0dc70c5b250ccc675773a149070a51487a21bce65394d227b78ae017f84ed1ef

Sharing

Copy URL Twitter E-mail

General

Target

0dc70c5b250ccc675773a149070a51487a21bce65394d227b78ae017f84ed1ef
Size

572KB
MD5

ae9257d3623e81adb0742361424c8f0e
SHA1

79c05028cd2103f605f98413d5d748c69e34021b
SHA256

0dc70c5b250ccc675773a149070a51487a21bce65394d227b78ae017f84ed1ef
SHA512

cc2842d9a73ffe582ef36ee1639ca9124960061544ac8ade91aceda8ab1779ed6cbf1ac8244c4cf268be3959035d9d6ba8fd2bd1c082098b7a1a609011dba6b1
SSDEEP

12288:mYRoak2i0ODFfKZdUNFrJ8B6klbnrNkj8:WagDlKZGFrJ8B6kBnxY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc70c5b250ccc675773a149070a51487a21bce65394d227b78ae017f84ed1ef

Files

0dc70c5b250ccc675773a149070a51487a21bce65394d227b78ae017f84ed1ef
.exe windows:4 windows x86 arch:x86

6e1c6ec3ae457ee5bd5be3772d207fe0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

DeleteCriticalSection
SetEvent
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GetWindowsDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
InterlockedDecrement
GetCurrentProcessId
InterlockedExchange
SetLastError
GetCurrentProcess
InterlockedIncrement
GetCurrentThreadId
RaiseException
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
LoadLibraryA
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
SetEndOfFile
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetOEMCP
IsValidCodePage
HeapCreate
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetFullPathNameA
GetCurrentDirectoryA
FlushFileBuffers
SetFilePointer
GetVersionExW
GetSystemDirectoryW
GetModuleHandleW
MultiByteToWideChar
lstrlenA
FindClose
CreateEventW
Sleep
WideCharToMultiByte
lstrlenW
GetLastError
CreateDirectoryW
GetFileAttributesW
GetExitCodeProcess
WaitForSingleObject
WriteFile
ReadFile
CreateFileW
LockResource
SizeofResource
FindResourceW
Process32NextW
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
ProcessIdToSessionId
FindResourceExW
GetModuleFileNameW
OpenProcess
LoadResource
CreateToolhelp32Snapshot
Process32FirstW
HeapAlloc
HeapDestroy
GetVersionExA
GetStringTypeA

user32

UnregisterClassA

advapi32

OpenProcessToken
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyW

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx

shlwapi

PathFileExistsW
StrToIntW

ws2_32

WSACleanup
WSAStartup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
WSASetLastError
freeaddrinfo
getaddrinfo
__WSAFDIsSet
select
ioctlsocket

Sections

.text
Size: 260KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6e1c6ec3ae457ee5bd5be3772d207fe0

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

Sections

.text Size: 260KB - Virtual size: 256KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 244KB - Virtual size: 244KB

.text
Size: 260KB - Virtual size: 256KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 244KB - Virtual size: 244KB