3301dc354fee55efeb8403f1b262259d615c04a9526d229ad8c49fc16a928196

Sharing

Copy URL Twitter E-mail

General

Target

3301dc354fee55efeb8403f1b262259d615c04a9526d229ad8c49fc16a928196
Size

98KB
MD5

5dbcb326e5ee077e0919f0661a20062d
SHA1

b19ac61c6f91c0d0a06c6c7c011f906ac5707d38
SHA256

3301dc354fee55efeb8403f1b262259d615c04a9526d229ad8c49fc16a928196
SHA512

7a63ac63cee344dab5e1cf9abe7edf76154b08669ccf310eb0428c8a4d0b3e799306b0965df4b2514428dfac37b34333445a4c45d4864a12ce1935bbc4e19f7b
SSDEEP

3072:7OoA2sJtphFuogY4KVbjTM+i0wzIBWkYr3:Bs3Bf3vBRK3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3301dc354fee55efeb8403f1b262259d615c04a9526d229ad8c49fc16a928196

Files

3301dc354fee55efeb8403f1b262259d615c04a9526d229ad8c49fc16a928196
.exe windows:5 windows x86

4f432c52d4611ae7a924fb59b503df04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CheckTokenMembership
FreeSid
RegSetValueExW
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyExW

user32

CharUpperW
MessageBoxW
wsprintfA
wsprintfW

urlmon

URLDownloadToFileW

shlwapi

PathFileExistsW

psapi

GetModuleFileNameExW

shell32

ShellExecuteExW

ws2_32

connect
gethostbyname
socket
WSAStartup
htons
closesocket

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo

ole32

CoInitializeEx
CoUninitialize

kernel32

DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
GetFileType
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
CreateDirectoryW
GetCurrentProcess
lstrlenW
ExpandEnvironmentStringsW
TerminateProcess
lstrlenA
WaitForSingleObject
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
lstrcatW
Process32FirstW
CloseHandle
GetSystemInfo
GetCurrentDirectoryW
GetCurrentProcessId
GlobalMemoryStatusEx
CreateProcessW
CreateProcessA
lstrcmpW
IsDebuggerPresent
CheckRemoteDebuggerPresent
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
CreateFileW
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f432c52d4611ae7a924fb59b503df04

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

urlmon

shlwapi

psapi

shell32

ws2_32

setupapi

ole32

kernel32

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB