b3d251b6b52a64dd8c38a858e8f3e53fef8adc418afd5e8b1f7fb849be4b99b8

Sharing

Copy URL Twitter E-mail

General

Target

b3d251b6b52a64dd8c38a858e8f3e53fef8adc418afd5e8b1f7fb849be4b99b8
Size

1.7MB
MD5

f68a8b8e606223806d04286ac916da5b
SHA1

d6744dd52a6d93bc76e23e57ae7a130c3bae89cd
SHA256

b3d251b6b52a64dd8c38a858e8f3e53fef8adc418afd5e8b1f7fb849be4b99b8
SHA512

d3464bc5a48dc65310d7d5b9dc39d4b7217dcb5b3399e2013af15d01444cddba412b79ee12d926990c934ec389b87207d6339e11d61a9db752a557e2b9d1c6e4
SSDEEP

49152:ty68XRadJQl267gI8BXv8Ughsipl0P1Dmg27RnWGj:tyX068BXvKqip6tD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3d251b6b52a64dd8c38a858e8f3e53fef8adc418afd5e8b1f7fb849be4b99b8

Files

b3d251b6b52a64dd8c38a858e8f3e53fef8adc418afd5e8b1f7fb849be4b99b8
.exe windows:5 windows x86

f3d894e1b7f2c68d12813578c98993a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
DeleteFileW
FindNextFileW
lstrcmpiW
RemoveDirectoryW
FindClose
FindFirstFileW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
Process32FirstW
GetProcAddress
lstrlenW
MultiByteToWideChar
CreateFileW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
CreateThread
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
HeapSize
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetProcessHeap
MulDiv
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetFileSize
GlobalAlloc
LocalFree
FormatMessageW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
lstrcpynW
GetLocalTime
WideCharToMultiByte
WriteFile
GetModuleHandleW
CreateDirectoryW
GetCurrentProcess
FindResourceExW
ReleaseMutex
GetLastError
CreateMutexW
GetCommandLineW
LockResource
SizeofResource
LoadResource
FindResourceW
FreeResource
CloseHandle
GetTempPathW
GetModuleFileNameW
TerminateProcess
OpenProcess
WaitForSingleObject
ReadFile
CreateProcessW

user32

GetDC
GetCursorPos
DestroyWindow
GetFocus
MapWindowPoints
GetSysColor
IntersectRect
IsWindowVisible
IsRectEmpty
GetUpdateRect
EndPaint
BeginPaint
GetActiveWindow
IsWindowEnabled
FillRect
CharPrevW
SetRect
DrawTextW
GetWindowRgn
UpdateLayeredWindow
MoveWindow
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretBlinkTime
UpdateWindow
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
SetWindowTextW
SetForegroundWindow
DrawTextA
wsprintfA
InvalidateRgn
GetGUIThreadInfo
ReleaseDC
GetWindowTextW
GetWindowTextLengthW
EqualRect
CharNextW
SetCursor
UnionRect
InflateRect
OffsetRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
LoadCursorW
SetPropW
GetPropW
GetWindowLongW
CallWindowProcW
GetSystemMetrics
LoadImageW
SendMessageW
GetWindowRect
GetParent
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
GetWindow
EnableWindow
GetMessageW
SetFocus
TranslateMessage
DispatchMessageW
IsWindow
SetWindowLongW
DefWindowProcW
GetClientRect
RegisterClassW
PostMessageW
PostQuitMessage
ScreenToClient
ShowWindow
wsprintfW
ReleaseCapture
SetCapture
SetTimer
KillTimer
InvalidateRect
GetKeyState
MessageBoxW
SetWindowRgn
IsZoomed
IsIconic
CreateAcceleratorTableW
PtInRect

advapi32

RegSetValueW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

DragQueryFileW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
CommandLineToArgvW
ShellExecuteW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
DoDragDrop
OleDuplicateData
OleLockRunning
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
CreateStreamOnHGlobal

shlwapi

SHDeleteKeyW
PathIsDirectoryEmptyW
PathFileExistsW

wininet

InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetOpenW

ws2_32

gethostbyname
WSAStartup
gethostname

gdi32

SaveDC
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
StretchBlt
CreateDIBSection
SetStretchBltMode
CreateCompatibleBitmap
CreateSolidBrush
LineTo
MoveToEx
CreatePenIndirect
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
BitBlt
SetTextColor
SetBkMode
GetObjectA
GdiFlush
PtInRegion
CreateRectRgn
GetBitmapBits
SetBitmapBits
GetTextExtentPointA
CreatePatternBrush
CreateRoundRectRgn
GetTextMetricsW
SelectObject
PlayEnhMetaFile
DeleteDC
GetStockObject
RestoreDC
Rectangle
CreateEnhMetaFileW
CloseEnhMetaFile
SetWindowOrgEx
RemoveFontMemResourceEx
AddFontMemResourceEx
CreatePen
CreateDIBitmap
GetEnhMetaFileHeader
GetDeviceCaps
CreateCompatibleDC
SetBkColor
DeleteObject
CreateFontIndirectW
GetObjectW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetPropertyItem
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipDeleteFont
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCreateSolidFill
GdipSetPenMode
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipAddPathLine
ord1
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipCloneImage
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1000KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3d894e1b7f2c68d12813578c98993a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

wininet

ws2_32

gdi32

oleaut32

comctl32

gdiplus

imm32

Sections

.text Size: 556KB - Virtual size: 555KB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 11KB - Virtual size: 34KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 1000KB - Virtual size: 1004KB

.text
Size: 556KB - Virtual size: 555KB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 11KB - Virtual size: 34KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 1000KB - Virtual size: 1004KB