37bd209f43151d4efa18fad97847152a735c54f4446d71598c34517725ba90fb

Sharing

Copy URL Twitter E-mail

General

Target

37bd209f43151d4efa18fad97847152a735c54f4446d71598c34517725ba90fb
Size

368KB
MD5

2def8b31b43caa4c3b70312440d21a1b
SHA1

9de57a482cd5e1b834175c26b155a771ad0a17f8
SHA256

37bd209f43151d4efa18fad97847152a735c54f4446d71598c34517725ba90fb
SHA512

f42ad1157f42e234e3e85b818ed2385e9b5497f3642cd76e778316db596dae25bf8ea01998ae391cf53d8c9ba8218c1032d3f2a98725abbb1ccd6cd5784b9f6c
SSDEEP

6144:P3KPigt9YY1PTERHMlOK7vGU3ZXUKtf1uFyC5UN:P3Kai19TERQ/dUkuFyV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37bd209f43151d4efa18fad97847152a735c54f4446d71598c34517725ba90fb

Files

37bd209f43151d4efa18fad97847152a735c54f4446d71598c34517725ba90fb
.exe windows:6 windows x86

d779c6a09d78a7916c727a92319cd196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCpyNW

kernel32

GetCommandLineW
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
CreateMutexW
GlobalMemoryStatusEx
CreateThread
ExitThread
GetLocalTime
VirtualAlloc
VirtualFree
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
SetEndOfFile
WriteConsoleW
Sleep
TlsSetValue
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
DecodePointer
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
HeapFree
HeapAlloc
GetCurrentThread
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetTempPathW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
CreateFileW
ReadFile
ReadConsoleW

advapi32

RegCloseKey
RegOpenKeyExW

shell32

CommandLineToArgvW

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d779c6a09d78a7916c727a92319cd196

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

Sections

.text Size: 317KB - Virtual size: 316KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 3KB - Virtual size: 21KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 317KB - Virtual size: 316KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB