3aac4ef006e22854f893180fab7c4f07b07346849efd87169ef6d1e24208bbc6

Sharing

Copy URL Twitter E-mail

General

Target

3aac4ef006e22854f893180fab7c4f07b07346849efd87169ef6d1e24208bbc6
Size

149KB
MD5

ed1fa891f5d44b307daf70cbee692ba4
SHA1

1b4df28db0834874b21f77cebebc40e3ddbd19c2
SHA256

3aac4ef006e22854f893180fab7c4f07b07346849efd87169ef6d1e24208bbc6
SHA512

b73cec6b79aa3e953e63d0b305d96ded5b49d677abb0fb306f0af53db7979961bb28247f1f6eb2e6ef1a634c87576bb903d0dd176ec43a3c4f276f33b525d3cf
SSDEEP

3072:XcDhDDeZdOh/atrATAgU+saD7O8EuJHXLFyd:XSR0dOh/atrEJU3uJHbA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aac4ef006e22854f893180fab7c4f07b07346849efd87169ef6d1e24208bbc6

Files

3aac4ef006e22854f893180fab7c4f07b07346849efd87169ef6d1e24208bbc6
.exe windows x86

030885450982d51291b02eee8d036a4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNIA

kernel32

ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
ReadFile
EnumTimeFormatsW
VirtualAlloc
SetCommMask
lstrcpy
LoadLibraryExA
FileTimeToDosDateTime
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CloseHandle
GetModuleHandleW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
InitOnceExecuteOnce
GetFileType
GetProcessHeap
GetCurrentThreadId
SetLastError
IsDebuggerPresent
HeapSize
GetProcAddress
GlobalAlloc
Beep
CreateFileW
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
WideCharToMultiByte
GetLocaleInfoEx
MultiByteToWideChar
GetStringTypeW
RaiseException
RtlUnwind
GetCommandLineW
GetLastError
HeapFree
InitializeCriticalSectionAndSpinCount
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW

mswsock

GetTypeByNameW
NPLoadNameSpaces
rexec
GetAcceptExSockaddrs
GetNameByTypeW
MigrateWinsockConfiguration
WSARecvEx

winspool.drv

GetPrinterDriverDirectoryA
OpenPrinterW
GetPrinterDriverW
EnumPrinterDataExA
ord210
AddPrinterConnectionW
StartDocPrinterW

wininet

GopherGetLocatorTypeW
InternetCrackUrlA
InternetCheckConnectionW
FtpRenameFileW
GetUrlCacheEntryInfoExA

gdi32

ResetDCA
GetCharWidthA
SetWindowOrgEx
ExtEscape
SetColorAdjustment
GdiPlayDCScript

shell32

SHQueryRecycleBinA
ExtractIconEx
SHGetSettings
ShellHookProc

resutils

ResUtilGetPropertySize
ResUtilGetProperties
ClusWorkerTerminate
ResUtilDupString
ResUtilSetMultiSzValue
ResUtilEnumPrivateProperties
ResUtilPropertyListFromParameterBlock
ResUtilFindDwordProperty

mpr

MultinetGetConnectionPerformanceW
WNetGetLastErrorA
WNetGetNetworkInformationA
WNetCancelConnection2A
WNetAddConnection2A
WNetConnectionDialog1W
WNetGetNetworkInformationW

rpcrt4

NdrConformantVaryingArrayBufferSize
I_RpcTransConnectionReallocPacket
RpcServerListen
RpcIfInqId
NdrEncapsulatedUnionFree
RpcServerUseProtseqIfW

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

030885450982d51291b02eee8d036a4e

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

mswsock

winspool.drv

wininet

gdi32

shell32

resutils

mpr

rpcrt4

advapi32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 14KB - Virtual size: 13KB