0c91a239ba59314831aa89ac1a1e1f81cf297747e85b76c21389ef9ed5ed3602

Sharing

Copy URL

Twitter E-mail

General

Target

0c91a239ba59314831aa89ac1a1e1f81cf297747e85b76c21389ef9ed5ed3602
Size

2.5MB
MD5

1cbd4f5806f4b8c17ddde1314df6b372
SHA1

ca99538315ad497ada98463751938d50c1b6d4f2
SHA256

0c91a239ba59314831aa89ac1a1e1f81cf297747e85b76c21389ef9ed5ed3602
SHA512

9878e9bb9b461562a9cc18678eebadde7d4c1493feb433bbb76db21519789861a693318e5facdd36bd0e9e720864e1df79418a454caa782d2ccd108d5d00a4ba
SSDEEP

49152:42+dyVZZEv0TgIMOnXeHsaTYVf2jyZ6xsB3XPML51eZZCGt/4UlF0:4fwVZZEvGguuMR2jyFBkL5kW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c91a239ba59314831aa89ac1a1e1f81cf297747e85b76c21389ef9ed5ed3602

Files

0c91a239ba59314831aa89ac1a1e1f81cf297747e85b76c21389ef9ed5ed3602
.exe windows:5 windows x86 arch:x86

3ec49e133e52a6feff040a7c76bfdfaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThreadId
GetModuleHandleW
CreateProcessW
ProcessIdToSessionId
DecodePointer
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetTickCount
GetVolumeInformationW
GetVersionExW
WriteFile
FileTimeToSystemTime
GetTempPathW
GetFileAttributesW
GetFileAttributesExW
CopyFileW
MoveFileExW
GlobalFree
GetDriveTypeW
GetSystemDirectoryW
CreateDirectoryW
CreateFileA
WTSGetActiveConsoleSessionId
DeviceIoControl
OutputDebugStringA
SetPriorityClass
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GlobalAlloc
GetCurrentProcessId
GetPrivateProfileIntW
GetModuleFileNameW
LocalFree
GetLocalTime
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetEndOfFile
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
TerminateThread
CreateThread
FindNextFileW
FindFirstFileW
LoadLibraryW
lstrcpyW
FindClose
GetLongPathNameW
IsBadReadPtr
LoadLibraryA
lstrlenW
GetNativeSystemInfo
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
VirtualFree
VirtualAlloc
GetProcAddress
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
Process32NextW
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
VerSetConditionMask
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetLastError
LocalAlloc
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
CloseHandle
Sleep
OpenProcess
SystemTimeToFileTime
GetEnvironmentVariableW
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
SleepEx
FormatMessageA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteConsoleW
GetConsoleCP
GetACP
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
ExitThread
RtlUnwind
FindNextFileA
FindFirstFileA
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
QueryPerformanceCounter
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
OutputDebugStringW

user32

PostMessageW
FindWindowW
LoadStringW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

advapi32

StartServiceCtrlDispatcherW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
RegFlushKey
DeleteService
StartServiceW
RegDeleteValueW
RegDeleteKeyW
DuplicateTokenEx
LookupPrivilegeValueW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
GetTokenInformation
RegSetValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteTreeW
CreateProcessAsUserW
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
OpenServiceW
RegQueryValueExA

shell32

SHGetPathFromIDListW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

psapi

GetProcessImageFileNameW
EnumProcesses

shlwapi

PathFileExistsW
PathAddBackslashW
SHDeleteKeyW
SHDeleteValueW
SHGetValueW
SHSetValueW

wldap32

ord41
ord50
ord27
ord26
ord211
ord46
ord143
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord22
ord60

wtsapi32

WTSQueryUserToken

ws2_32

__WSAFDIsSet
select
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
recv
WSACleanup
WSAStartup
WSAGetLastError
send

wininet

InternetQueryOptionW
HttpQueryInfoW
InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ec49e133e52a6feff040a7c76bfdfaa

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

wldap32

wtsapi32

ws2_32

wininet

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 543KB - Virtual size: 542KB

.data Size: 20KB - Virtual size: 45KB

.rsrc Size: 168KB - Virtual size: 168KB

.reloc Size: 147KB - Virtual size: 148KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 543KB - Virtual size: 542KB

.data
Size: 20KB - Virtual size: 45KB

.rsrc
Size: 168KB - Virtual size: 168KB

.reloc
Size: 147KB - Virtual size: 148KB