0f5d1fffc094836c2e268d2fdf6f7eb2

Sharing

Copy URL

Twitter E-mail

General

Target

0f5d1fffc094836c2e268d2fdf6f7eb2
Size

344KB
MD5

0f5d1fffc094836c2e268d2fdf6f7eb2
SHA1

532d5a014f2de82f229ef264afdfeaad8a8db3e6
SHA256

bda14f5a60d3068805b6690709a5c973e18f3aad9edd58e857121bf4832cf214
SHA512

6120e1619c458e5bb5a535b13fb24b0af8016e736fa5aad121921ea26115d195993e94212713cc08b64f6937cff134adfaa3f8faebd3fc977ec77c18d689e2b1
SSDEEP

6144:80w7hvkbxbsSpUjfh9h9CLFsxVyTxAGNIvooPLDpbwLRsu/2toEfIWMyWv8C4AGb:3w7qxxpUrhj9Wsxq3NIv7PLpwNsu/2o4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f5d1fffc094836c2e268d2fdf6f7eb2

Files

0f5d1fffc094836c2e268d2fdf6f7eb2
.exe windows:4 windows x86 arch:x86

f8938527f9787afb9be995914c71e505

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
UnhandledExceptionFilter
VirtualQuery
HeapDestroy
ReadFile
FreeEnvironmentStringsW
GetStartupInfoA
GetVersion
MultiByteToWideChar
GetStringTypeA
GetFileType
GetEnvironmentStrings
DeleteCriticalSection
InterlockedDecrement
ExitProcess
GetOEMCP
VirtualAlloc
GetCurrentProcess
GetStringTypeW
WideCharToMultiByte
GetCommandLineA
IsBadWritePtr
TlsFree
HeapFree
GetModuleFileNameA
SetHandleCount
WriteFile
TerminateProcess
GetLastError
HeapAlloc
GetProcAddress
InterlockedIncrement
HeapCreate
SetStdHandle
SetEnvironmentVariableA
QueryPerformanceCounter
LocalUnlock
GetSystemTimeAsFileTime
EnterCriticalSection
OpenMutexA
CreateMutexA
GetSystemTime
InitializeCriticalSection
GetLocalTime
GetCurrentThread
RtlUnwind
LCMapStringW
SetLastError
GetCurrentThreadId
LeaveCriticalSection
CloseHandle
GetTimeZoneInformation
GetModuleHandleA
CompareStringA
TlsAlloc
GetCurrentProcessId
GetCPInfo
FlushFileBuffers
SetFilePointer
GetACP
LoadLibraryA
CompareStringW
TlsGetValue
HeapReAlloc
LCMapStringA
GetEnvironmentStringsW
GetStdHandle
VirtualFree
InterlockedExchange
TlsSetValue
FreeEnvironmentStringsA

user32

RegisterClassExA
PostMessageW
GetOpenClipboardWindow
GetActiveWindow
SetRectEmpty
RegisterClassA
DestroyWindow
TranslateAcceleratorW
SendMessageA
IsCharLowerW
ToUnicode
CountClipboardFormats
SetWindowLongW
CreateMDIWindowW
SetWindowTextW
DrawTextW

gdi32

GetNearestColor
SetBoundsRect
GetPolyFillMode
SetTextCharacterExtra
GetColorSpace
GetColorAdjustment

comctl32

InitCommonControlsEx

shell32

SHGetSpecialFolderPathA
SHEmptyRecycleBinA
SHChangeNotify
ShellExecuteExW
SHFileOperation

advapi32

LookupAccountNameW
CryptEncrypt
CryptGetHashParam
RegQueryMultipleValuesA
RegQueryMultipleValuesW
GetUserNameA
RegLoadKeyW
CryptGetDefaultProviderA
LogonUserW
RegSaveKeyA
RegQueryInfoKeyA
RegConnectRegistryA
RegEnumKeyW
CryptSignHashW
RegSaveKeyW
LookupAccountSidA
RegNotifyChangeKeyValue
CryptDuplicateHash
RegOpenKeyA

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8938527f9787afb9be995914c71e505

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

shell32

advapi32

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 4KB - Virtual size: 23KB

.data Size: 147KB - Virtual size: 147KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 4KB - Virtual size: 23KB

.data
Size: 147KB - Virtual size: 147KB

.rsrc
Size: 11KB - Virtual size: 11KB