0d70d90dc59ed8b129ef97362331672f

Sharing

Copy URL Twitter E-mail

General

Target

0d70d90dc59ed8b129ef97362331672f
Size

1.1MB
MD5

0d70d90dc59ed8b129ef97362331672f
SHA1

a00607d738a445293c93a591b4e8c50e3ea3b402
SHA256

7f235ff831ca8998d4f14a74c7dccaca21b8c0357f6605ba0e6cf2e88ecf5d7a
SHA512

70ab3d64f88bfe3da77f506fc29cf079f78cf91c362cb84ff4885a89a26334f3b565d18c9ac5aff24b8f52f967f564c10e4da3f2b708b3020d0f31629c146252
SSDEEP

24576:87Skkx5kR9P7564gbZPSP7564gbZ98yvSkv:1c9P7o4gbZPSP7o4gbZ9XvSi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d70d90dc59ed8b129ef97362331672f

Files

0d70d90dc59ed8b129ef97362331672f
.exe windows:4 windows x86 arch:x86

8f814fb7a7bcd373d51a508bbce4db2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
HeapFree
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
CreateFileW
GetModuleFileNameW
LocalFree
GetCommandLineW
FlushFileBuffers
WriteFile
SetFilePointer
DeleteFileW
GetFullPathNameW
CreateDirectoryW
GetLongPathNameW
FindClose
FindNextFileW
RtlZeroMemory
FindFirstFileW
GetModuleHandleW
Sleep
GetCurrentProcessId
GetLastError
lstrlenW
GetCurrentProcess
LoadLibraryW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesW
GetTempFileNameW
GetTempPathW
CreateProcessW
InterlockedCompareExchange
GetTickCount
SetLastError
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
VirtualQuery
GetOEMCP
HeapSize
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
IsBadReadPtr
VirtualProtect
VirtualAlloc
GetSystemInfo
IsBadCodePtr
TlsAlloc
LCMapStringW
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetVersionExA
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
ExitProcess
LCMapStringA

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f814fb7a7bcd373d51a508bbce4db2a

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 928KB - Virtual size: 928KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 928KB - Virtual size: 928KB