650786a1019abd6df43adc3ba406d6b4fe768a130ca7d0599f547017f7d24505

Sharing

Copy URL Twitter E-mail

General

Target

650786a1019abd6df43adc3ba406d6b4fe768a130ca7d0599f547017f7d24505
Size

162KB
MD5

f3827511b903225cc4d7a1b58df6e822
SHA1

4bafbc0b034124233ded125c5edee1f85310f840
SHA256

650786a1019abd6df43adc3ba406d6b4fe768a130ca7d0599f547017f7d24505
SHA512

e5e84d1558c7621041f4e758b7ba5d9d2e3eb4b5b6f49a6fafcb76028a4a35701f9f03e51ec886aa73df1434cf2cc69e633e07085dbfc5c4c86ddcf10c4240ea
SSDEEP

3072:fnm52wX/gbaNQMNlRFAiq+uXPEY4JvFac9HEqojGCZfdyQ:fnm52gPQMNlEiyEYQvFyq2y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
650786a1019abd6df43adc3ba406d6b4fe768a130ca7d0599f547017f7d24505

Files

650786a1019abd6df43adc3ba406d6b4fe768a130ca7d0599f547017f7d24505
.exe windows:4 windows x86 arch:x86

c2384ab1ab5092ea830630db8b7db002

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

OSA.pdb

Imports

kernel32

DeleteFileA
MultiByteToWideChar
GetTempFileNameA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalDeleteAtom
GlobalAddAtomA
GlobalFree
GlobalAlloc
GetStartupInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
Sleep
WinExec
GlobalHandle
GlobalSize
GetVersionExA
CreateProcessA
CreateProcessW
CloseHandle
GetVersion
OutputDebugStringA
FindClose
FindFirstFileA
lstrlenA
TerminateThread
CreateThread
QueryPerformanceCounter
VirtualProtect
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryA
LocalAlloc
FreeLibrary
InterlockedExchange
RaiseException
GetFileAttributesW
GetProcAddress
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
FormatMessageA
LocalFree
MulDiv
CreateFileA
InterlockedIncrement
IsDBCSLeadByte
GetModuleHandleW
GetTickCount
ReadFile
GetModuleHandleA

user32

UnregisterClassA
RegisterClassA
GetClassNameA
EnableWindow
GetActiveWindow
GetSystemMenu
GetMenuItemCount
DeleteMenu
DrawMenuBar
PackDDElParam
FreeDDElParam
DestroyWindow
MsgWaitForMultipleObjects
PostQuitMessage
SendMessageA
DefWindowProcA
UnpackDDElParam
ReuseDDElParam
PostMessageA
EnumWindows
SetFocus
SetActiveWindow
CreateWindowExA
RegisterClassExA
GetDC
GetSystemMetrics
PeekMessageA
DdeConnect
DdeQueryConvInfo
IsIconic
ShowWindow
SetForegroundWindow
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
WaitForInputIdle
DdeClientTransaction
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
SystemParametersInfoA
GetDesktopWindow
MessageBeep
ReleaseDC
MessageBoxA
GetWindow
GetParent
GetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowThreadProcessId

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

gdi32

DeleteObject
SelectObject
CreateFontIndirectA
GetTextExtentPointW
GetDeviceCaps
SelectPalette
RealizePalette
GetStockObject
GetCharWidth32A

ole32

CoInitialize
CoUninitialize
OleInitialize
StgCreateDocfile
CreateFileMoniker
GetRunningObjectTable
CoRegisterClassObject
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject
OleUninitialize

msvcrt

_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_except_handler3
_controlfp

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2384ab1ab5092ea830630db8b7db002

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 1KB

.cdata Size: 512B - Virtual size: 4B

.rsrc Size: 127KB - Virtual size: 128KB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 1KB

.cdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 127KB - Virtual size: 128KB