79c2a5b2354ae5491113801b47fb1f6f

Sharing

Copy URL Twitter E-mail

General

Target

79c2a5b2354ae5491113801b47fb1f6f
Size

548KB
MD5

79c2a5b2354ae5491113801b47fb1f6f
SHA1

cdd81ccff5e382f9a15ef3cedcf5ac0288298394
SHA256

172484b1bb0b36e189a7b99756c053e2ed3b5b5b7c78ced096053b77ede8f7d6
SHA512

4b42ee92bcff7a470ac64bdae4a44f85816987e2050c2ceca49fbbcc1f996eb9e0b831aad605ff59a8be0fcdabb38f887ba45b4877205d81249f9a92fedf9b8e
SSDEEP

12288:3nuSVsg9dXjp1Fm/i8WHUBugh6myhVU3ab:3nn6gPXjp1pHUDhuhVU3a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79c2a5b2354ae5491113801b47fb1f6f

Files

79c2a5b2354ae5491113801b47fb1f6f
.exe windows:4 windows x86 arch:x86

dc16052f56c22ef003d85424931f5431

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ofecgnctp\efowhvc\seexvo\oncal.pdb

Imports

user32

GetClipCursor
SetCapture
SetCaretPos
GetDlgItemTextW
InsertMenuA
DrawTextW
ShowCursor
DdeKeepStringHandle
LoadStringA
CopyAcceleratorTableA
GetClassInfoW
LoadCursorW
ExcludeUpdateRgn
CallWindowProcA
GetAncestor
DdeCreateStringHandleA
LoadKeyboardLayoutW
CallMsgFilterW
DefFrameProcA
GetWindowWord
EnumChildWindows
OpenDesktopA
DdeFreeDataHandle
CreateMenu
CountClipboardFormats
SetWindowsHookExW
IsDialogMessageW
BringWindowToTop
IsIconic
FlashWindow
SetScrollRange
SendMessageTimeoutW
DrawTextExA
SetDlgItemTextW
BroadcastSystemMessageA
GetSubMenu
CascadeChildWindows
IsCharAlphaNumericA
RegisterClassExA
GetKeyboardLayout
SendDlgItemMessageW
RegisterClassA
SetWindowsHookW
EnableMenuItem
DdeReconnect
LoadCursorFromFileA
VkKeyScanW
GetClipboardOwner
CharNextW
EndPaint
DdeInitializeW
CallMsgFilterA
GetKeyboardLayoutNameW
ChangeMenuW

kernel32

SetThreadIdealProcessor
SetConsoleTitleA
HeapFree
GetLastError
GlobalLock
lstrcpynW
GetModuleHandleA
GetSystemTimeAdjustment
GetLogicalDriveStringsA
GetLongPathNameA
GetCommandLineA
VirtualProtect
IsValidLocale
GetEnvironmentStrings
GetCurrentProcess
OpenEventA
GetConsoleTitleA
GetSystemDirectoryW
GetUserDefaultLCID
DeleteFileA
GetNumberFormatW
GetTimeZoneInformation
GetCurrentThread
VirtualAlloc
GetExitCodeProcess
TlsSetValue
ConvertDefaultLocale
CompareStringA
CreateMutexA
CreateMailslotA
HeapCreate
GetStringTypeA
HeapSize
GetStdHandle
EnumDateFormatsExW
ExitProcess
GetStringTypeExA
DeleteCriticalSection
SetFilePointer
TerminateThread
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
LoadLibraryExW
TlsFree
SetHandleCount
WritePrivateProfileStringW
SetLastError
EnumSystemLocalesA
SetThreadPriority
SetVolumeLabelA
VirtualFree
CreateFileMappingA
ReadFile
OpenMutexA
GetProcessHeap
GetEnvironmentStringsA
GetProcessHeaps
LCMapStringW
EnumCalendarInfoA
FreeEnvironmentStringsA
SetThreadAffinityMask
FindFirstFileExA
GetPrivateProfileIntA
OpenSemaphoreA
EnumResourceTypesA
GetACP
lstrlenW
FreeLibraryAndExitThread
GetCurrentProcessId
GetDateFormatA
GetSystemTimeAsFileTime
GetNumberFormatA
VirtualQuery
GetComputerNameA
GetProcAddress
GetPrivateProfileSectionNamesA
HeapAlloc
VirtualUnlock
FileTimeToSystemTime
FormatMessageA
WriteConsoleOutputCharacterW
GetTickCount
LocalFileTimeToFileTime
LocalUnlock
DebugActiveProcess
CompareStringW
FindClose
GetCPInfo
WriteProfileStringW
GetFullPathNameW
SetCurrentDirectoryW
QueryPerformanceCounter
GetTimeFormatA
GetExitCodeThread
LeaveCriticalSection
FlushFileBuffers
SetFileTime
CloseHandle
GetLocaleInfoW
TlsGetValue
GetLocaleInfoA
RaiseException
SetConsoleTitleW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetStdHandle
GetModuleFileNameA
GetTempPathA
TerminateProcess
RemoveDirectoryA
TlsAlloc
LoadModule
SetEnvironmentVariableA
GetCurrentThreadId
LoadLibraryA
GetCommandLineW
OpenWaitableTimerA
LCMapStringA
GetFileType
GlobalUnfix
HeapReAlloc
GetStringTypeW
GetStartupInfoA
RtlUnwind
TryEnterCriticalSection
WriteFile
GetWindowsDirectoryW
FlushInstructionCache
GlobalFlags
HeapDestroy
IsValidCodePage
GetUserDefaultLangID
InitializeCriticalSection
FillConsoleOutputCharacterA
InterlockedExchange
FreeEnvironmentStringsW
EnterCriticalSection
GetSystemInfo
GetOEMCP
IsBadWritePtr
EnumDateFormatsW

comctl32

ImageList_EndDrag
ImageList_SetImageCount
ImageList_DragShowNolock
ImageList_Copy
ImageList_LoadImageA
DrawStatusTextA
CreateUpDownControl
ImageList_GetBkColor
DrawInsert
GetEffectiveClientRect
ImageList_Write
ImageList_AddIcon
ImageList_Merge
ImageList_DrawIndirect
ImageList_DragMove
ImageList_ReplaceIcon
CreateStatusWindowA
ImageList_LoadImage
ImageList_DrawEx
InitCommonControlsEx

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc16052f56c22ef003d85424931f5431

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 248KB - Virtual size: 245KB

.data Size: 120KB - Virtual size: 130KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 248KB - Virtual size: 245KB

.data
Size: 120KB - Virtual size: 130KB

.rsrc
Size: 12KB - Virtual size: 11KB