0c1e164c99942df5b17b79ca43fa84a838e655c4ced166d4a410d5faecdeb034[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0c1e164c99942df5b17b79ca43fa84a838e655c4ced166d4a410d5faecdeb034.exe
Size

940KB
MD5

d0dc71581dee51a6486ca3431d611820
SHA1

fbdb70a1d1dbbfc3d06ff0f6ebeecd5dd17499fd
SHA256

0c1e164c99942df5b17b79ca43fa84a838e655c4ced166d4a410d5faecdeb034
SHA512

d1bdf1bc38c5ceb6ae15e903217c39a3e3701492ac817daa8c1575901e569c2bfb31c050ed51088255a43ed2e826e9b8b3a5b63065fa8df4d51fe731de1453d0
SSDEEP

24576:Ee3ycm6/BOhPdRXh+64eGDA4O+fwC8tDNQW1RSrZli19D0ZiEj:F3O4BadFGDwm8tDNQWMZlS9Ef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c1e164c99942df5b17b79ca43fa84a838e655c4ced166d4a410d5faecdeb034.exe

Files

0c1e164c99942df5b17b79ca43fa84a838e655c4ced166d4a410d5faecdeb034.exe
.exe windows:5 windows x86 arch:x86

f35c3e3c0b0d18c91207f657aed39b16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\dave hope\Documents\Visual Studio 2010\Projects\ProductKeyFinder\Release\ProductKeyFinder.pdb

Imports

kernel32

LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
WideCharToMultiByte
DeleteCriticalSection
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetCurrentProcess
GetModuleHandleW
GetCommandLineW
lstrcmpW
lstrlenW
GetProcessHeap
CompareStringA
GetLocaleInfoW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
InitializeCriticalSection
WriteFile
GetSystemTimeAsFileTime
FormatMessageA
UnlockFileEx
LockFile
GetTickCount
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
FreeLibrary
SetEndOfFile
GetFullPathNameW
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
CreateFileA
GetFullPathNameA
GetFileAttributesExW
HeapSize
SetStdHandle
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
SetHandleCount
GetFileType
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetConsoleCP
GetConsoleMode
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedExchange
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA

user32

EndDialog
SendMessageW
EnableWindow
GetDlgItem
DialogBoxParamW

gdi32

SetBkMode
GetStockObject
SetTextColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegConnectRegistryW
RegUnLoadKeyW
RegCloseKey
RegLoadKeyW
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyExA
LookupPrivilegeValueW
RegQueryInfoKeyW
RegQueryValueExW
OpenProcessToken

shell32

ShellExecuteW

Sections

.text
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f35c3e3c0b0d18c91207f657aed39b16

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 527KB - Virtual size: 526KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 281KB - Virtual size: 281KB

.reloc Size: 23KB - Virtual size: 26KB

.text
Size: 527KB - Virtual size: 526KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 281KB - Virtual size: 281KB

.reloc
Size: 23KB - Virtual size: 26KB