3542f9fe5e390665d0a4dd4ee99c7ac8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3542f9fe5e390665d0a4dd4ee99c7ac8.exe
Size

243KB
MD5

3542f9fe5e390665d0a4dd4ee99c7ac8
SHA1

2b36de8442838a880a7a26718d7c0b630008f9b0
SHA256

ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167
SHA512

212fc94c2a717d43c82cff27f488d4adcfb82106746791756d9579a5c6c5bff32777f428b5df228d352395f74599c2d95185918b9f381483e7a62202d16b8382
SSDEEP

6144:aqkvUK8JRGHAoBWxiEEiEEsfByAwZZS4onQFiy:atB8JRwAogXIB7GjFiy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3542f9fe5e390665d0a4dd4ee99c7ac8.exe

Files

3542f9fe5e390665d0a4dd4ee99c7ac8.exe
.exe windows x64

34acfe0533294630226770461e825770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
TraceMessage
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW

kernel32

EnterCriticalSection
LeaveCriticalSection
FreeLibrary
lstrlenW
GetLastError
GetProcAddress
LoadLibraryW
GetModuleHandleW
DeleteCriticalSection
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSection
CreateTimerQueue
VirtualProtect
GetSystemWindowsDirectoryW
Sleep
lstrcmpiW
FlushInstructionCache
TlsFree
TlsAlloc
SystemTimeToFileTime
GetSystemTime
LocalFree
GetCurrentProcess
LocalAlloc
ReadFile
GetFileSize
SetFilePointer
WriteFile
GetFileAttributesW
CreateFileW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
GetStartupInfoW
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
WideCharToMultiByte
GetVersionExA
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
GetCurrentThreadId
GetCurrentProcessId
SearchPathW
CreateEventW
CreateThread
TerminateThread
WaitForSingleObject
CloseHandle
WaitForMultipleObjects
SetLastError
GetCommandLineW

user32

CreateWindowExW
DispatchMessageW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
CharUpperW
SetWindowLongPtrW
GetMessageW
DefWindowProcW
DestroyMenu
InsertMenuItemW
CreatePopupMenu
LoadStringW
PostThreadMessageW
SendMessageW
AllowSetForegroundWindow
TranslateMessage
UnregisterClassW
UnregisterClassA
LoadIconW
GetMenuItemCount
GetMenuItemInfoW
RemoveMenu
EndMenu
PostQuitMessage
EnableMenuItem
GetCursorPos
SetForegroundWindow
TrackPopupMenuEx
GetWindowLongPtrW
CallWindowProcW
CharNextW

msvcrt

__wgetmainargs
_commode
memset
_wcslwr
_errno
__CxxFrameHandler
_vsnwprintf
calloc
_purecall
_resetstkoflw
_wcsicmp
??2@YAPEAX_K@Z
??_U@YAPEAX_K@Z
free
malloc
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_fmode
__set_app_type
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
realloc
_unlock
__dllonexit
_XcptFilter
_onexit
memcpy
memmove
_CxxThrowException
mbtowc
__mb_cur_max
isleadbyte
_exit
towlower
_wtol
toupper
_cexit
exit
_wcmdln
_initterm
_amsg_exit
_lock
__setusermatherr
_iob
_snprintf
_itoa
ferror
memcmp
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
__C_specific_handler

ole32

CoSuspendClassObjects
CoRegisterClassObject
StringFromGUID2
CoResumeClassObjects
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoRevokeClassObject

oleaut32

SafeArrayRedim
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
LoadTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
VarBstrCmp
SysStringLen
SysStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
LoadRegTypeLi

shell32

ShellExecuteW
Shell_NotifyIconW

crypt32

CryptBinaryToStringW
CryptMsgClose
CertOpenStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertVerifyCertificateChainPolicy
CertCloseStore
CryptVerifyDetachedMessageSignature
CryptSignMessage
CertGetCertificateContextProperty
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CryptDecodeObject
CryptProtectData
CryptStringToBinaryW
CertGetEnhancedKeyUsage
CertFindExtension
CertGetCertificateChain

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34acfe0533294630226770461e825770

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

shell32

crypt32

Sections

.text Size: 145KB - Virtual size: 144KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 87KB - Virtual size: 87KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 145KB - Virtual size: 144KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 87KB - Virtual size: 87KB

.reloc
Size: 2KB - Virtual size: 1KB