0e78b03004f9cac91ac3cfe66c7b3433ab290163ddcf30b66baeffc787c9a4bfN

Sharing

Copy URL Twitter E-mail

General

Target

0e78b03004f9cac91ac3cfe66c7b3433ab290163ddcf30b66baeffc787c9a4bfN
Size

383KB
MD5

feb3a50110c4c4498cce68ee3b6b4300
SHA1

2bf64575c1184ebdde27f3e547868a52e1eae47d
SHA256

0e78b03004f9cac91ac3cfe66c7b3433ab290163ddcf30b66baeffc787c9a4bf
SHA512

9ca410a70e0e1bf73a3f4c91eab9fbf9d62a9cf1e24afd9cd7d99629979f6a493f709eb251725d69254c55ff4ef511f375d63523ff55854e356f2b78f5b55e7b
SSDEEP

6144:fuIjIYQFgVDTFOu6qtJ1D99TzAHgQa8JsVcLcrLRfxFP0Jjd4QXRqOUccCcdj/0:fukIX6/ZtJ1vsHgQiEWLTl05XAOUcTcB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e78b03004f9cac91ac3cfe66c7b3433ab290163ddcf30b66baeffc787c9a4bfN

Files

0e78b03004f9cac91ac3cfe66c7b3433ab290163ddcf30b66baeffc787c9a4bfN
.exe windows:5 windows x86 arch:x86

61e77643cf74002f0433fae4f72b995b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

GetDefaultUserProfileDirectoryA
GetProfilesDirectoryW
ProcessGroupPolicyCompleted
RsopResetPolicySettingStatus
GetPreviousFgPolicyRefreshInfo
EnterCriticalPolicySection
GetProfilesDirectoryA
RegisterGPNotification
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetUserProfileDirectoryW
LeaveCriticalPolicySection
RsopFileAccessCheck
GetNextFgPolicyRefreshInfo
ExpandEnvironmentStringsForUserA
ProcessGroupPolicyCompletedEx
WaitForMachinePolicyForegroundProcessing
CreateEnvironmentBlock
FreeGPOListA
DllGetClassObject
ForceSyncFgPolicy
RsopSetPolicySettingStatus
DeleteProfileA
RsopAccessCheckByType
GetDefaultUserProfileDirectoryW
RefreshPolicyEx
GetAllUsersProfileDirectoryA
UnloadUserProfile
GetProfileType
DestroyEnvironmentBlock
WaitForUserPolicyForegroundProcessing
LoadUserProfileW
GetUserProfileDirectoryA
UnregisterGPNotification
GetAppliedGPOListA
GetGPOListW
GetAllUsersProfileDirectoryW
GetAppliedGPOListW

kernel32

EnumCalendarInfoExW
Module32FirstW
FindClose
FlushConsoleInputBuffer
SetFileTime
MoveFileExA
GetFileSize
GetNumaHighestNodeNumber
GetVolumePathNamesForVolumeNameA
SetConsoleTextAttribute
GetProcessPriorityBoost
DuplicateConsoleHandle
SetThreadExecutionState
GetLongPathNameW
SetFilePointer
SystemTimeToTzSpecificLocalTime
BaseDumpAppcompatCache
EnumSystemGeoID
VDMOperationStarted
SetLastConsoleEventActive
OutputDebugStringA
DeleteAtom
GetLocaleInfoW
CompareFileTime
SetLocaleInfoA
SetLastError
HeapQueryInformation
GetSystemTimeAdjustment
SetComPlusPackageInstallStatus
CompareStringW
GetShortPathNameW
EndUpdateResourceW
LoadLibraryA
lstrcat
IsBadHugeReadPtr
GetSystemDefaultLangID
GetSystemPowerStatus
CreateWaitableTimerW
EnumSystemLocalesW
GetModuleFileNameW
UpdateResourceW
RequestDeviceWakeup
VerifyVersionInfoW
RtlCaptureStackBackTrace
GetTickCount
LocalAlloc
BuildCommDCBAndTimeoutsW
VirtualAlloc
IsProcessInJob
SetCommTimeouts
DebugBreak

newdev

InstallNewDevice
UpdateDriverForPlugAndPlayDevicesW
InstallWindowsUpdateDriver
UpdateDriverForPlugAndPlayDevicesA
InstallSelectedDriver

oleprn

DllGetClassObject

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61e77643cf74002f0433fae4f72b995b

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

newdev

oleprn

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 68KB - Virtual size: 545KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 68KB - Virtual size: 545KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB