0c13deeb03f09b813ae01a5dde65f7b534dc7437672856f15f6e9db4ec88aa7a

Sharing

Copy URL Twitter E-mail

General

Target

0c13deeb03f09b813ae01a5dde65f7b534dc7437672856f15f6e9db4ec88aa7a
Size

1.9MB
MD5

feb3dfd178e1269444c0f26b102e4990
SHA1

ca24a95c73679d8b52363b6c80c1efb033185efa
SHA256

0c13deeb03f09b813ae01a5dde65f7b534dc7437672856f15f6e9db4ec88aa7a
SHA512

c90077ae9d214020768067a30ea79e2593a25c8072e21e3b2c14d6784dbafa191f3dc86ac3394634860f0b8fe84a565dd9c09432b9eed35c3b2e269b5b67b4e9
SSDEEP

24576:4K3ZUlT5dg7/Xvgg8NdEXbLejRD9Eiv2pfDEfZIfgwhUsDS7UVjugSpR/PK5KUec:4K6ArvgJNdCbWLYU+GrsjZyr+/p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c13deeb03f09b813ae01a5dde65f7b534dc7437672856f15f6e9db4ec88aa7a

Files

0c13deeb03f09b813ae01a5dde65f7b534dc7437672856f15f6e9db4ec88aa7a
.dll windows:5 windows x86 arch:x86

0b4ad84bf7a0ffe98de7e4b655d91c52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

esent

JetEscrowUpdate
JetInit2

msvcrt

strtol
fgets
wcscoll
memset
toupper
putc

kernel32

SetCriticalSectionSpinCount
WaitForSingleObject
CallNamedPipeW
CreateHardLinkW
GetFileTime
OpenWaitableTimerW
SetStdHandle
Process32FirstW
EnumSystemCodePagesA
SetLocaleInfoW
CreateEventA
GetPriorityClass
CreateFileMappingA
CallNamedPipeA
QueryDepthSList
WaitForSingleObjectEx
LocalLock
OpenMutexW
SetUserGeoID
SetMailslotInfo
DuplicateHandle
GetSystemDefaultUILanguage
GetModuleFileNameA
EnterCriticalSection
TlsFree
CreateProcessW
UnregisterWait
ReplaceFileA
GetStartupInfoW
FillConsoleOutputCharacterA
GetConsoleOutputCP
MoveFileA
GenerateConsoleCtrlEvent
IsWow64Process
GetModuleHandleA
CloseHandle
GetTimeFormatW

rpcrt4

NdrAllocate
NdrAsyncServerCall
RpcBindingInqAuthClientW
I_RpcGetExtendedError
RpcStringBindingParseA

msvfw32

DrawDibStop

user32

VkKeyScanExW
CallMsgFilterA
GetUpdateRgn
TabbedTextOutA
keybd_event
ShowWindow
ToUnicodeEx
SetLayeredWindowAttributes
GetWindowContextHelpId
CreateWindowExW
FreeDDElParam
GetSystemMetrics
IsCharLowerW
ExcludeUpdateRgn
SwapMouseButton
LoadKeyboardLayoutW
CreateWindowExA
CopyImage
LockWindowUpdate
SetMenuDefaultItem
GetClipCursor
MessageBoxExW
SetTimer
GetDlgItem
ToAsciiEx
PostMessageW
InflateRect
GetClipboardFormatNameA
SendMessageCallbackA
EndMenu

shlwapi

SHSetValueA
StrStrIA
PathGetCharTypeA
PathIsURLW
StrDupA
PathCreateFromUrlA

urlmon

IsAsyncMoniker
CoInternetSetFeatureEnabled

lz32

GetExpandedNameW
LZClose
LZSeek

ole32

CoLockObjectExternal
OleMetafilePictFromIconAndLabel
CoQueryProxyBlanket
PropVariantCopy
StgCreatePropStg
CoFreeLibrary
OleLoadFromStream

imm32

ImmGetCandidateListW

msacm32

acmFormatEnumW

winmm

GetDriverModuleHandle
midiOutMessage
waveOutGetDevCapsW
midiOutGetDevCapsW
mmioDescend
waveInGetPosition
PlaySoundW
mixerGetID
waveInClose

