFromDC
DialogBoxIndirectParamW
GetWindowPlacement
GetWindowWord
RegisterClassExA
DdeReconnect

wininet

InternetGetCookieA
RetrieveUrlCacheEntryFileW
FtpGetFileW

comdlg32

GetSaveFileNameA
ChooseColorA

shell32

SHLoadInProc
ShellHookProc
SHGetPathFromIDListA

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6271405c6f88dd8d9f2fa6221a24652a

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

user32

wininet

comdlg32

shell32

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 264KB - Virtual size: 261KB

.data Size: 112KB - Virtual size: 126KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 264KB - Virtual size: 261KB

.data
Size: 112KB - Virtual size: 126KB

.rsrc
Size: 8KB - Virtual size: 7KB