0d195ffac38e4f843fc0b7d025d948d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0d195ffac38e4f843fc0b7d025d948d0.exe
Size

1.2MB
MD5

0d195ffac38e4f843fc0b7d025d948d0
SHA1

b2c2429ec5ef9a27b1c9208f6701561ce166d31c
SHA256

e38967049ce49896b531303ea3e46e0b970483f807ac4efeb3485d7e5cd2f335
SHA512

6e2b58cae90fc54b77923a5ebf2ba7722bdb669c10fc3084935b19984c154b7e72f090517e858e9fc5154cc6664362030483563792a49322be3fcae7dd3cd7e4
SSDEEP

12288:Jnm2mHBipQEoU2TsIoiMO/OvoBT1cjNU3pVRv9wfA2uvH0i9lVF1lVbC:02+ipQERO/eoB5cjNU3pqFwC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d195ffac38e4f843fc0b7d025d948d0.exe

Files

0d195ffac38e4f843fc0b7d025d948d0.exe
.dll regsvr32 windows:6 windows x86 arch:x86

9ce31b1c6299b1f2e2f89fc5dfc37325

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DAX3\APO\DAXAPOProp\Release\Win32\DAX3APOProp.pdb

Imports

kernel32

SetThreadLocale
CloseHandle
WaitForSingleObject
Sleep
OpenProcess
GetUserPreferredUILanguages
GetLocaleInfoEx
GetUserDefaultLocaleName
GetACP
GetFileType
GetStdHandle
EnumSystemLocalesW
OutputDebugStringA
CreateFileW
GetThreadLocale
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStringTypeW
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
GetProcAddress
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
WriteConsoleW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapSize
GetCurrentThread
HeapAlloc
HeapFree
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleExW
DecodePointer
SetEnvironmentVariableA
EncodePointer
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
LocalFree
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
ExitProcess
FindClose

user32

CharNextW
UnregisterClassW
SendMessageW
PostMessageW
MoveWindow
GetDlgItem
SetDlgItemTextW
SystemParametersInfoW
LoadBitmapW
SetWindowLongW
GetWindowLongW
MessageBoxW
GetClientRect
GetWindowTextLengthW
SetWindowTextW
InvalidateRect
ReleaseDC
GetDC
UpdateWindow
DrawTextW

gdi32

GetDeviceCaps
GetObjectW
SetTextColor
SelectObject
DeleteObject
CreateFontIndirectW

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
PropVariantClear
CoCreateInstance

oleaut32

GetErrorInfo
LoadRegTypeLi
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayDestroy
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType
SetErrorInfo
CreateErrorInfo

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ce31b1c6299b1f2e2f89fc5dfc37325

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 558KB - Virtual size: 558KB

.rdata Size: 408KB - Virtual size: 407KB

.data Size: 4KB - Virtual size: 9KB

.gfids Size: 1024B - Virtual size: 572B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 184KB - Virtual size: 184KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 558KB - Virtual size: 558KB

.rdata
Size: 408KB - Virtual size: 407KB

.data
Size: 4KB - Virtual size: 9KB

.gfids
Size: 1024B - Virtual size: 572B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 184KB - Virtual size: 184KB

.reloc
Size: 33KB - Virtual size: 33KB