winscard

SCardForgetCardTypeW
SCardListInterfacesA
SCardListCardsA

crypt32

CryptBinaryToStringA
CertFindChainInStore
PFXExportCertStore
CryptMsgDuplicate
CertAlgIdToOID
PFXVerifyPassword

shell32

SHGetFileInfoA
SHBrowseForFolderW
ExtractIconW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExA
SHGetMalloc
SHChangeNotify
ExtractAssociatedIconA

comctl32

ImageList_AddMasked

mscms

GetStandardColorSpaceProfileW
OpenColorProfileA

clusapi

RestoreClusterDatabase
CloseCluster

wintrust

CryptCATAdminEnumCatalogFromHash
IsCatalogFile
WintrustLoadFunctionPointers
CryptCATAdminRemoveCatalog

gdi32

GetDCOrgEx
GetMapMode
SelectObject
Polygon
GetDeviceGammaRamp
PolyPolygon
SetDIBitsToDevice
GetTextMetricsA
ScaleWindowExtEx
GetObjectA
GetMetaFileA
SetMiterLimit
GetCharWidthFloatA
SetColorSpace
CreateDiscardableBitmap

setupapi

SetupDiGetINFClassW
SetupDiGetClassImageListExW
CM_Disable_DevNode
SetupDiGetDeviceInfoListDetailA
SetupGetLineTextW
CM_Locate_DevNode_ExW
CM_Open_Class_KeyW
SetupDiEnumDeviceInfo
CM_Get_Device_ID_List_SizeW
SetupDiGetClassInstallParamsW
SetupFindNextMatchLineW
SetupDiGetDeviceRegistryPropertyA
CM_Get_Device_ID_Size_Ex

wininet

InternetTimeFromSystemTimeA
InternetSetCookieA
HttpSendRequestW

opengl32

glEvalCoord1f

ws2_32

select

oleaut32

GetActiveObject
CreateTypeLi
LoadTypeLibEx

rasapi32

RasGetSubEntryPropertiesA
RasGetConnectStatusW

netapi32

NetGroupGetInfo
NetGroupAddUser
NetQueryDisplayInformation
NetUserSetGroups
NetSessionGetInfo

advapi32

BuildTrusteeWithNameW
StartServiceCtrlDispatcherA
GetKernelObjectSecurity
QueryServiceStatusEx
CryptContextAddRef
LookupAccountNameW
RegConnectRegistryA
RegNotifyChangeKeyValue
RegEnumKeyA
GetServiceKeyNameA
SetEntriesInAclW
AreAnyAccessesGranted
RegisterEventSourceA
AccessCheckByType
CreatePrivateObjectSecurityEx
OpenSCManagerA
QueryServiceConfig2W
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW

winspool.drv

DeletePrinterDriverExW

mprapi

MprConfigTransportCreate
MprAdminInterfaceCreate
MprAdminMIBEntrySet
MprConfigInterfaceDelete
MprAdminConnectionEnum

secur32

MakeSignature
QueryContextAttributesA
InitializeSecurityContextA
AcquireCredentialsHandleA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 1020KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b4ad84bf7a0ffe98de7e4b655d91c52

Headers

DLL Characteristics

File Characteristics

Imports

esent

msvcrt

kernel32

rpcrt4

msvfw32

user32

shlwapi

urlmon

lz32

ole32

imm32

msacm32

winmm

winscard

crypt32

shell32

comctl32

mscms

clusapi

wintrust

gdi32

setupapi

wininet

opengl32

ws2_32

oleaut32

rasapi32

netapi32

advapi32

winspool.drv

mprapi

secur32

version

Sections

.text Size: 1020KB - Virtual size: 1017KB

.qdata Size: 756KB - Virtual size: 755KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 92KB - Virtual size: 95KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 40KB - Virtual size: 38KB

.text
Size: 1020KB - Virtual size: 1017KB

.qdata
Size: 756KB - Virtual size: 755KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 92KB - Virtual size: 95KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 40KB - Virtual size: 38KB