cd462a54de5ca432db3ecb0deaac0dae

Sharing

Copy URL Twitter E-mail

General

Target

cd462a54de5ca432db3ecb0deaac0dae
Size

517KB
MD5

cd462a54de5ca432db3ecb0deaac0dae
SHA1

e41ce2436f3038bc05aa5f073d441d07b5af6652
SHA256

46c89fc0833f1d8a619bd1fb81f3f0a6d30bf70b96dcd2e9b23f4fe3f2c028d4
SHA512

d386c8624a0771619e25e5bb741209c038858939df67835b19674dd3cc0b42a57c94814ea2d6b0d152484d7f8dfe7a2ede7d8cb68f3466e1f9048b7e4c39e5b0
SSDEEP

12288:3gr+vQmWTpYrPyok9zi9qvP3DCFF/qXgLnilA:30+OTpYrw9zwgfCv+lA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd462a54de5ca432db3ecb0deaac0dae

Files

cd462a54de5ca432db3ecb0deaac0dae
.exe windows:4 windows x86 arch:x86

a5f7194357b955f415d025e3fe8e969c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dotpz\aooio.PDB

Imports

kernel32

SetUnhandledExceptionFilter
GetFileType
HeapSize
HeapDestroy
GetOEMCP
CloseHandle
VirtualQuery
IsValidCodePage
TlsFree
InterlockedIncrement
SetStdHandle
WideCharToMultiByte
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
GetModuleHandleW
GetLocaleInfoA
EnterCriticalSection
HeapCreate
CompareStringA
GetConsoleOutputCP
WriteFile
IsDebuggerPresent
GetStringTypeW
InterlockedDecrement
TlsSetValue
LeaveCriticalSection
GetCommandLineW
GetTimeZoneInformation
GetCommandLineA
GetStringTypeA
FreeEnvironmentStringsW
ExitProcess
GetConsoleMode
UnhandledExceptionFilter
GetCurrentThreadId
TlsAlloc
LoadLibraryA
GetConsoleCP
HeapAlloc
GetCurrentThread
GetCurrentProcessId
GetUserDefaultLCID
SetConsoleCtrlHandler
DeleteCriticalSection
GetStartupInfoW
LCMapStringA
OpenMutexA
GetStdHandle
RtlUnwind
IsValidLocale
GetDateFormatA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
CreateMutexA
HeapFree
GetModuleFileNameW
QueryPerformanceCounter
WriteConsoleW
FreeLibrary
GetTimeFormatA
MultiByteToWideChar
GetEnvironmentStringsW
WriteConsoleA
InterlockedExchange
SetLastError
GetCurrentProcess
ReadFile
GetACP
VirtualAlloc
FlushFileBuffers
GetLastError
HeapReAlloc
SetEnvironmentVariableA
CreateFileA
SetFilePointer
SetHandleCount
GetProcAddress
VirtualFree
lstrcmpiA
Sleep
EnumSystemLocalesA
TlsGetValue
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
TerminateProcess
GetTickCount

comctl32

InitCommonControlsEx

shell32

SHGetDesktopFolder
SHGetFileInfo
SHGetSettings
CommandLineToArgvW
DragQueryPoint

advapi32

CryptEnumProvidersW
RegQueryInfoKeyA
RegConnectRegistryA
LookupAccountSidW
RegEnumValueA
RegCreateKeyW
LogonUserW
RegOpenKeyExA
CryptHashSessionKey
RegRestoreKeyA
CryptVerifySignatureA
RegSaveKeyW
CryptEncrypt
InitiateSystemShutdownW
RegRestoreKeyW
CryptSetHashParam
RegQueryValueExA
RegConnectRegistryW
RegDeleteKeyW
CryptSetProviderA
RegDeleteValueA
RegSetValueExW
CryptSignHashW
RegReplaceKeyA
RegQueryMultipleValuesW

comdlg32

GetOpenFileNameA
ReplaceTextA

user32

MessageBoxExW
RegisterClassExA
IsZoomed
GetScrollInfo
CreatePopupMenu
GetPriorityClipboardFormat
RegisterClassA
ExcludeUpdateRgn
IsDlgButtonChecked
ToUnicodeEx
ToAscii
CopyAcceleratorTableA
GetWindowDC
GetWindowPlacement
GetAltTabInfo
CharUpperW

Sections

.text
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5f7194357b955f415d025e3fe8e969c

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

shell32

advapi32

comdlg32

user32

Sections

.text Size: 341KB - Virtual size: 340KB

.rdata Size: 41KB - Virtual size: 50KB

.data Size: 105KB - Virtual size: 104KB

.rsrc Size: 29KB - Virtual size: 29KB

.text
Size: 341KB - Virtual size: 340KB

.rdata
Size: 41KB - Virtual size: 50KB

.data
Size: 105KB - Virtual size: 104KB

.rsrc
Size: 29KB - Virtual size: 29KB