0c749ad588b98fb31ad7582308d09d53[.]exe

General

Target

0c749ad588b98fb31ad7582308d09d53.exe
Size

168KB
MD5

0c749ad588b98fb31ad7582308d09d53
SHA1

2a5b6c0e47b4ee8a2f02c3b759f991a1806fb827
SHA256

44859cfca4b57e180e4ba3959cda0063cfaa22b3baee5fa4201a6be69d1d5e1f
SHA512

d52ef7bc08887e66f27caf8f92f6387d2bcf2130be5987b40028d8fce6cfa5fcffca3b7e3a2f0990cdcc0ffdd7ce98193545140391eee145f14b1270abd541bc
SSDEEP

3072:kfn0ATE98VbOROy3M0cc+qJoxvPVHiTcw6406cBdkTjF5uO/X05s:k8Ao98MIy3M0cc+qmxvNHiTcw67dkO8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c749ad588b98fb31ad7582308d09d53.exe

Files

0c749ad588b98fb31ad7582308d09d53.exe
.exe windows:4 windows x86 arch:x86

b79a65c1d83803692cec478298316e2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZClose
LZCopy
LZOpenFileA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegCloseKey

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

CloseHandle
InitializeCriticalSection
InterlockedIncrement
VirtualFree
AddAtomW
DisableThreadLibraryCalls
GetVolumeInformationA
GetLastError
CreateDirectoryA
DeleteCriticalSection
GetCurrentProcessId
GlobalUnlock
WideCharToMultiByte
VirtualAlloc
GetTempPathA
lstrlenA
GetVersionExA
Sleep
GetSystemTime
GetFileSize
GetSystemTimeAsFileTime
GetFileAttributesA
CreateMutexA
QueryPerformanceCounter
ReadFile
GetModuleFileNameA
CreateFileA
EnumResourceNamesA
SetFileAttributesA
GetTickCount
WriteFileGather
GetCurrentThreadId
GlobalFree
ReleaseMutex
CreateFileW
CopyFileA
GetModuleFileNameW
DeleteFileA
LocalFree
MultiByteToWideChar
DeviceIoControl
WaitForSingleObject
InterlockedDecrement
GetTempFileNameA
LocalAlloc
GlobalLock
SetFilePointer
FreeLibrary

Sections

.text
Size: 90KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b79a65c1d83803692cec478298316e2b

Headers

File Characteristics

Imports

lz32

advapi32

setupapi

kernel32

Sections

.text Size: 90KB - Virtual size: 485KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 75KB - Virtual size: 74KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 90KB - Virtual size: 485KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 75KB - Virtual size: 74KB

.rsrc
Size: 512B - Virtual size: 4KB