0ff618b315843fd1b619f979714030a4

Sharing

Copy URL Twitter E-mail

General

Target

0ff618b315843fd1b619f979714030a4
Size

136KB
MD5

0ff618b315843fd1b619f979714030a4
SHA1

59f68faeb8faacad48c2644bfb6bc4d71918cbcc
SHA256

7bdf0f7b4385844ec2c077640493b56d7e0542d0100f565a12b6673646457f0e
SHA512

b17578da0a99969a645a6621d3e98ca69cb5adc6187b6efb11a3086d70ef22848f63bcf7b3176ba420fc5743f43412e23e59e63ac510bca7f0b9e68cd14bb33a
SSDEEP

3072:RfxKNtfpGVyvKSUhKGFDRPrJ3QsNSFHTimqwIfMVpg:RfoToJrvShrIfMVC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ff618b315843fd1b619f979714030a4

Files

0ff618b315843fd1b619f979714030a4
.exe windows:4 windows x86 arch:x86

73e29fa6384735f649503fddfcca19f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ord588
ord584
ord130
ord939
ord831
ord565
ord564
ord395
ord254
ord435
ord432
ord613
ord875
ord908
ord709
ord878
ord517
ord519
ord337
ord351
ord431
ord784
ord336
ord334
ord895
ord240
ord239
ord856
ord241
ord521
ord527
ord316
ord372
ord374
ord840
ord50
ord109
ord475
ord933
ord408
ord913
ord942
ord476
ord457
ord224
ord583
ord597
ord243
ord404
ord247
ord948
ord578
ord429
ord266
ord525
ord839
ord515
ord183

user32

ord555
ord457
ord477
ord452
ord269
ord729
ord152
ord256
ord446
ord572
ord274
ord346
ord159
ord635
ord596
ord268
ord195
ord197
ord420
ord199
ord438
ord97
ord644
ord472
ord444
ord595
ord677
ord435
ord404
ord599
ord276
ord275
ord14
ord201
ord28
ord367
ord641
ord227

gdi32

ord527
ord141
ord45
ord586
ord591
ord569
ord587
ord573
ord437
ord81
ord144
ord406
ord46

comdlg32

ord110

shell32

ord273
ord313

avifil32

AVIFileGetStream
AVIFileInit
AVIStreamGetFrameOpen
AVIStreamRead
AVIStreamSampleToTime
AVIStreamGetFrameClose
AVIFileRelease
AVIFileOpenA
AVIFileInfoA
AVIStreamStart
AVIFileExit
AVIStreamGetFrame
AVIStreamInfoA
AVIStreamReadFormat
AVIStreamTimeToSample
AVIStreamLength

comctl32

ord17
ord22

msacm32

acmStreamConvert
acmStreamClose
acmStreamPrepareHeader
acmStreamUnprepareHeader
acmStreamOpen
acmStreamSize

winmm

ord67

encmpa

ord7
ord8
ord9
ord1
ord6
ord3
ord5
ord2
ord4

encodem1v

ord1
ord3
ord2

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73e29fa6384735f649503fddfcca19f1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

avifil32

comctl32

msacm32

winmm

encmpa

encodem1v

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 76KB - Virtual size: 75KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 76KB - Virtual size: 75KB