2f601617179201c5f7fb91c9f168e5e31ac520466dbe48da5d5e7044992e04b9

Sharing

Copy URL

Twitter E-mail

General

Target

2f601617179201c5f7fb91c9f168e5e31ac520466dbe48da5d5e7044992e04b9
Size

1.8MB
MD5

0f22301e83a89910a3d2c266fe7ecf11
SHA1

1b8484962ba986e307bb7f2682ea1b69317c325c
SHA256

2f601617179201c5f7fb91c9f168e5e31ac520466dbe48da5d5e7044992e04b9
SHA512

a3c304c4acc7f5f9ed80641d90853ce3415d19a21904d3f4c9cf10ecc2a6d315839b54de22605b3adc9be4ec475418d385a2738f9399d4feb113f917ac3ed5b9
SSDEEP

24576:OPgWnc45pqSAasdf3cvlTt2a9P5HU9RlZ+yi8FE:cHncipfA1df3mlT9x0GNEE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f601617179201c5f7fb91c9f168e5e31ac520466dbe48da5d5e7044992e04b9

Files

2f601617179201c5f7fb91c9f168e5e31ac520466dbe48da5d5e7044992e04b9
.exe windows:6 windows x86 arch:x86

8cd8c5cfdcec0841d06c1f219bac7509

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\dbs\sh\odct\0423_142515\client\onedrive\Product\UX\Exe\obj\i386\OneDrive.pdb

Imports

kernel32

GetCommandLineW
VerSetConditionMask
VerifyVersionInfoW
SetLastError
ReadConsoleW
SetEndOfFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
ReadFile
GetFileSizeEx
DeviceIoControl
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetExitCodeProcess
GetFileAttributesW
CompareStringOrdinal
GetFinalPathNameByHandleW
OpenFileById
CreateFileW
CreateIoCompletionPort
ReadDirectoryChangesW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetDiskFreeSpaceExW
DeleteFileW
FindClose
IsWow64Process
GetUserDefaultLCID
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetCurrentProcess
GetSystemTimeAsFileTime
WaitForSingleObject
TerminateProcess
GetCurrentProcessId
Sleep
GetModuleHandleW
MoveFileW
OpenProcess
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateProcessW
FreeLibrary
GetProcAddress
LoadLibraryW
SetDllDirectoryW
LocalFree
DeleteCriticalSection
DecodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileW
WriteConsoleW
FindFirstFileExW
GetFileType
EnumSystemLocalesW
IsValidLocale
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
RaiseException
GetLastError
InitializeCriticalSectionEx
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
EncodePointer
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent

advapi32

RegGetValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
FreeSid
GetAclInformation
StartServiceW
QueryServiceConfigW
CreateWellKnownSid
ControlService
QueryServiceStatusEx
DeleteService
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
CreateProcessAsUserW
DuplicateTokenEx
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
RegCreateKeyTransactedW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumValueW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyExW
RegDeleteTreeW
RegCreateKeyExW
RegSetKeyValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW

shell32

ord526
SHLoadNonloadedIconOverlayIdentifiers
SHGetFolderPathAndSubDirW
SHGetFolderPathW
ShellExecuteExW
SHChangeNotify
SHGetKnownFolderPath
SHGetSpecialFolderPathW
CommandLineToArgvW
SHFileOperationW

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

SysAllocString
LoadRegTypeLi
GetRecordInfoFromTypeInfo
SysFreeString
LoadTypeLi

ktmw32

RollbackTransaction
CreateTransaction
CommitTransaction

psapi

GetModuleFileNameExW

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
RpcServerInqCallAttributesW
RpcServerUnregisterIf
RpcEpRegisterW
RpcEpUnregister
RpcBindingVectorFree
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW

shlwapi

SHGetValueW
PathFileExistsW
PathIsPrefixW
SHRegGetBoolUSValueW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetCanonicalizeUrlW

userenv

CreateEnvironmentBlock

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 416KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cd8c5cfdcec0841d06c1f219bac7509

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

oleaut32

ktmw32

psapi

rpcrt4

shlwapi

version

wininet

userenv

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 7KB - Virtual size: 11KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 416KB - Virtual size: 1012KB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 7KB - Virtual size: 11KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 416KB - Virtual size: 1012KB