0f34abb70ca49c1512649f8d5fa460e6dd837f9c0cf1ee657fc614d876bd6e39

Sharing

Copy URL Twitter E-mail

General

Target

0f34abb70ca49c1512649f8d5fa460e6dd837f9c0cf1ee657fc614d876bd6e39
Size

1.7MB
MD5

2de9d5e57987614c2aa6fa78f80fa3ff
SHA1

0a48d9c3cc54118f3f2407f66ad9b563ba50bf47
SHA256

0f34abb70ca49c1512649f8d5fa460e6dd837f9c0cf1ee657fc614d876bd6e39
SHA512

334c1b1b8f64892b86f99f85faad929a3545a5d8fb6e4b2820f1fec37314183d3655383cd11afc0676b7871ea881041f5c485477ce1e1c0899f46a23c2c84ef0
SSDEEP

49152:5IKbcpq8Ci68+u4mj26kIIiJp/dI4BdQ:5Ipq8CiZ+cyWIKW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f34abb70ca49c1512649f8d5fa460e6dd837f9c0cf1ee657fc614d876bd6e39

Files

0f34abb70ca49c1512649f8d5fa460e6dd837f9c0cf1ee657fc614d876bd6e39
.exe windows:5 windows x86 arch:x86

71e8142613daea3292daf13a8fe621e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
lstrlenW
GetCurrentDirectoryA
GetFullPathNameA
GetFileAttributesW
ExitProcess
GetModuleFileNameW
MultiByteToWideChar
GetPrivateProfileStringW
SetConsoleMode
ReadConsoleInputA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
Sleep
WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetLastError
CloseHandle
FlushConsoleInputBuffer
GlobalMemoryStatus
FindFirstFileA
GetVersion
GetModuleHandleA
GetSystemTime
SystemTimeToFileTime
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
WaitForSingleObject
VerSetConditionMask
VerifyVersionInfoA
SleepEx
FormatMessageA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileW
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
LoadLibraryA
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegCloseKey
RegOpenKeyExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyW
RegQueryInfoKeyW
OpenProcessToken

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsA
PathFileExistsW

iphlpapi

GetAdaptersInfo

ws2_32

select
WSAGetLastError
recv
send
WSAIoctl
setsockopt
ntohs
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
shutdown
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
getsockname

wldap32

ord46
ord22
ord41
ord143
ord301
ord33
ord79
ord60
ord50
ord27
ord26
ord35
ord32
ord200
ord211
ord30

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71e8142613daea3292daf13a8fe621e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

iphlpapi

ws2_32

wldap32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 346KB - Virtual size: 346KB

.data Size: 49KB - Virtual size: 64KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 75KB - Virtual size: 74KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 346KB - Virtual size: 346KB

.data
Size: 49KB - Virtual size: 64KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 75KB - Virtual size: 74KB