0ff352fd7a383439ad3a9ab1d9bd110d

Sharing

Copy URL Twitter E-mail

General

Target

0ff352fd7a383439ad3a9ab1d9bd110d
Size

182KB
MD5

0ff352fd7a383439ad3a9ab1d9bd110d
SHA1

5f409453024a91f41251e37a21787ba25e366e8d
SHA256

6cbb11efcfa904d1f70d2fbb35f36df8f3e85e49493bb73d31a4331bf47b459e
SHA512

7ac557e35c005ab3adc6775b1944b419a21222878c99cac8489c42662eb02d973c5e7c54062016ba676e04fbf75592b6b0462b475cb8d75d3aca4ce38544381a
SSDEEP

3072:SIjLO80J68QnUzTpr5RCilsq06tdcjCGIksv/reuzDXq28se:SIPO80Jx/TlLdtG5snrdzrqbZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ff352fd7a383439ad3a9ab1d9bd110d

Files

0ff352fd7a383439ad3a9ab1d9bd110d
.exe windows:0 windows x86 arch:x86

046f46d0b23ca4e9deca1b1dc44e731b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsrchr
_wtoi
_wcsicmp
_unlock
_onexit
_lock
_initterm
memcpy
_XcptFilter
_purecall
realloc
malloc
_amsg_exit
wcsncmp
memset
__dllonexit
_vsnwprintf
free
wcschr
_wtol
_wcsnicmp
wcspbrk

kernel32

HeapAlloc
RtlUnwind
CreateRemoteThread
lstrlenW
HeapFree
RaiseException
FreeLibrary
EnterCriticalSection
GlobalMemoryStatus
CreateMailslotA
GetQueuedCompletionStatus
InterlockedCompareExchange
FileTimeToSystemTime
MultiByteToWideChar
Sleep
GetGeoInfoA
OpenConsoleW
InterlockedDecrement
GetTempPathW
GlobalGetAtomNameW
GetProcessIoCounters
ResetEvent
HeapWalk
GetDateFormatW
GlobalFree
InitializeSListHead
BackupSeek
BeginUpdateResourceW
GlobalLock
CloseHandle
FreeEnvironmentStringsA
GetFileSize
GetCommState
GlobalAlloc
CompareStringW
FreeEnvironmentStringsW
SetConsoleDisplayMode
GetProcessHeap
QueryPerformanceCounter
GetFileSize
VirtualAllocEx
UnhandledExceptionFilter
DeleteCriticalSection
TerminateProcess
lstrcatW
CreateMailslotW
LocalFlags
ReadFileScatter
CopyLZFile
DeviceIoControl
SetUnhandledExceptionFilter
QueryPerformanceFrequency
SetEvent
GetLocalTime
LocalFree
LoadResource
FindResourceW
ReadFile
GetLastError
GlobalReAlloc
GetDiskFreeSpaceA
DeleteFileW
SetConsoleNlsMode
ExpungeConsoleCommandHistoryW
LeaveCriticalSection
InterlockedIncrement
GetExitCodeThread
WriteProfileSectionW
GetLocalTime
LocalAlloc
WaitForMultipleObjectsEx
lstrlenA
GetStartupInfoA
GetDiskFreeSpaceA
IsProcessInJob
ReadConsoleW
UnregisterConsoleIME
GetPrivateProfileSectionNamesA
InterlockedExchange
GetExpandedNameW
GetVersionExA
SetFilePointer
ReadConsoleOutputCharacterA
GetNumberOfConsoleMouseButtons
lstrcpyW
GetTickCount
GetConsoleAliasA
lstrcmpA
SetCommBreak
HeapDestroy
WaitCommEvent
GetVersion
GetTapePosition
BaseFlushAppcompatCache
InvalidateConsoleDIBits
GetVersionExW
DebugBreak
GetLongPathNameW
OutputDebugStringW
GetSystemTimeAsFileTime
WideCharToMultiByte
GlobalUnlock
lstrcpynW
GetTempFileNameW
GetCurrentProcess
GetEnvironmentStringsW
WaitForSingleObject
lstrcmpiW
SizeofResource
GetVersionExW
TerminateJobObject
GetSystemInfo
WaitForMultipleObjects
SetTermsrvAppInstallMode
VirtualQuery
CreateFileW
GetCurrentProcessId
CreateEventW
FindResourceW
SetVolumeLabelW

user32

CharNextW
GetMessageW
DispatchMessageW
RegisterWindowMessageA
PostThreadMessageW
LoadIconW
PostMessageW
CharPrevW

advapi32

UnregisterTraceGuids
RegOpenKeyExW
RegSetValueExA
GetTraceLoggerHandle
RegDeleteValueW
GetTraceEnableFlags
RegCloseKey
RegEnumValueW
RegQueryValueExA
RegisterTraceGuidsW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegQueryInfoKeyW
GetTraceEnableLevel
RegSetValueExW
TraceMessage
RegQueryValueExW

ole32

CoTaskMemRealloc
CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoInitializeEx
PropVariantClear
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

VariantInit
SafeArrayCreateVector
SysAllocStringByteLen
VariantCopy
LoadTypeLi
VariantChangeType
VarUI4FromStr
RegisterTypeLi
VariantClear
SysFreeString
SysAllocString
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SafeArrayRedim

userenv

GetUserProfileDirectoryA
RsopResetPolicySettingStatus
DllCanUnloadNow
DllRegisterServer

Sections

.THHgqC
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.H
Size: 1024B - Virtual size: 947B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.irgho
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UWDN
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

046f46d0b23ca4e9deca1b1dc44e731b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

userenv

Sections

.THHgqC Size: 1KB - Virtual size: 1KB

.H Size: 1024B - Virtual size: 947B

.irgho Size: 2KB - Virtual size: 1KB

.UWDN Size: 2KB - Virtual size: 1KB

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 36KB

.rsrc Size: 145KB - Virtual size: 145KB

.THHgqC
Size: 1KB - Virtual size: 1KB

.H
Size: 1024B - Virtual size: 947B

.irgho
Size: 2KB - Virtual size: 1KB

.UWDN
Size: 2KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 36KB

.rsrc
Size: 145KB - Virtual size: 145KB