0dac8ac752eaf8cdbb66b1d99a32ddf7

Sharing

Copy URL Twitter E-mail

General

Target

0dac8ac752eaf8cdbb66b1d99a32ddf7
Size

600KB
MD5

0dac8ac752eaf8cdbb66b1d99a32ddf7
SHA1

2c77725bb2e80c160ab8a156606e816928ea5001
SHA256

6d998d05163a9b4e10cf1ab061ff98dcab70e38249908ea80ce34c0e9bea90a8
SHA512

968aca756808164beb1ca4ebb1cc55138ee7631b0f666e2d1b5c74b09e5b1756d64decfa080a78d42f0628d1f242c0ead79de50bbed5bb14a453635a53b697d1
SSDEEP

6144:/zvchwf0tbXTG8/DJ6oqg9vv1E+SZIjtLjbX5rxjGSLUiWB82/v6H2i4j/sss9HG:/zv0tZRqOv1ayZz5rZ2JaWi4jF+sD/N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dac8ac752eaf8cdbb66b1d99a32ddf7

Files

0dac8ac752eaf8cdbb66b1d99a32ddf7
.exe windows:4 windows x86 arch:x86

ff3a195f7596a7a60d5858d17d91b936

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileW
SHGetPathFromIDList

user32

SetWindowWord
MessageBoxA
GetUpdateRgn
OemKeyScan
GetDoubleClickTime
CreateWindowExW
IsCharAlphaNumericW
SystemParametersInfoW
RegisterClassA
DrawEdge
GetPropW
SetMenuItemBitmaps
CharLowerA
DrawTextW
UnionRect
MessageBoxW
GetClipCursor
SetWindowsHookA
InvalidateRect
DestroyWindow
SetClassWord
CheckMenuRadioItem
CopyRect
MoveWindow
GetDesktopWindow
GetWindowDC
GetSubMenu
RegisterClassExA
SetMessageQueue
ScrollDC
ModifyMenuW
GetMenuCheckMarkDimensions
ActivateKeyboardLayout
GetWindowRect
GrayStringW
SetLastErrorEx
ShowWindow
VkKeyScanExW
ReplyMessage
CharUpperW
FrameRect
DefWindowProcA
GetMenuItemInfoW
DlgDirSelectExA
IsCharLowerA

kernel32

SetStdHandle
TlsFree
WideCharToMultiByte
GetLocaleInfoW
GetTempFileNameW
FlushFileBuffers
LCMapStringA
GetFileType
CreateFileA
GetModuleHandleA
WriteConsoleA
FreeEnvironmentStringsW
lstrlen
GlobalHandle
GetEnvironmentStrings
EnumResourceTypesW
GetCurrentThreadId
MapViewOfFile
GetNumberFormatW
CreateDirectoryA
ReleaseSemaphore
GetCurrentProcessId
RtlUnwind
WriteFile
IsValidLocale
OpenMutexA
GetACP
ReadConsoleA
EnumResourceTypesA
SetVolumeLabelW
ReadConsoleOutputA
lstrcpyn
FileTimeToLocalFileTime
SetCurrentDirectoryW
IsBadWritePtr
SetConsoleCursorInfo
GetLastError
GetPrivateProfileStringW
GetThreadTimes
CommConfigDialogW
ConnectNamedPipe
CompareStringW
lstrcpyA
FreeEnvironmentStringsA
FindAtomA
GetModuleFileNameA
GetShortPathNameW
GetStringTypeW
lstrcpynW
GetOEMCP
GetFullPathNameA
GetPrivateProfileSectionA
CreateMutexA
GetPrivateProfileSectionW
GetCommandLineW
GetSystemTimeAsFileTime
LeaveCriticalSection
GetLocaleInfoA
LocalReAlloc
GetCommandLineA
GlobalFlags
EnumDateFormatsExA
LCMapStringW
QueryPerformanceCounter
ReadFileEx
CompareStringA
GetProcAddress
InitializeCriticalSection
GetTimeZoneInformation
DeleteCriticalSection
EnumSystemLocalesA
ReadFile
CreateRemoteThread
OpenSemaphoreA
GetStartupInfoW
TerminateProcess
GetPrivateProfileStructW
WaitForDebugEvent
GetVersionExA
GetUserDefaultLCID
HeapAlloc
GetConsoleTitleW
GetCurrentProcess
VirtualFree
SetLastError
SetLocaleInfoW
GetEnvironmentVariableW
GetFileAttributesW
GetTempPathW
ExitProcess
OpenFileMappingW
GetEnvironmentStringsW
MoveFileA
SetWaitableTimer
GetCurrentThread
LocalUnlock
TlsAlloc
HeapSize
CreateEventW
GetWindowsDirectoryA
TlsSetValue
HeapCreate
MultiByteToWideChar
GetSystemInfo
LocalShrink
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
HeapFree
OutputDebugStringA
InterlockedExchangeAdd
ConvertDefaultLocale
GetStringTypeA
GetWindowsDirectoryW
GetNamedPipeHandleStateW
EnterCriticalSection
LoadLibraryA
GetSystemDirectoryW
GetTickCount
InterlockedExchange
CloseHandle
SetHandleCount
SetFilePointer
IsValidCodePage
TlsGetValue
GetStdHandle
FindClose
GetCPInfo
GetAtomNameW
GetModuleFileNameW
OpenEventA
HeapDestroy
VirtualAlloc
GetTimeFormatA
VirtualQuery
GlobalFindAtomA
CreateSemaphoreA
FlushViewOfFile
GetDateFormatA
GetStartupInfoA
VirtualProtect
SetEnvironmentVariableA
SetConsoleCtrlHandler
EnumResourceLanguagesA
SetEnvironmentVariableW
HeapReAlloc

advapi32

LogonUserW
AbortSystemShutdownA
StartServiceW
GetUserNameW
RegSetKeySecurity
InitiateSystemShutdownW
RegRestoreKeyW
CryptAcquireContextW
LogonUserA
LookupAccountNameW
RegQueryValueExA
RegOpenKeyExA
CryptEnumProvidersW
DuplicateTokenEx
StartServiceA
RegSetValueExA
RegEnumKeyExA
CryptEnumProviderTypesW
RegQueryInfoKeyW

comctl32

GetEffectiveClientRect
ImageList_Replace
ImageList_LoadImageW
ImageList_Duplicate
CreateToolbarEx
CreateMappedBitmap
ImageList_Create
ImageList_LoadImageA
ImageList_ReplaceIcon
ImageList_GetIcon
CreateStatusWindow
MakeDragList
CreatePropertySheetPage
InitCommonControlsEx
InitMUILanguage

comdlg32

FindTextA
PageSetupDlgA
ReplaceTextW
ReplaceTextA

wininet

InternetLockRequestFile

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff3a195f7596a7a60d5858d17d91b936

Headers

File Characteristics

Imports

shell32

user32

kernel32

advapi32

comctl32

comdlg32

wininet

Sections

.text Size: 192KB - Virtual size: 190KB

.rdata Size: 268KB - Virtual size: 264KB

.data Size: 112KB - Virtual size: 133KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 192KB - Virtual size: 190KB

.rdata
Size: 268KB - Virtual size: 264KB

.data
Size: 112KB - Virtual size: 133KB

.rsrc
Size: 24KB - Virtual size: 20KB