0d79a730f7b2e42c53641a8ae65edc79

Sharing

Copy URL Twitter E-mail

General

Target

0d79a730f7b2e42c53641a8ae65edc79
Size

409KB
MD5

0d79a730f7b2e42c53641a8ae65edc79
SHA1

a016f986ee23e16b93a8be3bcd48a949e2a77976
SHA256

17ab5aeeebabe0f4f53f61938c62dfa301be5a98cf5e8d6289768d87bb6797f9
SHA512

310e7145336a7f39f76e540f59bab4485eb6866f22b11c634ddd065b12bb80a405ab073f3715d968e71da507c98903e834ba6f8db97a044b63f9f84f0a3c7b9d
SSDEEP

6144:H0+6kYBeu7nhOkA/rOMO6hi/kxi4VBkmioDkC:H0+6l57hpc6egZ4V+YDkC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d79a730f7b2e42c53641a8ae65edc79

Files

0d79a730f7b2e42c53641a8ae65edc79
.exe windows:4 windows x86 arch:x86

a7d0fb08bd8ae8df4dcd3467222d5341

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetPrivateProfileStringW
CopyFileW
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CompareStringW
CompareStringA
FlushFileBuffers
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
LoadLibraryA
GetOEMCP
IsBadWritePtr
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
SetFilePointer
WriteFile
RtlUnwind
VirtualFree
DeleteAtom
HeapDestroy
GetEnvironmentVariableA
ProcessIdToSessionId
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
ExitThread
GetVersionExW
AddAtomW
CreateThread
LocalAlloc
LocalFree
GetFileType
GetAtomNameW
GetCommandLineW
DebugBreak
ExitProcess
GetPrivateProfileIntW
GetCurrentThreadId
OutputDebugStringW
SetLastError
HeapAlloc
GetModuleHandleW
GetComputerNameW
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsBadReadPtr
FormatMessageW
SetEnvironmentVariableA
lstrcpynW
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapFree
LoadLibraryW
GetProcAddress
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
CreateProcessW
CloseHandle
GetTickCount
Sleep
lstrlenA
WideCharToMultiByte
GetDateFormatA
GetTimeFormatA
IsDBCSLeadByte
lstrlenW
GetLastError
lstrcmpW
lstrcpyW
lstrcatW
FindResourceW
LoadResource
LockResource
MulDiv
GetACP
HeapCreate
MultiByteToWideChar

mpr

WNetGetConnectionW

user32

GetMenuItemInfoW
WinHelpW
CharNextW
CharPrevW
wvsprintfW
DestroyMenu
DeleteMenu
SetActiveWindow
EnableMenuItem
GetMenuItemCount
PostMessageW
FillRect
IsIconic
PostQuitMessage
BeginPaint
GetClientRect
EndPaint
DrawMenuBar
IsWindowVisible
DrawIconEx
GetDlgItem
EndDialog
SetDlgItemTextW
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
MoveWindow
KillTimer
GetMenu
GetSubMenu
IsWindow
CreateMenu
InsertMenuW
GetClassNameW
LoadMenuW
CreateWindowExW
GetSysColor
SetWindowTextW
InvalidateRect
SystemParametersInfoW
GetWindowRect
ReleaseDC
SetFocus
LoadCursorW
GetSysColorBrush
RegisterClassExW
ShowWindow
SetForegroundWindow
DefWindowProcW
DrawTextW
GetDC
DialogBoxParamW
MessageBoxW
LoadStringW
SetTimer
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowW
CreateDialogParamW
LoadStringA
wsprintfA
LoadImageW
GetSystemMetrics
SetWindowPos
DestroyWindow
CheckRadioButton
UpdateWindow
GetWindowLongW
CallWindowProcW
SetWindowLongW
IsWindowEnabled
GetDlgItemTextW
CheckDlgButton
EnableWindow
GetParent
wsprintfW
IsDlgButtonChecked
SendMessageW

gdi32

DeleteObject
StartPage
StartDocW
CreateDCW
GetStockObject
LineTo
MoveToEx
CreatePen
CreatePalette
CreateDIBitmap
SelectObject
GetMapMode
RealizePalette
SelectPalette
CreateCompatibleBitmap
PatBlt
CreateSolidBrush
SetBkMode
CreateFontIndirectW
SelectClipRgn
CreateRectRgn
CreateFontW
GetDeviceCaps
DPtoLP
SetMapMode
TextOutA
GetTextMetricsW
DeleteDC
StretchBlt
CreateCompatibleDC
GetObjectW
EndDoc
EndPage
ExtTextOutA
GetTextExtentPoint32A
BitBlt
SetBkColor
SetTextColor

winspool.drv

GetPrinterW
GetPrinterDriverW
OpenPrinterW
DocumentPropertiesW
AddJobW
GetPrinterDriverDirectoryW
ScheduleJob
ClosePrinter

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
GetUserNameW

imm32

ImmAssociateContext

winmm

PlaySoundW
waveOutGetNumDevs

comctl32

ord17
CreateStatusWindowW
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

wsock32

gethostbyname
gethostname
WSAStartup
WSACleanup
ioctlsocket

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7d0fb08bd8ae8df4dcd3467222d5341

Headers

File Characteristics

Imports

kernel32

mpr

user32

gdi32

winspool.drv

advapi32

imm32

winmm

comctl32

wsock32

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 52KB

.rsrc Size: 244KB - Virtual size: 244KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 52KB

.rsrc
Size: 244KB - Virtual size: 244KB