0adb0306abf81d1bad0bfdf2389b1cd92012b11f62d6209adc04be6e1ae78cd4

Sharing

Copy URL

Twitter E-mail

General

Target

0adb0306abf81d1bad0bfdf2389b1cd92012b11f62d6209adc04be6e1ae78cd4
Size

19.6MB
MD5

e439f8bb83592282b061c58941823f2a
SHA1

3ab837c9a7dfe35c3f3e4c3d29c41b3915ab1a68
SHA256

0adb0306abf81d1bad0bfdf2389b1cd92012b11f62d6209adc04be6e1ae78cd4
SHA512

bb652e5e26b0fe1ddf162668d5cdf3a8f79dc4cea1a26d1b8765f2db97d41844d73e7409e1babaa32b1d1f765807a33ddcde0fccc82efb07642126177998d051
SSDEEP

393216:9U0swOiZOQbD+HmVH0qpzazEpFzlBm4pOsv5B9DcgYzxlyOSZl:9rsO3+GVUqQzyzl/Hv5BagECl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/App_02029.exe

Files

0adb0306abf81d1bad0bfdf2389b1cd92012b11f62d6209adc04be6e1ae78cd4
.zip
App_02029.exe
.exe windows:6 windows x86 arch:x86

0e9db4a7a0b10d50a1e6f95dff8c5947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleExW
GetLastError
Sleep
SignalObjectAndWait
VerSetConditionMask
CreateDirectoryW
MultiByteToWideChar
HeapFree
IsProcessorFeaturePresent
FindNextFileW
QueryPerformanceFrequency
GetFileSize
ReadFile
QueryPerformanceCounter
GetStdHandle
CompareStringW
CloseHandle
InitializeCriticalSectionAndSpinCount
ExitThread
FreeEnvironmentStringsW
FindFirstFileW
GetFileAttributesW
lstrlenA
ReadConsoleW
GetTimeFormatW
DeleteTimerQueueTimer
SetFilePointer
EnumSystemLocalesW
GetConsoleOutputCP
FileTimeToLocalFileTime
GetTimeZoneInformation
GetFileSizeEx
ExitProcess
RtlUnwind
GetStringTypeW
GetDateFormatW
GetFullPathNameW
SetFileAttributesW
GetFileInformationByHandle
SetFileTime
GetNumaHighestNodeNumber
GetThreadTimes
SetFilePointerEx
GetSystemTimeAsFileTime
DeleteFileW
InterlockedFlushSList
CreateTimerQueue
CompareFileTime
GetConsoleMode
FindClose
CreateEventW
GetDriveTypeW
GetOEMCP
IsValidLocale
EncodePointer
ResetEvent
GetProcessHeap
WaitForSingleObjectEx
GetStartupInfoW
SwitchToThread
SetThreadAffinityMask
GetModuleHandleW
MoveFileExW
GetCurrentDirectoryW
HeapAlloc
CreateThread
AcquireSRWLockExclusive
GetCommandLineW
EnterCriticalSection
RaiseException
UnregisterWaitEx
DuplicateHandle
GetVersionExW
GlobalLock
GetEnvironmentStringsW
GetThreadPriority
GetSystemDirectoryW
FreeLibrary
TlsSetValue
SetPriorityClass
VirtualAlloc
GetCurrentThread
DeleteCriticalSection
ChangeTimerQueueTimer
InterlockedPushEntrySList
VirtualProtect
WriteConsoleW
InterlockedPopEntrySList
GetLogicalProcessorInformation
SetStdHandle
GetModuleFileNameW
ReleaseSemaphore
SystemTimeToTzSpecificLocalTime
CreateSemaphoreW
GetTickCount64
InitializeSListHead
GetUserDefaultLCID
TlsFree
MoveFileW
GetEnvironmentVariableA
WriteFile
PeekNamedPipe
GetSystemInfo
SleepEx
RegisterWaitForSingleObject
GetFileAttributesExW
ReleaseSRWLockExclusive
HeapSize
TerminateProcess
GetCurrentThreadId
SetThreadPriority
GlobalMemoryStatus
TlsAlloc
SetEnvironmentVariableW
WideCharToMultiByte
HeapReAlloc
GetACP
GlobalAlloc
GetProcessAffinityMask
CreateFileW
RemoveDirectoryW
QueryDepthSList
InitializeCriticalSectionEx
InitializeCriticalSection
FreeLibraryAndExitThread
GetCurrentProcessId
GetFileType
FindFirstFileExW
FlushFileBuffers
GetCommandLineA
CreateTimerQueueTimer
GetCurrentProcess
LeaveCriticalSection
LoadLibraryW
UnregisterWait
GetVersion
GlobalUnlock
GetLocaleInfoW
UnhandledExceptionFilter
GetTickCount
SetLastError
IsValidCodePage
LCMapStringW
SetUnhandledExceptionFilter
VirtualFree
GetLogicalDriveStringsW
SetEvent
TlsGetValue
FormatMessageW
TryEnterCriticalSection
GetModuleHandleA
GetCPInfo
IsDebuggerPresent
GlobalFree
FileTimeToSystemTime
GetProcAddress
DecodePointer
VerifyVersionInfoW
SetEndOfFile
lstrcatA
LoadLibraryExW
WaitForMultipleObjects
WaitForSingleObject
LocalFree

user32

EmptyClipboard
LoadIconW
GetMonitorInfoA
DialogBoxParamW
CloseClipboard
GetWindowLongW
ShowWindow
MapDialogRect
EndDialog
SetClipboardData
CheckDlgButton
MessageBoxW
CharUpperW
ScreenToClient
MonitorFromWindow
OpenClipboard
LoadCursorW
GetWindowTextW
LoadStringW
SetCursor
GetKeyState
IsDlgButtonChecked
PostMessageW
InvalidateRect
SetFocus
GetDlgItem
EnableWindow
GetFocus
MoveWindow
SetWindowTextW
SystemParametersInfoW
GetParent
SetTimer
wsprintfA
SendMessageW
MessageBoxA
SetWindowLongW
GetWindowTextLengthW
GetWindowRect
KillTimer
SetDlgItemTextW

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CloseServiceHandle
CryptHashData
CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
OleInitialize
CoTaskMemFree
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CryptStringToBinaryW
CertFindCertificateInStore
CertGetNameStringW
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateContext
CertFindExtension
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CryptDecodeObjectEx
PFXImportCertStore
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertOpenStore

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAResetEvent
WSACreateEvent
getsockopt
send
WSAIoctl
WSACloseEvent
getaddrinfo
socket
WSAEventSelect
freeaddrinfo
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSAEnumNetworkEvents
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSAWaitForMultipleEvents

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e9db4a7a0b10d50a1e6f95dff8c5947

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 275KB - Virtual size: 274KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 96KB - Virtual size: 95KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 275KB - Virtual size: 274KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 96KB - Virtual size: 95KB