e0d2f5c137b852ddcb394bae9ee88e94

Sharing

Copy URL Twitter E-mail

General

Target

e0d2f5c137b852ddcb394bae9ee88e94
Size

445KB
MD5

e0d2f5c137b852ddcb394bae9ee88e94
SHA1

8deb67cfd4e826b7687a0ccf8f15de4c66b27ac2
SHA256

ccffb7a6feaac7f28a30f2984edb591ede56303098c33d13d5d4bfdceb48652e
SHA512

7c290f8eefae6d8ef2591422557752508ec778cd7a404cc588b6acfd8e692810299bbacef76467019834012f88fa92bbd8d0c01389366cd3684b54ac26869eae
SSDEEP

6144:GLFKc2T2lBBHn31tomjLcXydhavht5OwOOA6vrfv5rzoOIwVMiIkSsffF3p:eKcEUomjqydhaP5OoTrv5YObjSsn/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0d2f5c137b852ddcb394bae9ee88e94

Files

e0d2f5c137b852ddcb394bae9ee88e94
.exe windows:4 windows x86 arch:x86

0d301ab80d4a35cb92ae168a0fcf6ef8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptVerifySignatureW
CryptHashData
CryptSetProviderExW
RegQueryMultipleValuesA
RegOpenKeyW
GetUserNameA
RegEnumValueA
LookupSecurityDescriptorPartsA
LookupPrivilegeDisplayNameW
CryptExportKey
LookupPrivilegeValueA

user32

RegisterClassExA
GetKeyboardLayoutList
CreateCaret
DdeQueryStringA
SetProcessWindowStation
WindowFromDC
GetClassInfoA
ChangeMenuW
SendNotifyMessageW
MapVirtualKeyW
RegisterClassA

kernel32

WriteConsoleOutputCharacterW
CompareStringA
GetCurrentThreadId
GetTimeZoneInformation
GetProcAddress
TlsAlloc
GetEnvironmentStrings
GetModuleFileNameA
SetStdHandle
GetLastError
InitializeCriticalSection
SetFilePointer
GetCPInfo
LoadLibraryA
HeapDestroy
GetCurrentThread
RtlUnwind
EnterCriticalSection
SetEnvironmentVariableA
DebugActiveProcess
TlsGetValue
CloseHandle
DeleteCriticalSection
HeapReAlloc
FileTimeToSystemTime
VirtualAlloc
GetTickCount
GetCommandLineA
VirtualFree
UnhandledExceptionFilter
GlobalUnfix
ExitProcess
GetCurrentProcessId
GetVersion
TlsFree
HeapFree
TerminateProcess
SetHandleCount
GetSystemTimeAsFileTime
FlushFileBuffers
GetVersionExA
GlobalAddAtomA
MultiByteToWideChar
GetFileType
GetStartupInfoA
InterlockedDecrement
FreeEnvironmentStringsA
SetLastError
LeaveCriticalSection
TlsSetValue
CompareStringW
HeapValidate
HeapCreate
InterlockedIncrement
IsBadWritePtr
lstrcpynA
FreeEnvironmentStringsW
CreateMutexA
LocalFree
GetLocalTime
LCMapStringW
VirtualQuery
GetStringTypeA
GetEnvironmentStringsW
LoadLibraryExA
GetStringTypeW
GetModuleHandleA
OpenMutexA
GetSystemTime
WriteConsoleOutputAttribute
SetCurrentDirectoryW
GetStdHandle
LCMapStringA
WideCharToMultiByte
lstrcpy
GetOEMCP
InterlockedExchange
GetCurrentProcess
HeapAlloc
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetACP
WriteFile
SetEnvironmentVariableW
ConnectNamedPipe
SetThreadAffinityMask
GetPriorityClass
ReadFile

comctl32

InitCommonControlsEx

wininet

CreateUrlCacheGroup
InternetSetOptionA
FtpCommandW
InternetSecurityProtocolToStringW
InternetTimeFromSystemTime
InternetFindNextFileW

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d301ab80d4a35cb92ae168a0fcf6ef8

Headers

File Characteristics

Imports

advapi32

user32

kernel32

comctl32

wininet

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 4KB - Virtual size: 14KB

.data Size: 311KB - Virtual size: 310KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 4KB - Virtual size: 14KB

.data
Size: 311KB - Virtual size: 310KB

.rsrc
Size: 5KB - Virtual size: 4KB