396853F6F69A82802192634FD00E48C1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

396853F6F69A82802192634FD00E48C1.exe
Size

37.3MB
MD5

396853f6f69a82802192634fd00e48c1
SHA1

f38888470301f7ad964f21c9215c537809a870db
SHA256

3f207bf2839a10b8c06dd6ff344a06f77bfb6ee3461460036fb10ef0de11a3f4
SHA512

1b5a30a86952bdc9ae19e7797b957d5978c209656d679c0d20fb88085da3b8d9900553b24a6801e009acfc949d2c37e9999ab1dcbcb2a71c51788e9f340cbe9c
SSDEEP

786432:XTcyAAsE4qBiQW9teOV2kjEG7t/5z7EP9s6m+I:Dt9sE4q0e+29G597ysh7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
396853F6F69A82802192634FD00E48C1.exe

Files

396853F6F69A82802192634FD00E48C1.exe
.exe windows x86

f766d6303bef9090ec37eb9a902788f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
lstrcpyA
WideCharToMultiByte
lstrlenA
lstrcatA
MultiByteToWideChar
FindFirstFileA
GetModuleFileNameA
lstrcmpiA
GetModuleHandleA
FindNextFileA
FindClose
FindResourceA
GetFileAttributesA
RemoveDirectoryA
SetFileAttributesA
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceExA
Sleep
WinExec
CloseHandle
InterlockedExchange
SetEndOfFile
GetStringTypeW
GetStringTypeA
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
WaitForSingleObject
OpenProcess
GetVersionExA
CreateFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryA
ReadFile
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
VirtualAlloc
GetProcAddress
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
HeapCreate
VirtualFree
FreeEnvironmentStringsA

user32

LoadStringA
LoadIconA
LoadCursorA
SetWindowPos
MessageBoxA
GetWindowThreadProcessId
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
DestroyWindow
RegisterClassExA
UnregisterClassA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
SysAllocStringLen

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f766d6303bef9090ec37eb9a902788f2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 32KB - Virtual size: 30KB