0e1c5decc7e9dd3bb0306292d3ecac316470a8946b6f4b1eeb4520d6c92bf5ec[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0e1c5decc7e9dd3bb0306292d3ecac316470a8946b6f4b1eeb4520d6c92bf5ec.exe
Size

14KB
MD5

b2c53ced18a43fd8d013a7383848e770
SHA1

c09c96a26e73c7b17363400ff34ac55d0c604087
SHA256

0e1c5decc7e9dd3bb0306292d3ecac316470a8946b6f4b1eeb4520d6c92bf5ec
SHA512

9c07bd2474e487ee79db59bfc73ba0fdf2c31143161b24a529b2b8426fc1e1ac063ba8280ae23ec40be25119a14bae11b93bbe14fb912588fa4be145bb6129e3
SSDEEP

192:nIIyXU7U5ZHQVWl+XKyh/vQj6mv4yHiHyHuL2+zj5nHZz+tXrxYxPHDjv+LR8Cuz:IIpo5Zcu6ciSOy+zj5orxSDjv+LiCk7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e1c5decc7e9dd3bb0306292d3ecac316470a8946b6f4b1eeb4520d6c92bf5ec.exe

Files

0e1c5decc7e9dd3bb0306292d3ecac316470a8946b6f4b1eeb4520d6c92bf5ec.exe
.exe windows:1 windows x86 arch:x86

80209ea00b18feead96467c26f00bf20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3220

@$bdla$qpv
@$bdele$qpv
@string@$bdtr$qv
_sprintf
@_CatchCleanup$qv
_memcpy
@string@assign$qrx6stringuiui
___debuggerDisableTerminateCallback
__Return_unwind
_memmove
@__lockDebuggerData$qv
@$bnwa$qui
__ExceptionHandler
__startup
__setargv
@__unlockDebuggerData$qv
_abort
@string@$bctr$qpxc
@$bnew$qui
@xmsg@$bdtr$qv
__argc
_flushall
__exitargv
__argv

kernel32

GetTickCount
GetProcAddress
GetModuleHandleA

user32

PostMessageA
EnableWindow

bids50f

@TStreamableBase@$bdtr$qv

owl50f

@TModule@Error$qi
@TModule@$bdtr$qv
@TApplication@PreProcessMenu$qp7HMENU__
@TModule@$bctr$qpxcp11HINSTANCE__
@TLayoutWindow@$bdtr$qv
@TApplication@MessageLoop$qv
@TApplication@IdleAction$ql
@TFrameWindow@$bdtr$qv
@TFrameWindow@$bctr$qp7TWindowpxct14boolp7TModule
@TApplication@InitInstance$qv
@TEventHandler@SearchEntries$qp31%TResponseTableEntry$t7GENERIC%r24TEventHandler@TEventInfopqr31%TResponseTableEntry$t7GENERIC%r24TEventHandler@TEventInfo$4bool
@TEventHandler@Find$qr24TEventHandler@TEventInfopqr31%TResponseTableEntry$t7GENERIC%r24TEventHandler@TEventInfo$4bool
@TApplication@InitHPrevInstance
@TApplication@Find$qr24TEventHandler@TEventInfopqr31%TResponseTableEntry$t7GENERIC%r24TEventHandler@TEventInfo$4bool
@TApplication@$bctr$qpxcrp7TModulep14TAppDictionary
@TWindow@EvCommandEnable$qr15TCommandEnabler
@TWindow@EvNotify$quir7TNotify
@TWindow@Execute$qv
@TWindow@Find$qr24TEventHandler@TEventInfopqr31%TResponseTableEntry$t7GENERIC%r24TEventHandler@TEventInfo$4bool
@TWindow@GetClassNameA$qv
@TWindow@GetWindowClass$qr12tagWNDCLASSA
@TWindow@HoldFocusHWnd$qp6HWND__t1
@TWindow@IdleAction$ql
@TWindow@Paint$qr3TDC4boolr5TRect
@TWindow@PerformCreate$qi
@TWindow@PreProcessMsg$qr6tagMSG
@TWindow@Register$qv
@TWindow@RemoveChild$qp7TWindow
@TWindow@SetCaption$qpxc
@TWindow@SetDocTitle$qpxci
@TWindow@SetParent$qp7TWindow
@TWindow@SetupWindow$qv
@TWindow@EvCommand$quip6HWND__ui
@TDib@$bdtr$qv
@TWindow@DoExecute$qv
@TWindow@Destroy$qi
@TDib@$bctr$qpxc
@TApplication@InitHInstance
@TWindow@DefWindowProcA$quiuil
@TWindow@Create$qv
@TApplication@TermInstance$qi
@TWindow@CloseWindow$qi
@TWindow@CleanupWindow$qv
@TApplication@Start$qv
@TApplication@InitCmdShow
@TApplication@CanClose$qv
@TWindow@CanClose$qv
@TWindow@$bdtr$qv
@TApplication@SetMainWindow$qp12TFrameWindow
@TWindow@$bctr$qp7TWindowpxcp7TModule
@TSplashWindow@SetText$qpxc
@TApplication@Run$qv
@TApplication@InitCmdLine
@TSplashWindow@SetPercentDone$qi
@TSplashWindow@$bdtr$qv
@TApplication@ProcessMsg$qr6tagMSG
@TWindow@WindowProc$quiuil
@TWindow@TransferData$q18TTransferDirection
@TSplashWindow@$bctr$qr4TDibiiiuipxcp7TModule
@TWindow@Transfer$qpv18TTransferDirection
@TWindow@ShowWindow$qi
@TModule@Error$qr4xmsguiui
@TApplication@ProcessAppMsg$qr6tagMSG
@TApplication@InitApplication$qv
@TApplication@$bdtr$qv
@I32_WPARAM_LPARAM_Dispatch$qr7GENERICM7GENERICquil$luil
@HandleGlobalException$qr4xmsgpct2

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80209ea00b18feead96467c26f00bf20

Headers

File Characteristics

Imports

cw3220

kernel32

user32

bids50f

owl50f

Exports

Exports

Sections

CODE Size: 5KB - Virtual size: 8KB

DATA Size: 1KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

CODE
Size: 5KB - Virtual size: 8KB

DATA
Size: 1KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB