0e34d49b9defc86f671584a7c2df16b8

Sharing

Copy URL

Twitter E-mail

General

Target

0e34d49b9defc86f671584a7c2df16b8
Size

376KB
MD5

0e34d49b9defc86f671584a7c2df16b8
SHA1

636d7fbf2dc68844ac567382fb62c6a91bae3cc4
SHA256

389c9489f7256c04263432af25dd02cdbd138d45af86983872de5945c95963e8
SHA512

6087eafc65e1bf26e54501a5cf9adf54f72184a30ef584efb483d8ac28eda2700a0f6017b4bf5204775b320b82114cc1153991cda5fcd1b40181698b3470cb78
SSDEEP

6144:XCgfoNIyyezKPA510T72NHyr9rVYwlpXva6XE37b/VC5TCzbATZh1dG:XPiISIo7Ur9W8fDXyX/VCdTn3G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e34d49b9defc86f671584a7c2df16b8

Files

0e34d49b9defc86f671584a7c2df16b8
.exe windows:5 windows x86 arch:x86

08c48e731be77c4081cfc65b4555c3b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_ismbclegal
_mbctolower
vsprintf
fputc
_CIacos
_filelength
swprintf
gmtime
_tempnam
vfprintf
getc
strcmp
_mbscat
ceil
strtok
scanf
_open
strncmp
_y0
_CIexp
wscanf
system
_errno
_memicmp
labs
__fpecode
_lseek
vfwprintf
_cscanf
_local_unwind2
_chsize
tmpfile
islower
srand
_osminor_dll
wcsrchr

kernel32

DnsHostnameToComputerNameW
SetEnvironmentVariableW
GetCurrentThread
DeleteTimerQueueEx
LoadLibraryA
DisconnectNamedPipe
SetLastError
LZStart
GetPrivateProfileStructA
GlobalAlloc
InitAtomTable
OpenWaitableTimerA
SetProcessAffinityMask
FlushInstructionCache
GlobalAddAtomA
EnumSystemGeoID
GetVolumeInformationA
GetEnvironmentVariableA
QueryPerformanceCounter
CreateConsoleScreenBuffer
GetProfileStringA
GetEnvironmentStringsA
GetConsoleMode
Module32First
SetLocalTime
AttachConsole
GetDateFormatA
CreateTimerQueueTimer
InterlockedExchangeAdd
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetLocaleInfoW
CreateProcessInternalA
SetSystemTime
FatalAppExitW
ExpandEnvironmentStringsA
VirtualAlloc
GlobalFindAtomW
CreateActCtxW
EnumSystemLanguageGroupsW
GetProcessShutdownParameters
SetConsoleNumberOfCommandsA
SetThreadContext
FindNextFileA
CreateNamedPipeA
DosPathToSessionPathA
FreeLibrary

duser

GetGadgetRotation
RemoveGadgetProperty
DUserRegisterSuper
GetGadgetRgn
FindGadgetMessages
EnumGadgets
GetGadgetRect
GetGadgetProperty
LookupGadgetTicket
GetGadgetRootInfo
DUserRegisterGuts
GetGadgetScale
IsInsideContext
GetStdColorPenI
SetGadgetProperty
UtilGetColor
FindGadgetFromPoint
GetGadgetFocus
DUserSendMethod
DUserGetRotatePRID
PeekMessageExW
SetGadgetFillI
GetGadgetCenterPoint
AddGadgetMessageHandler
SetGadgetParent
UnregisterGadgetProperty
UnregisterGadgetMessageString

odbc32

SQLForeignKeysA
SQLFreeConnect
SQLSetConnectAttrW
SQLGetDiagFieldW
VRetrieveDriverErrorsRowCol
SQLSetStmtAttrA
VFreeErrors
SQLBindParameter
SQLGetDescField
SQLPrepareA
SQLGetConnectOption
SQLDescribeCol
SQLSetConnectOptionA
SQLColAttributesW
SQLSetDescFieldW
SQLExecute
SQLColumnPrivilegesA
SQLDescribeParam
SQLSpecialColumnsW
SQLSetScrollOptions
SQLGetConnectOptionW
SQLFreeStmt
SQLConnectA
SQLColumnsA
SQLSetPos
SQLTablesW
SQLParamData
SQLParamOptions
SQLDataSourcesW
SQLBrowseConnectW
SQLSetDescFieldA
SQLSetParam
PostODBCComponentError

polstore

IPSecFreeFilterSpecs
IPSecSetPolicyData
IPSecFreePolStr
IPSecCreateNegPolData
IPSecFreeMulNegPolData
IPSecSetNegPolData
IPSecSetFilterData
IPSecEnumPolicyData
IPSecGetNegPolData
IPSecGetISAKMPData
IPSecCreatePolicyData
IPSecEnumISAKMPData
IPSecCopyISAKMPData
IPSecOpenPolicyStore
IPSecGetFilterData
IPSecSetNFAData
IPSecImportPolicies
IPSecFreeFilterData
IPSecExportPolicies
IPSecCopyNegPolData
IPSecFreeMulFilterData
IPSecCopyPolicyData
IPSecCopyNFAData
IPSecDeletePolicyData
IPSecEnumFilterData
IPSecAssignPolicy
IPSecClosePolicyStore
IPSecEnumNegPolData
IPSecAllocPolStr
IPSecCreateISAKMPData
IPSecDeleteNFAData
IPSecGetAssignedPolicyData

olecli32

BmDraw
PbCreateLinkFromFile
PbCreateInvisible
GenCopy
CheckNetDrive
OleRequestData
ErrSetData
LeEqual
ErrExecute
OleRename
PbCreateLinkFromClip
GenDraw
ErrSetTargetDevice
PbGetData
LeSetData
OleQueryClientVersion
LeGetData
DefCreate
OleCreateFromTemplate
OleSaveToStream
MfRelease
OleEnumFormats
OleCopyFromLink
OleSetData
ErrSetHostNames
OleDraw

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08c48e731be77c4081cfc65b4555c3b3

Headers

File Characteristics

Imports

crtdll

kernel32

duser

odbc32

polstore

olecli32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 158KB - Virtual size: 160KB

.data Size: 512B - Virtual size: 520KB

.rsrc Size: 115KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 158KB - Virtual size: 160KB

.data
Size: 512B - Virtual size: 520KB

.rsrc
Size: 115KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 4KB