0fefd896e8a15c394ccf4f953b90b821

General

Target

0fefd896e8a15c394ccf4f953b90b821
Size

16KB
MD5

0fefd896e8a15c394ccf4f953b90b821
SHA1

ba6f890caac56af2f601bc06421887e92a5fb28d
SHA256

21efb1ae740f1ffc0df282609042cf7e17a4ed1cd43f2a41ae41b4c353474b37
SHA512

150653fcd3a9aa6f9030a5d8bd81ec557bd9423b0208a4d8d03a3a8efe18dc40372adcb168e5d4872b6ad014123646705ab7407e681dd8a5e2453fec97c7920a
SSDEEP

384:gJ+kqJmzLux6R138HMUwIRwKVgyKdiReebtIHAQJ:gNqJmXvt8HMUwqFI7eRIgQJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fefd896e8a15c394ccf4f953b90b821

Files

0fefd896e8a15c394ccf4f953b90b821
.exe windows:4 windows x86 arch:x86

1cab3e4e5e5107aed6d19f380172e2c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrDupA
StrStrIA
StrRChrA
StrNCatA
StrChrA

kernel32

ReadFile
LocalAlloc
GetFileSize
LockResource
LoadResource
SizeofResource
FindResourceA
lstrlenA
CopyFileA
lstrcpynA
GetProcAddress
LoadLibraryA
DeleteFileA
LocalReAlloc
ExitThread
lstrcpyA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
LocalFree
SetCurrentDirectoryA
GlobalAddAtomA
ExitProcess
GlobalFindAtomA
GetSystemDirectoryA
GetModuleFileNameA
WriteFile
GetWindowsDirectoryA
GetVersion
GetModuleHandleA
FreeLibrary
GlobalFree
LoadLibraryExA
GlobalAlloc
GetSystemTimeAsFileTime
UnmapViewOfFile
VirtualProtect
MapViewOfFile
CreateFileMappingA
GetCommandLineA
MultiByteToWideChar
CreateRemoteThread
VirtualAllocEx
VirtualFreeEx
OpenProcess
MoveFileExA
DeviceIoControl
CloseHandle
CreateFileA
GetTickCount
Sleep
GetLastError
FlushFileBuffers
GetCurrentProcess

user32

wsprintfA

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
ControlService
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle
DeleteService
OpenSCManagerA
RegCloseKey
CreateServiceA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cab3e4e5e5107aed6d19f380172e2c6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB