0dc49cc8ed077b7e46c3116c364184f1

Sharing

Copy URL Twitter E-mail

General

Target

0dc49cc8ed077b7e46c3116c364184f1
Size

433KB
MD5

0dc49cc8ed077b7e46c3116c364184f1
SHA1

87dd4dfafcac351db528147a6479ffa82a2ea797
SHA256

e4fa778ca1d1d205eb4b8989194012c2c7c321d8768c919b7af60a4f2b6063fb
SHA512

69b32b1784b34b09f31b2ce00ec9ccc90566b878e606530e240248b36f74af7bcf2f5c690f677b56026bb698e74edd050e629f3ec03d7221f70514e879f0ca54
SSDEEP

12288:ojlF9na1UqT79igsbAQZYp5i4MfPWV1An/8NNhbCy+zjv:cH5CHUmpuf+rAkNF+z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc49cc8ed077b7e46c3116c364184f1

Files

0dc49cc8ed077b7e46c3116c364184f1
.exe windows:4 windows x86 arch:x86

7f66c8d064e10135f8f90edb2f7e5bcf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
HeapSize
InterlockedDecrement
SetLastError
GetProcAddress
InterlockedIncrement
HeapReAlloc
Sleep
FreeEnvironmentStringsA
GetStdHandle
GetCurrentProcessId
TlsGetValue
TlsAlloc
GetEnvironmentStringsW
TlsSetValue
GetModuleHandleA
IsDebuggerPresent
WriteConsoleOutputAttribute
UnhandledExceptionFilter
LeaveCriticalSection
GetLocaleInfoW
WideCharToMultiByte
FreeLibrary
GetUserDefaultLCID
IsValidLocale
ReleaseSemaphore
GetStartupInfoA
SetConsoleMode
GetLocaleInfoA
ExitProcess
GetTickCount
CreateMutexW
TlsFree
HeapFree
GetCommandLineW
GetModuleFileNameA
GetTimeFormatA
LoadLibraryA
QueryPerformanceCounter
GetCommandLineA
VirtualAlloc
GetCurrencyFormatA
FreeEnvironmentStringsW
WriteFile
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetCurrentThread
GetFileType
GetOEMCP
SetConsoleCtrlHandler
VirtualFree
InitializeCriticalSection
GetACP
GetSystemTimeAsFileTime
GetDateFormatA
DeleteCriticalSection
GetThreadTimes
GetEnvironmentStrings
GetLastError
CompareStringW
SetHandleCount
LCMapStringA
GetTimeZoneInformation
CompareStringA
GetModuleFileNameW
SetEnvironmentVariableA
GetCompressedFileSizeA
HeapDestroy
SetUnhandledExceptionFilter
GetProcessHeap
WriteConsoleOutputCharacterW
InterlockedExchange
GetStringTypeA
GetStartupInfoW
GetCPInfo
LCMapStringW
EnumSystemLocalesA
EnterCriticalSection
IsValidCodePage
HeapCreate
HeapAlloc
MultiByteToWideChar
ConnectNamedPipe
GetCurrencyFormatW
GetVersionExA
VirtualQuery

advapi32

CryptEnumProvidersW
CryptAcquireContextW
RegSetKeySecurity
RegEnumValueA
InitializeSecurityDescriptor
RevertToSelf
CreateServiceA
CryptGetKeyParam
RegQueryMultipleValuesA
RegSaveKeyA
CryptAcquireContextA
RegEnumKeyExA
CryptVerifySignatureA
RegQueryValueExW
CryptGetUserKey
RegQueryMultipleValuesW
RegCreateKeyExA
CryptDestroyKey
StartServiceA
RegOpenKeyExA
CryptImportKey
RegConnectRegistryA
CryptSetProviderExW
RegCreateKeyA
RegNotifyChangeKeyValue

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f66c8d064e10135f8f90edb2f7e5bcf

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 147KB - Virtual size: 146KB

.data Size: 274KB - Virtual size: 274KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 147KB - Virtual size: 146KB

.data
Size: 274KB - Virtual size: 274KB

.rsrc
Size: 10KB - Virtual size: 10KB