8c0b9adbb8e6e1a8a8553ca165b72ef4d865800fe2bb4fb753ab9985716f7795

General

Target

8c0b9adbb8e6e1a8a8553ca165b72ef4d865800fe2bb4fb753ab9985716f7795
Size

180KB
MD5

f5dcfa1ec4cc53f95c126f8566e54622
SHA1

a5e52ff18da61f945f1eaafe63157b065eab9d92
SHA256

8c0b9adbb8e6e1a8a8553ca165b72ef4d865800fe2bb4fb753ab9985716f7795
SHA512

3f284bb1cbcf3f29dc1b0b5c538c2c50d39c436ba0493ff934f03b5c2b75b624dc9ce0e6dcdb324c3053fab65f6f48cb4b9ef5b262c6170fe71043c8fd1e1f70
SSDEEP

3072:MDeXgSFG0x6VRF9Yz9bNAt9erLehvgKf8Szc8Z6ynO+c3zoKy7CNwa:MewIG0AHHg9JA7gyhBRc8Z6QO+OzoKyO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/42

Files

8c0b9adbb8e6e1a8a8553ca165b72ef4d865800fe2bb4fb753ab9985716f7795
.zip
42
.exe windows:4 windows x86 arch:x86

3293252d3a0e1e0b5f5b836920b5f873

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragAcceptFiles
StrStrA
StrRStrA
FindExecutableW
DllRegisterServer
StrChrA
SHBrowseForFolderA
ExtractIconA
SHFileOperationW
SHGetFileInfoA
DllUnregisterServer
SHGetDataFromIDListW
ShellExecuteA
ShellMessageBoxA

authz

AuthzFreeContext
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzInitializeContextFromSid

shlwapi

UrlUnescapeA
UrlEscapeA
UrlCreateFromPathW
PathCompactPathW
PathIsRootA
UrlCanonicalizeW
PathCommonPrefixA
UrlGetLocationW
UrlIsW
UrlGetPartW
UrlCompareA
PathCombineW
UrlHashA

untfs

Format
Chkdsk
Extend
Recover

user32

LoadIconA
GetDlgItemTextW
IsDialogMessageA
IsCharLowerA
LoadCursorA
LoadBitmapW
PostMessageW
PeekMessageA
DrawStateA
wsprintfW

kernel32

GetFileAttributesA
CreateFileMappingW
OpenEventA
CreateThread
SetPriorityClass
FindFirstFileA
CreateSemaphoreA
LoadLibraryA
FormatMessageW
InterlockedDecrement
GetTempPathW
OpenMutexA
CreateJobObjectA
CreateFileA
FindNextFileA
GetProcAddress
WriteConsoleW
OpenSemaphoreW
GetModuleHandleA
CreateNamedPipeW
InterlockedExchange
WaitForSingleObjectEx

odbctrac

TraceSQLConnect
TraceSQLError
TraceSQLCancel
TraceSQLFetch

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tds
Size: - Virtual size: 256KB

IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

3293252d3a0e1e0b5f5b836920b5f873

Headers

DLL Characteristics

File Characteristics

Imports

shell32

authz

shlwapi

untfs

user32

kernel32

odbctrac

Sections

.text Size: 254KB - Virtual size: 253KB

.rdata Size: 23KB - Virtual size: 22KB

.rsrc Size: 7KB - Virtual size: 6KB

.tds Size: - Virtual size: 256KB

.text
Size: 254KB - Virtual size: 253KB

.rdata
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 7KB - Virtual size: 6KB

.tds
Size: - Virtual size: 256KB