36bcaa8b1f075cc3821d5d603270b36eccd5ae9427cd494cd96d79a8d52e456a

Sharing

Copy URL Twitter E-mail

General

Target

36bcaa8b1f075cc3821d5d603270b36eccd5ae9427cd494cd96d79a8d52e456a
Size

351KB
MD5

e227aa7611401ec51acefe82fc5869ad
SHA1

f1851d689e14486d3e8502915640e2ab99f2456a
SHA256

36bcaa8b1f075cc3821d5d603270b36eccd5ae9427cd494cd96d79a8d52e456a
SHA512

0efb9ae7d13cb9d0cfb8eeb0caab8c6586ce41b6e8a28b02eabad76ae85dc35cee7f8bed172e83587874a3804ce74df772f1e6aa451eeefd113ec7fed46e8275
SSDEEP

6144:M4prT1X37os8QcK1LwX8bWUkNyt15lW1XNzGJuR:7pn1X33cK1LwX8DkQt14JxR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36bcaa8b1f075cc3821d5d603270b36eccd5ae9427cd494cd96d79a8d52e456a

Files

36bcaa8b1f075cc3821d5d603270b36eccd5ae9427cd494cd96d79a8d52e456a
.exe windows:5 windows x86

e78d5fa43dbbfe75ae304cb24cf1208e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumDateFormatsA
GetModuleHandleA
FillConsoleOutputAttribute
CreateToolhelp32Snapshot
CloseHandle
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
lstrcpyA
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
ReadFile
GetStringTypeW
GetStringTypeA
SetFilePointer
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetConsoleScreenBufferInfo
GetProcessWorkingSetSize
LoadLibraryA
GetProcAddress
GetLastError
GetStdHandle
Module32First
GlobalUnlock
ExitThread
lstrcatA
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetConsoleCursorPosition
GlobalAlloc
GetPriorityClass
GlobalLock
Process32First
InterlockedDecrement
lstrlenA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
WriteFile
Sleep
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
GetFileSize
ExitProcess
CreateFileA
FillConsoleOutputCharacterA
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
RtlUnwind
RaiseException
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA

user32

LoadIconA
CopyRect
ValidateRect
DrawFrameControl
LoadCursorA
GetSystemMetrics
GetSysColorBrush
CreatePopupMenu
EndDialog
GetDlgItem
ReleaseDC
CreateWindowExA
GetWindowLongA
SetWindowLongA
SetRect
ScreenToClient
GetWindowRect
InsertMenuItemA
RegisterClassExA
SendDlgItemMessageA
FillRect
DrawTextA
GetFocus
wsprintfA
GetClientRect
SendMessageA
GetDC

gdi32

GetDeviceCaps
SetBkColor
ExcludeClipRect
SetBkMode
SelectObject
SelectClipRgn
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteDC

ole32

CreateStreamOnHGlobal

oleaut32

SysFreeString
OleSavePictureFile
VariantChangeType
SysAllocString
VariantClear
VariantCopy
OleLoadPicture
VariantInit

odbc32

ord24

crypt32

CertFreeCertificateContext

comctl32

ImageList_Draw

wintrust

CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle

gdiplus

GdiplusStartup

traffic

TcEnumerateInterfaces

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dedata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dosa
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e78d5fa43dbbfe75ae304cb24cf1208e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

odbc32

crypt32

comctl32

wintrust

gdiplus

traffic

Sections

.text Size: 241KB - Virtual size: 240KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 5KB - Virtual size: 12KB

.dedata Size: 2KB - Virtual size: 2KB

.dosa Size: 6KB - Virtual size: 6KB

.rsrc Size: 31KB - Virtual size: 31KB

.text
Size: 241KB - Virtual size: 240KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 5KB - Virtual size: 12KB

.dedata
Size: 2KB - Virtual size: 2KB

.dosa
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 31KB - Virtual size: 31KB