3d288a9fc665b11e0e5a4545946270485218637f4fa9238311bc77ea1da4c2c4

Sharing

Copy URL

Twitter E-mail

General

Target

3d288a9fc665b11e0e5a4545946270485218637f4fa9238311bc77ea1da4c2c4
Size

1.0MB
MD5

3172737a1ac1122527f6f418e3f445a7
SHA1

2bcf0077b80f352dcedf0deb2acc77182a9410ac
SHA256

3d288a9fc665b11e0e5a4545946270485218637f4fa9238311bc77ea1da4c2c4
SHA512

9b4ae8f7eb93c0cab1f6f52b798efd6a0322c728ef591e21bbfd243034dabd2dcef42982b51c32c2efb6a24910107e5226c5e00ef3861e873db03f56c31da3fd
SSDEEP

24576:PzrToTL5x3KTaxK1OCnj8ecaHkcSsM9GOuCJax:Pzr+P3KugkTD9/Zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d288a9fc665b11e0e5a4545946270485218637f4fa9238311bc77ea1da4c2c4

Files

3d288a9fc665b11e0e5a4545946270485218637f4fa9238311bc77ea1da4c2c4
.exe windows:4 windows x86

ac6b43c67f68dfcdda44bfa39cadd7b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GetLocalTime
FindClose
GetCurrentThreadId
LocalFree
InitializeCriticalSection
lstrcmpiW
CreateMutexW
InterlockedIncrement
Sleep
RaiseException
InterlockedDecrement
LoadLibraryExW
OpenEventW
GetDiskFreeSpaceExW
SetEvent
DeleteFileW
MoveFileExW
FindNextFileW
RemoveDirectoryW
WriteFile
GetFileSize
SetFilePointer
WaitForMultipleObjects
GetModuleFileNameA
GetFileAttributesW
CreateDirectoryW
SystemTimeToFileTime
TerminateProcess
CreateEventW
LocalFileTimeToFileTime
SetFileTime
WaitForSingleObject
GetWindowsDirectoryW
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetConsoleMode
GetPrivateProfileIntW
ReadFile
CreateFileW
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
FindResourceExW
LoadResource
LockResource
Process32NextW
SizeofResource
CloseHandle
FindResourceW
LoadLibraryW
GetLastError
GetProcAddress
SetLastError
FreeLibrary
ProcessIdToSessionId
ReadConsoleInputA
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
GetModuleHandleW
FindFirstFileW
EnterCriticalSection
DeleteCriticalSection
GetPrivateProfileStringW
GetTickCount
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentDirectoryW
GetModuleFileNameW
LoadLibraryA
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
FlushFileBuffers
GetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetStartupInfoW
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
ExitProcess
HeapCreate
VirtualFree
VirtualAlloc
GetConsoleCP
GetConsoleMode

user32

CharNextW
DefWindowProcW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
DestroyWindow

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RevertToSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
ImpersonateLoggedOnUser
RegOpenCurrentUser

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathAppendW
PathRemoveBackslashW
PathAddBackslashW
PathFileExistsW
PathFindFileNameW
StrToIntW
SHGetValueW
PathFindExtensionW

comctl32

InitCommonControlsEx

ws2_32

freeaddrinfo
getaddrinfo
socket
connect
setsockopt
getpeername
getsockopt
closesocket
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
__WSAFDIsSet
select
ioctlsocket
WSAStartup
WSASetLastError
WSACleanup

psapi

GetModuleFileNameExW

Sections

.text
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac6b43c67f68dfcdda44bfa39cadd7b4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

Sections

.text Size: 752KB - Virtual size: 751KB

.rdata Size: 216KB - Virtual size: 212KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 752KB - Virtual size: 751KB

.rdata
Size: 216KB - Virtual size: 212KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 72KB - Virtual size: 72KB