0d92aea3c81a64cbf3b633c2a495c59f

Sharing

Copy URL

Twitter E-mail

General

Target

0d92aea3c81a64cbf3b633c2a495c59f
Size

308KB
MD5

0d92aea3c81a64cbf3b633c2a495c59f
SHA1

6fc112eea209c257b140d84bc08b670edca3787b
SHA256

e27b1dbc760f4a0b0dc7396c9f94c9b39fe580b6d0e5edd8d863adbb1d3a38ad
SHA512

7f4b3cdad7a836fdbe42b31bfb06ab2269e58f520805a98011c7135bdf416e5c6f0a6695c9602a6604e15e6c7e969dac4db794411bdc0b02ef36e421378869cb
SSDEEP

3072:rR0+5acGnGyfB7leluYuaoz2z6wSb43rknmLr1i1JGZs49koDvjvGPhNjlPtqWuW:NiGmkV3XGQOJVIvzBWurIvz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d92aea3c81a64cbf3b633c2a495c59f

Files

0d92aea3c81a64cbf3b633c2a495c59f
.exe windows:4 windows x86 arch:x86

0d00c9d9bae9c4fea07ee37e21a8d21e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
FindNextFileA
GetFileAttributesA
GetFileAttributesExA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcpyA
FlushInstructionCache
GetCurrentProcess
LoadResource
FindResourceA
lstrcmpiA
CompareStringA
InterlockedIncrement
GetCommandLineA
SetFileAttributesA
MoveFileExA
CopyFileA
GetTempPathA
ReadFile
DeleteFileA
WritePrivateProfileStringA
GetTempFileNameA
Process32Next
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
LoadLibraryW
GetLastError
LocalFree
LocalAlloc
CreateFileW
MultiByteToWideChar
FlushFileBuffers
SizeofResource
EnterCriticalSection
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
WideCharToMultiByte
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
HeapReAlloc
UnhandledExceptionFilter
TerminateProcess
SetLastError
TlsAlloc
GetOEMCP
GetACP
GetCPInfo
RaiseException
ExitProcess
GetVersion
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
ExitThread
CreateFileA
WriteFile
CloseHandle
FreeResource
FreeLibrary
GetSystemDirectoryA
FindFirstFileA
SetStdHandle
FindClose
LeaveCriticalSection
lstrlenA
InterlockedDecrement
GetCurrentThreadId
GetModuleFileNameA
TlsGetValue
TlsSetValue
CreateThread
ResumeThread
LoadLibraryA
GetProcAddress

user32

GetActiveWindow
DefWindowProcA
EnableWindow
IsWindowEnabled
SetWindowPos
DialogBoxParamA
EndDialog
GetWindow
CallWindowProcA
GetSysColor
GetFocus
DrawFocusRect
FillRect
GetDlgCtrlID
CreateWindowExA
DrawTextA
GetClassNameA
CreateCursor
GetWindowTextLengthA
GetWindowTextA
GetDC
OffsetRect
CharNextA
BeginPaint
EndPaint
LoadStringA
GetWindowLongA
GetParent
ReleaseDC
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
DestroyWindow
InvalidateRect
PtInRect
SetCursor
UpdateWindow
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
SetWindowLongA
IsWindow
DestroyCursor
SetRectEmpty
MessageBoxA
ShowWindow
SetWindowTextA
GetSystemMetrics
LoadImageA
SendMessageA
GetDlgItem

gdi32

SetTextColor
DeleteDC
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
DeleteObject
SetBkMode

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoInitialize
CoUninitialize

comctl32

InitCommonControlsEx
_TrackMouseEvent

wsock32

WSAStartup
ioctlsocket
gethostbyaddr
WSACleanup

shlwapi

PathFileExistsA

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d00c9d9bae9c4fea07ee37e21a8d21e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

wsock32

shlwapi

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 220KB - Virtual size: 219KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 220KB - Virtual size: 219KB