34f184f268557d6fbc9ea5ffa83ff6824d80296959e6d13a7c39217bdb05804c

Sharing

Copy URL Twitter E-mail

General

Target

34f184f268557d6fbc9ea5ffa83ff6824d80296959e6d13a7c39217bdb05804c
Size

1.6MB
MD5

37854c3082776aea3902fe6b1e87b4b7
SHA1

19290374e83248852517500ccf3109ee62fff80e
SHA256

34f184f268557d6fbc9ea5ffa83ff6824d80296959e6d13a7c39217bdb05804c
SHA512

7b6036456cb115fed3e79440ffeada25bc21b3f200c7ca75703706026b0e360eff380818c119422d57eeeb9b96af3c113e1d01a357da2196bbeabc5da4305751
SSDEEP

49152:dw/UwGucDmWC6qR9FRXXiefuN6MopKI7F/f:dvwGuc5EXSefxMo4I7Nf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34f184f268557d6fbc9ea5ffa83ff6824d80296959e6d13a7c39217bdb05804c

Files

34f184f268557d6fbc9ea5ffa83ff6824d80296959e6d13a7c39217bdb05804c
.exe windows x86

c811c28b3eafdf7e27f9827a0d48db3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleFileNameExW

kernel32

MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
SetFileTime
WriteFile
FileTimeToSystemTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
GetLocalTime
UnmapViewOfFile
GetTickCount
FindClose
GetLastError
FindFirstFileW
FindNextFileW
DeleteFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
GetTempPathW
LocalFree
GetFileAttributesExW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GetSystemDirectoryW
RemoveDirectoryW
SetEvent
GetSystemInfo
MoveFileExW
GetModuleFileNameW
CreateEventW
CreateThread
Sleep
WaitForSingleObject
GetModuleFileNameA
GetExitCodeProcess
CreateProcessW
GetCurrentProcess
SetFileAttributesW
GetTempFileNameW
FreeResource
CreateMutexW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
GetWindowsDirectoryW
GetSystemTime
HeapFree
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
LocalFileTimeToFileTime
CompareFileTime
SetEndOfFile
MoveFileW
GetShortPathNameW
GetFullPathNameW
SearchPathW
GetStdHandle
FindCloseChangeNotification
FindFirstChangeNotificationW
lstrcmpiA
CreateFileA
DeviceIoControl
OutputDebugStringW
lstrcmpA
VerSetConditionMask
VerifyVersionInfoW
lstrcmpW
CreateProcessA
LocalAlloc
GetModuleHandleA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetCurrentProcessId
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileW
SetFilePointer
LoadLibraryW
FreeLibrary
lstrlenW
GetModuleHandleW
HeapReAlloc
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
HeapCreate
GetLocaleInfoW
IsProcessorFeaturePresent
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
CompareStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
ExitThread
GetFileAttributesA
RtlUnwind
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedExchange
InterlockedCompareExchange
RaiseException
GetVersionExW
lstrlenA
ExpandEnvironmentStringsW
GetStringTypeW
HeapSize
HeapDestroy

user32

GetDesktopWindow
ShowWindow
IsWindow
UpdateWindow
InvalidateRect
SendMessageW
DestroyWindow
PostMessageW
SetWindowLongW
GetWindowLongW
DrawMenuBar
RemoveMenu
DefWindowProcW
CharNextW
EnumDisplayDevicesW
FindWindowW
SetActiveWindow
SetForegroundWindow
PostQuitMessage
MessageBoxW
GetSystemMenu
wsprintfW

advapi32

RegQueryValueExA
RegEnumKeyExA
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyW
GetUserNameW
RegSetValueExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
ord165
CommandLineToArgvW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocStringByteLen
VariantCopy
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

wnsprintfW
PathFileExistsW
PathCombineW
PathAppendW
PathIsRootW
StrStrIW
StrCmpIW
StrChrW
PathIsPrefixW
StrToIntExW
SHGetValueA
SHSetValueA
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios
NetScheduleJobAdd

secur32

GetUserNameExW

setupapi

SetupIterateCabinetW

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c811c28b3eafdf7e27f9827a0d48db3c

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

version

netapi32

secur32

setupapi

wininet

urlmon

Sections

.text Size: 482KB - Virtual size: 482KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 9KB - Virtual size: 32KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 482KB - Virtual size: 482KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 9KB - Virtual size: 32KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 31KB - Virtual size: 31KB