0f0af277c3d9c4fb36d16cf05f210907

Sharing

Copy URL Twitter E-mail

General

Target

0f0af277c3d9c4fb36d16cf05f210907
Size

108KB
MD5

0f0af277c3d9c4fb36d16cf05f210907
SHA1

0f0b0499230227816d947e49d36b96f073e784c3
SHA256

67218fe00832b96e86316d7ff1c82352d56b2fa74490682e1ff910c03e660059
SHA512

f81d12d031edc1ec89dabf05d94cc53a816eb56f5c86a00c2e07f097816fb1478a8893dabd6dfe88992137b8a392aa3fd782dd5e07e14b444f425c591ce2c8c5
SSDEEP

1536:Dx87MXAxdnnPkp2yWiyKqfViTwx2JMkMWTusb3+TO1oElPKsW:DxRqdnPkMiyK6qMkMgoElPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f0af277c3d9c4fb36d16cf05f210907

Files

0f0af277c3d9c4fb36d16cf05f210907
.dll windows:4 windows x86 arch:x86

173231b16de7ce82e974016f322a8d07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
CreateMutexA
GlobalUnlock
GlobalLock
GetModuleFileNameA
CloseHandle
CreateThread
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
VirtualFree
VirtualAlloc
Sleep
GetCurrentProcessId
CreateEventA
DisconnectNamedPipe
WriteFile
WaitForMultipleObjects
WaitNamedPipeA
GetLastError
CreateFileA
SetEvent
GetModuleHandleA
FindClose
DisableThreadLibraryCalls
FindFirstFileA
GetWindowsDirectoryA
GetSystemTimeAdjustment
GetSystemTime
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
GetStringTypeW
WaitForSingleObject
FindNextFileA
ReleaseMutex
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
RaiseException
GetTimeZoneInformation
GetLocalTime
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
IsBadWritePtr
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

GetAncestor
RegisterWindowMessageA
SendMessageTimeoutA
SendMessageA
GetWindowTextA
GetWindowTextLengthW
GetParent
CallWindowProcW
IsWindowVisible
IsWindowEnabled
EnumChildWindows
GetWindowTextW
GetWindowLongA
OpenClipboard
GetClipboardData
CloseClipboard
GetClassNameA
SetWindowsHookExW
CallNextHookEx
GetForegroundWindow

advapi32

GetTokenInformation
OpenProcessToken

oleaut32

SysAllocStringByteLen
SysFreeString

Exports

Exports

hk_start

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

173231b16de7ce82e974016f322a8d07

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 13KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 13KB

.reloc
Size: 8KB - Virtual size: 4KB