0d6fe767c70b67695546bb50c720b25d

Sharing

Copy URL Twitter E-mail

General

Target

0d6fe767c70b67695546bb50c720b25d
Size

159KB
MD5

0d6fe767c70b67695546bb50c720b25d
SHA1

fc645c2f0c5369200529ea0a582ac9593c3070fa
SHA256

4bddd59e409428e4b4c126f32497ef782d52a4ce3bf78f46b417a6157975aa37
SHA512

ffdea160f56a37a0d381f782540df3987ff1c545805d3b6a5e5f6b3278642d7cf24481895e728f220c0c1a57463101bd496ba308d0bc5d898023381d5b9d2d06
SSDEEP

3072:iwsnIFZYH1bNfM3LE8ndg87vcqAL+FAovCheiJZr3FENxVCvV6ra:QIm1b8EC37vfoMIJpax0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d6fe767c70b67695546bb50c720b25d

Files

0d6fe767c70b67695546bb50c720b25d
.exe windows:4 windows x86 arch:x86

3b77e9b2446a549eb505eab48d587269

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823
ord825

msvcrt

calloc
strncmp
malloc
realloc
_wasctime
_strdup
_itoa
_initterm
_stat
_timezone
_stricmp
__dllonexit
__CxxFrameHandler
_onexit
atoi
wcscpy
time
strncat
memmove
?terminate@@YAXXZ
wcsncpy
vsprintf
sprintf
free
localtime
wcslen

kernel32

SetThreadPriority
GetSystemWow64DirectoryA
Thread32Next
GetNamedPipeHandleStateW
GetLargestConsoleWindowSize
LockFile
MultiByteToWideChar
lstrlenW
GetConsoleAliasesLengthW
GetLastError
WriteProfileStringA
OpenMutexA
DisconnectNamedPipe
VirtualAlloc
SetFileTime
GetMailslotInfo
OpenEventA
LZSeek
GetCurrentThread
GlobalAlloc
SetMessageWaitingIndicator
MultiByteToWideChar
Sleep
IsProcessorFeaturePresent
OutputDebugStringA
GlobalReAlloc
CreateEventW
SetConsoleTextAttribute
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenA
CreateFileA
CloseHandle
SetProcessAffinityMask
VerLanguageNameW
CreateSocketHandle
InterlockedDecrement
CommConfigDialogA
GetConsoleFontInfo
GetHandleInformation
GetConsoleAliasExesA
GetProfileStringW
GetCurrentDirectoryW
ReadFile
GetPrivateProfileStringA
BaseCheckAppcompatCache
GetStartupInfoW
GetCommandLineA
GetComputerNameExW
GetDevicePowerState
GetCPInfo
RequestDeviceWakeup
FindFirstFileW
GetComputerNameExA
DeviceIoControl
ReadConsoleOutputCharacterA
WideCharToMultiByte
CancelTimerQueueTimer
CallNamedPipeA
SetConsoleDisplayMode
GetProfileIntA
EnumSystemLocalesW
CloseHandle
CreateJobObjectA
InterlockedIncrement
GetVolumeNameForVolumeMountPointA
GetTickCount
ReadConsoleOutputW
GetExpandedNameA
RemoveDirectoryA
GetStringTypeW
lstrlenA
ExitProcess
WriteFileEx
AddAtomW

advapi32

RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegSetValueA

ole32

CoTaskMemAlloc
CoUninitialize
CoInitialize

rpcrt4

UuidToStringA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

winmm

timeGetTime

secur32

SealMessage
ImportSecurityContextA
ApplyControlToken
TranslateNameA
SaslEnumerateProfilesW
CompleteAuthToken
LsaFreeReturnBuffer
TranslateNameW

wininet

InternetClearAllPerSiteCookieDecisions
InternetReadFileExW
InternetSetOptionExW
UnlockUrlCacheEntryFile
FindNextUrlCacheEntryW
InternetFortezzaCommand
DllInstall
DeleteUrlCacheEntryA
InternetConnectA
InternetSetStatusCallbackA
FtpGetCurrentDirectoryW
FindFirstUrlCacheContainerA
InternetGetCookieW
SetUrlCacheEntryGroup
HttpQueryInfoA
InternetShowSecurityInfoByURL
GopherOpenFileA
ReadUrlCacheEntryStream
CreateUrlCacheEntryW
InternetSetDialState
GopherGetAttributeW
SetUrlCacheEntryInfoA
CommitUrlCacheEntryA
GopherGetLocatorTypeW
RetrieveUrlCacheEntryStreamA
InternetErrorDlg
InternetCanonicalizeUrlW
CommitUrlCacheEntryW
FindFirstUrlCacheEntryW

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XxE
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ

.XXcFmd
Size: 2KB - Virtual size: 25KB

IMAGE_SCN_MEM_READ

.THU
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.q
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bJJ
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wJ
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ATA
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Wg
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b77e9b2446a549eb505eab48d587269

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

ole32

rpcrt4

setupapi

winmm

secur32

wininet

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 5KB - Virtual size: 4KB

.XxE Size: 1KB - Virtual size: 12KB

.XXcFmd Size: 2KB - Virtual size: 25KB

.THU Size: 3KB - Virtual size: 30KB

.q Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 39KB

.bJJ Size: 1KB - Virtual size: 34KB

.wJ Size: 2KB - Virtual size: 17KB

.ATA Size: 2KB - Virtual size: 32KB

.Wg Size: 1KB - Virtual size: 25KB

.rsrc Size: 103KB - Virtual size: 102KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 5KB - Virtual size: 4KB

.XxE
Size: 1KB - Virtual size: 12KB

.XXcFmd
Size: 2KB - Virtual size: 25KB

.THU
Size: 3KB - Virtual size: 30KB

.q
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 39KB

.bJJ
Size: 1KB - Virtual size: 34KB

.wJ
Size: 2KB - Virtual size: 17KB

.ATA
Size: 2KB - Virtual size: 32KB

.Wg
Size: 1KB - Virtual size: 25KB

.rsrc
Size: 103KB - Virtual size: 102KB