0ecef96597e4b3e0165453f69f75789a

Sharing

Copy URL Twitter E-mail

General

Target

0ecef96597e4b3e0165453f69f75789a
Size

354KB
MD5

0ecef96597e4b3e0165453f69f75789a
SHA1

b083ad1e15fbfd254ca1c04e7be57a49e735dbaa
SHA256

ccc4f2ef6538b82338aee85ecf28b37e3689de3b357411e0867e9e6bda539bd9
SHA512

42a7e688a5b15d4c547f40a71e48661287174cdeacfd06eecfd7048d8d37ea01fd3bde9f12b1e46b1e009e4280dd290b031e88e3d51c999b69a65d82ea862c94
SSDEEP

6144:IWkvIV9KYdLAKGNNu7j0kFNdIqGuYkQrGADDUrrdpagJK:GwyYqKGdnqitsrRNJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ecef96597e4b3e0165453f69f75789a

Files

0ecef96597e4b3e0165453f69f75789a
.exe windows:5 windows x86 arch:x86

555c3d0176c4b8b8b757294d6c07008c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListW

setupapi

SetupOpenAppendInfFileW
SetupAddInstallSectionToDiskSpaceListW
SetupRemoveInstallSectionFromDiskSpaceListW
SetupAdjustDiskSpaceListW
SetupInstallFromInfSectionW
SetupSetDirectoryIdW
SetupInstallFilesFromInfSectionW

comctl32

CreatePropertySheetPageW

rpcrt4

NdrServerCall2
NdrClientCall2
UuidCreate
RpcBindingFree
RpcMgmtSetCancelTimeout
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcCancelThread

user32

GetDC
SendMessageA
ReleaseDC
CountClipboardFormats
SendMessageW
GetDlgItem
SetDlgItemTextW
GetDesktopWindow
GetDlgItemTextW
TranslateMessage
DestroyWindow
GetClipboardViewer
GetCursor
LoadBitmapA
SystemParametersInfoW
ShowWindow
DefWindowProcW
EnumWindows
GetForegroundWindow
DispatchMessageW
PeekMessageW
PostMessageW
CharNextW
UnregisterClassA
MsgWaitForMultipleObjects
LoadStringW
DefWindowProcA
GetMessageA
MessageBoxW
CheckRadioButton
CreateDialogParamW
DispatchMessageA
GetActiveWindow
EnableWindow
GetDoubleClickTime
SetWindowLongW
GetParent
PostQuitMessage
GetClipboardSequenceNumber
wsprintfW
FindWindowA
EndDialog
GetClipboardOwner
CreateWindowExA
UpdateWindow
LoadIconA
SendDlgItemMessageW
FindWindowExA
DialogBoxParamW

gdi32

SelectObject
AddFontResourceA
SetPixel
DeleteObject
ExtCreatePen
GetPixel
DeleteDC
CreateBrushIndirect
BitBlt
CreateFontIndirectW
GetStockObject
CreateSolidBrush
GetDeviceCaps

advapi32

ChangeServiceConfigW
OpenSCManagerW
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAceEx
SetSecurityDescriptorDacl
SetFileSecurityW
FreeSid
LookupAccountNameW
AllocateAndInitializeSid
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumValueA
RegSetValueExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyA
CreateServiceW
RegEnumKeyExA
OpenServiceW
ControlService
DeleteService
CloseServiceHandle
QueryServiceStatus
StartServiceW
EnumDependentServicesW
CryptReleaseContext
CryptDestroyKey
CryptGenKey
CryptAcquireContextW
QueryServiceConfigW
RegOpenKeyExA
RegQueryValueExA
ChangeServiceConfig2W

netapi32

NetGetJoinInformation
DsGetDcNameW
NetApiBufferFree

kernel32

FormatMessageW
CreateMutexA
GetWindowsDirectoryW
GetProcessHeap
CloseHandle
FindAtomA
WriteFile
SetFilePointer
GetTempFileNameA
InterlockedIncrement
CreateFileW
GetModuleFileNameA
GetLocalTime
GetSystemWindowsDirectoryW
TlsGetValue
OpenSemaphoreW
TlsSetValue
LoadLibraryW
LoadLibraryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetSystemDefaultLangID
GetCurrentThreadId
HeapFree
FindNextFileA
InterlockedCompareExchange
AreFileApisANSI
QueryPerformanceCounter
GlobalAlloc
GetSystemDefaultLCID
InterlockedDecrement
OpenSemaphoreA
SetLastError
CreateThread
OpenEventW
LCMapStringW
GetVersionExA
SetCurrentDirectoryA
AddAtomA
GetTickCount
GetSystemDefaultUILanguage
HeapAlloc
WaitForSingleObjectEx
GetExitCodeThread
InitializeCriticalSection
GetCommandLineW
GetConsoleOutputCP
DeleteCriticalSection
GetCommandLineA
TlsAlloc
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
GetThreadLocale
GetLastError
HeapDestroy
GetPrivateProfileStringW
GetModuleHandleA
FindResourceExA
GetProcAddress
CreateFileA
FreeLibrary
MultiByteToWideChar
IsDebuggerPresent
lstrlenW
Sleep
SetEvent
CompareStringW
GetSystemDirectoryW
GetComputerNameExW
GetComputerNameW
WideCharToMultiByte
RemoveDirectoryW
CreateSemaphoreW
WaitForSingleObject
ResetEvent
CreateEventW
ReadFile
TlsFree
WritePrivateProfileStringW
InterlockedExchange
FindResourceExW
VirtualAlloc
SetCurrentDirectoryW
GetConsoleCP
lstrlenA
LocalAlloc
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
OpenMutexW
GetACP
FindFirstFileW
FindResourceA
CreateDirectoryW
PulseEvent
GetVersionExW
GetExitCodeProcess
CreateMutexW
CreateProcessW
LocalFree
GetAtomNameA
GetUserDefaultUILanguage
TerminateThread

ole32

OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

wsock32

MigrateWinsockConfiguration

msvcrt

strchr
fwscanf
strlen
_wfopen
wcschr
_except_handler3
iswspace
_wcsdup
_wtoi
wcsncat
_itow
wcsstr
_vsnwprintf
malloc
fclose
wcsncmp
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
memcpy
_onexit
?terminate@@YAXXZ
wcslen
__CxxFrameHandler
??1exception@@UAE@XZ
_purecall
?what@exception@@UBEPBDXZ
wcsrchr
wcscpy
wcscmp
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
swprintf
_snwprintf
memmove
free
wcscat
_wcsicmp

msvcp60

??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
??0bad_alloc@std@@QAE@ABV01@@Z

Sections

.text
Size: 111KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

555c3d0176c4b8b8b757294d6c07008c

Headers

DLL Characteristics

File Characteristics

Imports

shell32

setupapi

comctl32

rpcrt4

user32

gdi32

advapi32

netapi32

kernel32

ole32

wsock32

msvcrt

msvcp60

Sections

.text Size: 111KB - Virtual size: 108KB

.data Size: 204KB - Virtual size: 210KB

.bss Size: - Virtual size: 51KB

.tls Size: 1KB - Virtual size: 1KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 111KB - Virtual size: 108KB

.data
Size: 204KB - Virtual size: 210KB

.bss
Size: - Virtual size: 51KB

.tls
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 5KB - Virtual size: 4KB