0e3f849e351cea99f9979889fc4d3700c710573a215805329eb097c533d87c3e[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0e3f849e351cea99f9979889fc4d3700c710573a215805329eb097c533d87c3e.exe
Size

142KB
MD5

9e28725a40faab491e96a80d5c258c31
SHA1

2cc8ca797c6c731f0266a27176d71697e097824b
SHA256

0e3f849e351cea99f9979889fc4d3700c710573a215805329eb097c533d87c3e
SHA512

5448cdb27bc354091bb25a5cb3d17e71cad8ec2825069b177b3cddec8887e6118dc614eed41c24f948bd39751903f79e66939ae3081f175355cc2bb0d054ec29
SSDEEP

3072:uA5ohBykv/QGvx4TOPu5XH4KoUu2JsaO0xiQhzNHaGVV:DojR/QY4CP434KrtOiJHFVV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0e3f849e351cea99f9979889fc4d3700c710573a215805329eb097c533d87c3e.exe

Files

0e3f849e351cea99f9979889fc4d3700c710573a215805329eb097c533d87c3e.exe
.exe windows:5 windows x86 arch:x86

3032f4a921564516246680bc5824ef80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
ReadFile
GetFileSizeEx
InterlockedDecrement
TerminateProcess
WaitForMultipleObjects
GetQueuedCompletionStatus
GetFileAttributesW
OpenProcess
PostQueuedCompletionStatus
SetFileAttributesW
GetSystemInfo
SetFilePointerEx
MoveFileExW
GetCurrentProcessId
InterlockedIncrement
CreateIoCompletionPort
lstrcmpiW
GetTempPathW
LoadLibraryW
GetProcAddress
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetCommandLineW
WriteConsoleW
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FindNextVolumeW
lstrcpyW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
CreateThread
CloseHandle
InterlockedExchangeAdd
lstrcatW
GetLastError
Sleep
HeapFree
CreateFileW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindClose
lstrlenA
DeviceIoControl
FindFirstFileW
WriteFile
lstrlenW
FindNextFileA
FindFirstFileExA
FindNextFileW
FindFirstVolumeW
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetLastError
RtlUnwind
RaiseException
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetACP
HeapAlloc
CompareStringW
LCMapStringW
DecodePointer

user32

SystemParametersInfoW
wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
DrawTextA

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
CreateFontW
DeleteDC
SetTextColor
SetBkMode
SetBkColor
DeleteObject
BitBlt

winspool.drv

WritePrinter
EnumPrintersW
EndPagePrinter
StartDocPrinterW
OpenPrinterW
StartPagePrinter
EndDocPrinter
ClosePrinter

advapi32

CryptGenRandom
RegOpenKeyW
RegCloseKey
RegSetValueExW
CryptAcquireContextW

shell32

CommandLineToArgvW
SHEmptyRecycleBinA

crypt32

CryptStringToBinaryA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3032f4a921564516246680bc5824ef80

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

crypt32

mpr

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 176B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 176B

.reloc
Size: 5KB - Virtual size: 4KB