99ca4548a867ef8d6c60c9da0337702fdbc7858b6d99b97941922bab6c60fe1d

Sharing

Copy URL Twitter E-mail

General

Target

99ca4548a867ef8d6c60c9da0337702fdbc7858b6d99b97941922bab6c60fe1d
Size

281KB
MD5

3cc81edb2305ab102295e888c0ddaa39
SHA1

880917e827c2e0d8d7f442617659ab37865fe2bb
SHA256

99ca4548a867ef8d6c60c9da0337702fdbc7858b6d99b97941922bab6c60fe1d
SHA512

09af65b484f11e754f9b9b870acdb31a7c3196bdb56a449face6b91bb1bb3e48aaf1e08d47e416ef434f0f16128069d82a3010969321af6cf4dea3241f8cadbc
SSDEEP

6144:Wpja1HNJaI7CAtIj2yNyF09lqNk8/1L02dTH/Uoe:WpOHNQI7D8PAX/1LHTH/3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99ca4548a867ef8d6c60c9da0337702fdbc7858b6d99b97941922bab6c60fe1d

Files

99ca4548a867ef8d6c60c9da0337702fdbc7858b6d99b97941922bab6c60fe1d
.dll windows:5 windows x86 arch:x86

5ed426d4b20b5aa1f88de17e82ce524b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\odipus\Release\odipus32.pdb

Imports

kernel32

FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateEventW
GetExitCodeThread
SetEvent
SystemTimeToFileTime
SetLocalTime
lstrlenA
CreateThread
GetComputerNameW
DisableThreadLibraryCalls
lstrcmpA
GetVersionExW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetLocalTime
SetLastError
GetLastError
GetTempPathW
GetExitCodeProcess
OutputDebugStringW
GetLogicalDrives
WaitForSingleObject
GetDriveTypeW
Sleep
lstrcmpiW
DeleteFileW
SetFilePointer
lstrcpyA
lstrcpyW
LocalFree
Module32NextW
OpenEventW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
DeviceIoControl
ProcessIdToSessionId
Process32FirstW
CloseHandle
CreateFileW
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTempFileNameW
CreateFileA
VirtualQuery
lstrcpynA
CreateProcessW
GetDriveTypeA
InitializeCriticalSection
OpenProcess
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
lstrlenW
WriteConsoleW

user32

SendMessageTimeoutW
CloseWindow
GetForegroundWindow
GetWindowTextW
PostMessageW
FindWindowW
GetClassNameW
IsWindow

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

VariantInit
VariantClear
SysFreeString

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
GetStateTextA
AccessibleChildren
GetRoleTextW

netapi32

NetUserSetInfo
NetUserEnum
NetApiBufferFree

shlwapi

StrCatW
wvnsprintfA
wnsprintfA
StrChrA
SHSetValueW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrStrW
StrStrIW
SHDeleteKeyW
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW
StrChrW
wnsprintfW
SHGetValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

GetUserNameW
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
OpenServiceW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
ControlService

shell32

ord165

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ed426d4b20b5aa1f88de17e82ce524b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

iphlpapi

oleacc

netapi32

shlwapi

userenv

advapi32

shell32

Sections

.text Size: 206KB - Virtual size: 205KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 206KB - Virtual size: 205KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB