0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f

Sharing

Copy URL Twitter E-mail

General

Target

0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f
Size

923KB
MD5

f8f7eced1411d76e2a0319151ecf80b7
SHA1

3c5f4caf1a9d08d939a7d31f5ddb232806746b56
SHA256

0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f
SHA512

51f9c749f4f50b45cef60f4b8a5eb1c5080b69c7dc70405f8b9b39c291453b2b53c9068bca3ebd69a14b68223206a9ff439d1d852c9aea3bcbabd5586935cafb
SSDEEP

12288:lnGOqRToBFZ4oK28WUhiS6sHJpiJ9R19DUVF/7u3Wl:RYoOoTgHq/R19Af/74W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f

Files

0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f
.exe windows:6 windows x64 arch:x64

24692e6d205126e7320227c07246ca7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

DefWindowProcW
PostQuitMessage
DispatchMessageW
GetMessageW
CreateWindowExW
RegisterClassW

kernel32

GetOEMCP
GetFileAttributesW
DeleteFileW
Sleep
GetCPInfo
GetCommandLineA
GetCommandLineW
GetStringTypeW
GetProcessHeap
HeapSize
GetEnvironmentVariableA
FlushFileBuffers
GetLastError
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
GetFileSize
ReadFile
ResumeThread
WaitForSingleObject
GetExitCodeThread
SwitchToThread
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
CreatePipe
GetCurrentDirectoryW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
DuplicateHandle
GetConsoleScreenBufferInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetConsoleOutputCP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
TryEnterCriticalSection
LoadLibraryA
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
GetEnvironmentVariableW
CreateProcessW
GetStdHandle
GetHandleInformation
SetHandleInformation
FormatMessageW
LocalFree
CreateSemaphoreA
ReleaseSemaphore
VirtualAlloc
VirtualFree
RtlCaptureContext
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetCurrentProcessId
GetModuleHandleA
lstrlenW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
SetEvent
CreateEventW
OpenThread
TerminateThread
SuspendThread
GetThreadContext
GetModuleHandleExW
VerSetConditionMask
VerifyVersionInfoW
FreeLibraryAndExitThread
GetSystemTimeAsFileTime
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
SetStdHandle
GetFileType
CreateThread
ExitThread
WriteConsoleW
SetFilePointerEx
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
HeapReAlloc
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetEndOfFile
GetFileSizeEx
FindFirstFileExW
IsValidCodePage
GetACP

advapi32

RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey

Sections

.text
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._deh
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24692e6d205126e7320227c07246ca7c

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 663KB - Virtual size: 663KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 143KB - Virtual size: 150KB

.pdata Size: 35KB - Virtual size: 35KB

._deh Size: 5KB - Virtual size: 5KB

.minfo Size: 1024B - Virtual size: 624B

.dp Size: 1024B - Virtual size: 552B

.tp Size: 512B - Virtual size: 112B

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 663KB - Virtual size: 663KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 143KB - Virtual size: 150KB

.pdata
Size: 35KB - Virtual size: 35KB

._deh
Size: 5KB - Virtual size: 5KB

.minfo
Size: 1024B - Virtual size: 624B

.dp
Size: 1024B - Virtual size: 552B

.tp
Size: 512B - Virtual size: 112B

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 11KB - Virtual size: 10KB