b3d227110036651216e9ccd13be69777f37fe241386610b69c0eee983731e818

Sharing

Copy URL

Twitter E-mail

General

Target

b3d227110036651216e9ccd13be69777f37fe241386610b69c0eee983731e818
Size

660KB
MD5

49ae26707c819f37287da49deb57f5b7
SHA1

05501a26da74fd561758de8e8b50243bb6d6a89a
SHA256

b3d227110036651216e9ccd13be69777f37fe241386610b69c0eee983731e818
SHA512

ec355e6669c579f24a0f65921448920186e267478e4762e73e5a8bfdb672ada09ab3cea760b8fd7091d9d6d2b65d0e9fbc6d7f6f3b3fef471ed49a72d70fc8f0
SSDEEP

12288:27O1WJCmXtUW54IlRPMCD3mgqJ7zHN5FSuC7ro/g/J/vQ:27O1WJCrWOIlRPV3qJ7zDFt/g/J/4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3d227110036651216e9ccd13be69777f37fe241386610b69c0eee983731e818

Files

b3d227110036651216e9ccd13be69777f37fe241386610b69c0eee983731e818
.exe windows:5 windows x86

03aa33d8eb1280009db6cd955738e619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
lstrcatA
GetTickCount
GetConsoleMode
GetConsoleCP
HeapSize
CreateThread
ExitThread
HeapReAlloc
VirtualAlloc
GetStartupInfoA
GetDriveTypeA
GetFileInformationByHandle
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
GetCommandLineA
HeapAlloc
GetTempPathA
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
GetLastError
FreeLibrary
LocalAlloc
lstrlenA
FormatMessageA
FindClose
FindFirstFileA
CloseHandle
CreateFileA
SetFilePointer
ReadFile
SystemTimeToFileTime
lstrcpyA
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
SetFileTime
WriteFile
MulDiv
MultiByteToWideChar
LocalFree
GlobalUnlock
GlobalLock
HeapFree
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
RtlUnwind
ExitProcess
Sleep
SetErrorMode
FileTimeToLocalFileTime
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
InterlockedIncrement
GetModuleHandleW
FileTimeToSystemTime
GetModuleFileNameW
GetFullPathNameA
GetCurrentProcessId
WaitForSingleObject
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
FreeResource
GlobalFree
GlobalAlloc
DeleteFileA

user32

UnregisterClassA
GetSysColorBrush
DestroyMenu
LoadCursorA
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
ShowWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
EnableWindow
wsprintfA
LoadBitmapA
GetWindowRect
GetClientRect
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClipboardFormatA
GetDC
SendMessageA
UpdateWindow
LoadIconA
GetSysColor
IsWindowVisible
GetFocus
SetWindowLongA
GetWindowLongA
PostMessageA
GetParent
CopyRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
ModifyMenuA
ReleaseDC
GetDesktopWindow
GetMenuState
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetWindow
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
GetMenu
PtInRect
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
AdjustWindowRectEx
RegisterClassA
GetClassInfoA

gdi32

SetMapMode
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CryptReleaseContext
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptImportKey

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord200

ws2_32

ntohl
htonl
gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

crypt32

CertFreeCertificateContext

Sections

.text
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03aa33d8eb1280009db6cd955738e619

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

wldap32

ws2_32

crypt32

Sections

.text Size: 414KB - Virtual size: 414KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 148KB - Virtual size: 152KB

.text
Size: 414KB - Virtual size: 414KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 148KB - Virtual size: 152KB