c3c34a29d0ceaa3c10ba1ed03f163e65765aa812ca0b36b26350be7b9ffe3725

Sharing

Copy URL Twitter E-mail

General

Target

c3c34a29d0ceaa3c10ba1ed03f163e65765aa812ca0b36b26350be7b9ffe3725
Size

9.3MB
MD5

e3024b263936553b2bb472e3dac38342
SHA1

481579830f9704b9016d4134490c15d96238fd11
SHA256

c3c34a29d0ceaa3c10ba1ed03f163e65765aa812ca0b36b26350be7b9ffe3725
SHA512

c23a88f27e5a0c1cdef5f5932acc215d8ade4cabfde50b50ab59557d619d56510ae7c2eb624cfa52d86a56ae62573846dbfc26d71d355e9a2504eec7c7b0bc6d
SSDEEP

196608:PYIDRDCUv2LgM0ORaUVbHZiIM3OQpRMGqeDGZ2hStdG8/EVTOlRnBlhVX3xQ:PYIcUv4lRaUVsIKT3MG3aWSvR/EVTO3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3c34a29d0ceaa3c10ba1ed03f163e65765aa812ca0b36b26350be7b9ffe3725

Files

c3c34a29d0ceaa3c10ba1ed03f163e65765aa812ca0b36b26350be7b9ffe3725
.exe windows:5 windows x86

5ef5a53d8722699c05de49dc9e8bba54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
DeleteFileA
WriteFile
ReadFile
WaitForSingleObject
GetStartupInfoA
GetFileSize
GetStdHandle
GetTickCount
MoveFileA
GetExitCodeProcess
FreeLibrary
LoadLibraryA
LCMapStringA
PeekNamedPipe
CreateProcessA
CreatePipe
GetProcAddress
GetModuleHandleA
lstrcpyA
QueryDosDeviceA
GetLogicalDriveStringsA
RtlMoveMemory
lstrcpyn
SetWaitableTimer
CreateWaitableTimerA
OpenProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
CreateEventA
CreateFileA
OpenEventA
GetVersionExA
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery

user32

MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CallWindowProcA
IsWindowVisible
GetInputState
FindWindowExA
IsWindow
SendMessageA
MsgWaitForMultipleObjects
wvsprintfA
GetAncestor
EnumWindows
SendMessageTimeoutA
OpenIcon
IsIconic
SetWindowPos
GetClassNameA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
CharUpperBuffW

advapi32

RegEnumValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryInfoKeyA
RegDeleteValueA

shlwapi

PathFindExtensionA
PathFileExistsA
PathIsDirectoryA
PathFindFileNameA

psapi

GetProcessImageFileNameA
GetProcessMemoryInfo

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

msvcrt

sprintf
free
malloc
_CIpow
_atoi64
_ftol
__CxxFrameHandler
??3@YAXPAX@Z
atoi
strchr
realloc
modf
memmove
strncmp
_stricmp

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wk{
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.K[<
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.A@N
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 652B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5ef5a53d8722699c05de49dc9e8bba54

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

psapi

shell32

version

msvcrt

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 480KB - Virtual size: 480KB

.wk{ Size: 3.0MB - Virtual size: 3.0MB

.K[< Size: 4KB - Virtual size: 4KB

.A@N Size: 5.7MB - Virtual size: 5.7MB

.rsrc Size: 652B - Virtual size: 652B

.l1 Size: 8KB - Virtual size: 8KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 480KB - Virtual size: 480KB

.wk{
Size: 3.0MB - Virtual size: 3.0MB

.K[<
Size: 4KB - Virtual size: 4KB

.A@N
Size: 5.7MB - Virtual size: 5.7MB

.rsrc
Size: 652B - Virtual size: 652B

.l1
Size: 8KB - Virtual size: 8KB