0f74d46ca000956c8e7d5df41760c36589751af48a202050bd9c578dca2ac4d1[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0f74d46ca000956c8e7d5df41760c36589751af48a202050bd9c578dca2ac4d1.exe
Size

307KB
MD5

7e6b79546f28601c8d0e74c32e748dba
SHA1

d9cb8db5e6799db32a9c3883a6024d9594c1f618
SHA256

0f74d46ca000956c8e7d5df41760c36589751af48a202050bd9c578dca2ac4d1
SHA512

8d4cf9b12833c9a9cd172c162e0299ca88e63d1848bafc4a7173faac96a82880feaa1f29a046c0bba18e37220ff4fcf22ef17ac80f455749351013ac92a1ab00
SSDEEP

6144:PMdbHniiav4BnRcXjdQ7ZHHgYjKAB0HBC2pZJ:sHikdRojdQ7REvCMZJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f74d46ca000956c8e7d5df41760c36589751af48a202050bd9c578dca2ac4d1.exe

Files

0f74d46ca000956c8e7d5df41760c36589751af48a202050bd9c578dca2ac4d1.exe
.exe windows:5 windows x86 arch:x86

40ccda4501a153e0331761c1e960f0d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayLock
SafeArrayCreate
RegisterTypeLi
SafeArrayGetVartype
SysStringByteLen
VariantInit
LoadTypeLi
SysAllocString
GetErrorInfo
UnRegisterTypeLi
DispCallFunc
SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
SafeArrayRedim
SafeArrayUnlock
VarUI4FromStr
SafeArrayDestroy
SysStringLen
VariantCopyInd
SysFreeString
VariantCopy
SafeArrayGetLBound
VariantClear
SafeArrayGetUBound
SafeArrayCopy

kernel32

LoadLibraryExA
SetFileAttributesA
RaiseException
WaitForSingleObject
CreateMutexA
lstrcmpA
SetPriorityClass
CreateProcessA
GetACP
RemoveDirectoryA
CreateEventA
HeapFree
SizeofResource
SetProcessWorkingSetSize
CreateFileA
GetCurrentThreadId
OpenMutexA
WideCharToMultiByte
GetThreadLocale
HeapDestroy
LocalFree
ReleaseMutex
GetCommandLineA
FormatMessageA
FindClose
FindFirstFileA
CopyFileA
lstrcpyA
lstrlenW
CreateDirectoryA
lstrcpynA
FindNextFileA
GetModuleHandleA
HeapReAlloc
FindResourceA
LocalAlloc
GetSystemTimeAsFileTime
lstrcatA
HeapAlloc
lstrlenA
LoadResource
EnterCriticalSection
ResetEvent
FreeLibrary
OpenProcess
LockResource
IsDBCSLeadByte
FindResourceExA
lstrcmpiA
OpenEventA
CloseHandle
GetPriorityClass
CreateThread
OutputDebugStringA
GetUserDefaultLangID
GetProcessHeap
LeaveCriticalSection
DeleteFileA
WaitForMultipleObjects
GetTempPathA
DeleteCriticalSection
HeapSize
GetVersion
VirtualAllocEx

user32

LoadCursorA
CreateWindowExA
CharNextA
GetMessageA
RegisterClassA
PeekMessageA
RegisterWindowMessageA
PostThreadMessageA
MessageBoxA
DefWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
TranslateMessage
PostQuitMessage
LoadStringA

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ole32

CoRevokeClassObject
CoTaskMemFree
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoInitializeSecurity
CoUninitialize
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
CoCreateInstance
OleRun
CoInitializeEx
CoRegisterClassObject
CLSIDFromString
CoInitialize
CLSIDFromProgID
StringFromGUID2

shlwapi

PathFileExistsA
PathFindExtensionA

comctl32

ImageList_LoadImageA
ImageList_SetBkColor
CreateToolbarEx
CreateStatusWindowW
ImageList_DragMove
CreateUpDownControl
UninitializeFlatSB

umdmxfrm

GetXformInfo

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 997KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40ccda4501a153e0331761c1e960f0d8

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

rpcrt4

ole32

shlwapi

comctl32

umdmxfrm

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 281KB - Virtual size: 997KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 281KB - Virtual size: 997KB

.rsrc
Size: 2KB - Virtual size: 2KB