8ecd174e38cdf179af528142166c021e

Sharing

Copy URL Twitter E-mail

General

Target

8ecd174e38cdf179af528142166c021e
Size

272KB
MD5

8ecd174e38cdf179af528142166c021e
SHA1

eef9cf2c4be343773e293bb1cf87fdf07b648bb5
SHA256

3b920e9e8e59bb3db9eb8184d516ba718b1581c85e03afb8657e1aa863c0a2cd
SHA512

6fef8bff5a8bbd4f2d5669a31a634ff32aed51c151d18529ecad0381a4cb32f9f0f92269f11fb4374b168aac80809cb9df95e13e223838f05249f5d99ceded0c
SSDEEP

3072:6YQMaWytGBBsaeqrA3r5hqTd9O8sPsxcqadMVVbDee3eAseyUBccRDA9/wM73Udi:8MZyk3Jg5u7QPsrCoLsWpRhM73UHC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ecd174e38cdf179af528142166c021e

Files

8ecd174e38cdf179af528142166c021e
.exe windows:4 windows x86 arch:x86

587e92208c9e84e7a4609ee8ac8aa97d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\rrkecek\ozrmtxov.pdb

Imports

user32

WindowFromPoint
IsCharAlphaA
AdjustWindowRect
LoadStringW
GetKeyboardLayoutNameW
TranslateMessage
PostThreadMessageA
OemToCharA
IsDialogMessageA
UnhookWindowsHook
LoadCursorFromFileW
GetMonitorInfoW
IsMenu
SetCapture
SetWindowTextA
InvertRect
OpenClipboard
IsWindowUnicode
UnloadKeyboardLayout
EndTask
SendMessageA
RegisterClassA
CloseClipboard
DdeAccessData
CharToOemBuffW
GetMenuInfo
GetCaretPos
CreateIconIndirect
GetKeyboardLayout
WaitForInputIdle
GetThreadDesktop
TranslateAccelerator
EndMenu
SetTimer
EnumDesktopsW
DdeReconnect
WindowFromDC
CopyIcon
RegisterClassExA
GetWindowInfo
TabbedTextOutW
ArrangeIconicWindows
GetKeyNameTextA
DestroyAcceleratorTable
GetListBoxInfo
ChangeDisplaySettingsA
OpenWindowStationA
SubtractRect
SetCaretBlinkTime
GetAncestor
SwapMouseButton
ChildWindowFromPointEx
SetActiveWindow
RegisterClassW
DdePostAdvise
DrawTextW
MessageBoxIndirectA

comctl32

ImageList_DragLeave
InitCommonControlsEx
ImageList_DragShowNolock
ImageList_Remove

kernel32

CreateFileA
CreateNamedPipeW
OpenMutexA
GetTimeFormatA
GetVolumeInformationW
CreateProcessW
WriteProfileSectionW
CommConfigDialogA
LCMapStringA
SetEnvironmentVariableA
HeapReAlloc
LocalUnlock
ReadFile
OpenWaitableTimerA
WaitNamedPipeA
HeapFree
GetDriveTypeA
GetTickCount
GetCurrentProcess
SetSystemTime
WritePrivateProfileSectionA
GetSystemTimeAsFileTime
IsValidCodePage
GetConsoleCP
EnumResourceNamesA
CompareStringA
GetSystemInfo
LoadLibraryA
GetModuleHandleA
ExitProcess
CreateFileW
FreeEnvironmentStringsW
CompareFileTime
GetUserDefaultLCID
TerminateProcess
ExitThread
SetEnvironmentVariableW
GetModuleFileNameA
UnhandledExceptionFilter
CreateMutexW
SetCurrentDirectoryA
GetDiskFreeSpaceA
TlsSetValue
LocalSize
GetDateFormatA
CreateFileMappingA
GlobalFindAtomW
SetLastError
TransactNamedPipe
EnumResourceNamesW
SetConsoleMode
InitializeCriticalSection
ReadConsoleOutputA
VirtualFree
GetShortPathNameW
TlsFree
GetFileSize
TlsGetValue
SetEvent
LCMapStringW
GetFullPathNameW
FindNextChangeNotification
ReadConsoleOutputW
FreeResource
GetOEMCP
VirtualProtect
HeapDestroy
GetPrivateProfileStructA
GlobalFree
FormatMessageA
RtlUnwind
CompareStringW
ReadConsoleInputW
GetCurrentThreadId
FillConsoleOutputCharacterW
GetFileAttributesExW
VirtualAlloc
SetStdHandle
EnterCriticalSection
WritePrivateProfileStructW
GetLogicalDriveStringsA
GetCurrentThread
EnumSystemLocalesA
EnumDateFormatsW
GetStringTypeW
GetCompressedFileSizeA
OpenFileMappingA
GetConsoleOutputCP
VirtualQuery
TlsAlloc
FindAtomA
GetProfileIntW
GetThreadPriority
CreateEventA
GetACP
GetTimeZoneInformation
GetCommandLineA
CloseHandle
SetHandleCount
InterlockedExchange
GetPrivateProfileStringA
GetStdHandle
HeapCreate
GetLastError
GetStartupInfoA
GetEnvironmentStrings
HeapSize
GetProfileSectionW
GetLocaleInfoW
FreeEnvironmentStringsA
QueryPerformanceCounter
HeapAlloc
GetTempPathA
SetFileTime
GetStartupInfoW
FlushInstructionCache
lstrcatW
GetCurrentProcessId
SetFilePointer
GetVersionExA
GetProcAddress
GetFileType
LeaveCriticalSection
IsBadReadPtr
OpenWaitableTimerW
GetCPInfo
CreateMutexA
FlushFileBuffers
IsBadWritePtr
CreateSemaphoreA
GetLocaleInfoA
DeleteFileW
MultiByteToWideChar
DeleteCriticalSection
GetEnvironmentStringsW
GetThreadTimes
GetModuleHandleW
WideCharToMultiByte
WriteFile
IsValidLocale
GetModuleFileNameW
EnumTimeFormatsW
GetStringTypeA
GetCommandLineW

wininet

FtpGetCurrentDirectoryA
InternetWriteFileExW
InternetCrackUrlA
InternetTimeFromSystemTime
InternetGetCookieW
FtpDeleteFileA
InternetCombineUrlW
FtpPutFileEx
GopherGetAttributeA

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

587e92208c9e84e7a4609ee8ac8aa97d

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

kernel32

wininet

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 92KB - Virtual size: 109KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 92KB - Virtual size: 109KB

.rsrc
Size: 20KB - Virtual size: 16KB