3dd2199e5196d7352e81b2923db413623633683c1348092de4e50a43f94c4395

Sharing

Copy URL

Twitter E-mail

General

Target

3dd2199e5196d7352e81b2923db413623633683c1348092de4e50a43f94c4395
Size

1.9MB
MD5

29594b7fe377bd964e5b7efad503f3c4
SHA1

322220d8e59483bdd4a30d1132230c4edab4652c
SHA256

3dd2199e5196d7352e81b2923db413623633683c1348092de4e50a43f94c4395
SHA512

0812279c48833562db49faa09a1fab8bb60f0dac358bbe874f659e803b3b7de830afba0bdaca85ff67a0d196d81f71966a7c4233de12e1fc09feb6be31e292ce
SSDEEP

24576:+1thUSJEZ+7QWUDoOoWq0f55cJpXgtH+aNGy:gwB0BUMOHqK5G91a/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dd2199e5196d7352e81b2923db413623633683c1348092de4e50a43f94c4395

Files

3dd2199e5196d7352e81b2923db413623633683c1348092de4e50a43f94c4395
.exe windows:6 windows x86

ff30b8dbfee95efa479b23e68091e63e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
GetProcessTimes
GetCurrentProcess
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
GetVolumeInformationA
GetDriveTypeA
VirtualAlloc
VirtualFree
CreateThread
SetLastError
FormatMessageA
ReadFile
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
HeapReAlloc
AreFileApisANSI
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
GetModuleHandleExW
CreateFileW
GetFileType
GetModuleHandleW
FileTimeToLocalFileTime
FindFirstFileExW
GetDriveTypeW
FileTimeToSystemTime
MoveFileExW
GetFileAttributesExW
DeleteFileW
RtlUnwind
DuplicateHandle
CreateProcessA
FindFirstFileExA
SystemTimeToTzSpecificLocalTime
ExitThread
ResumeThread
WriteFile
GetConsoleCP
GetConsoleMode
ReadConsoleW
InterlockedExchange
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetFilePointerEx
GetStdHandle
DeleteCriticalSection
GetStartupInfoW
FatalAppExitA
GetProcessHeap
GetModuleFileNameW
GetLocalTime
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
InterlockedIncrement
GetCurrentThread
GetCurrentThreadId
CreateDirectoryW
IsValidCodePage
GetACP
GetOEMCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
LoadLibraryExW
SetConsoleCtrlHandler
SetStdHandle
SetEndOfFile
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
CreatePipe
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
GetStringTypeW
RaiseException
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetFullPathNameA
GetModuleHandleA
GetTickCount
SetEvent
CreateEventA
ResetEvent
WaitForSingleObject
GetCurrentProcessId
CreateMutexA
GetLastError
ReleaseMutex
SetFileTime
LocalFileTimeToFileTime
UnlockFileEx
LockFileEx
lstrcmpA
SetConsoleTitleA
DeleteFileA
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
SearchPathA
GetFileSize
DeviceIoControl
LocalFree
LocalAlloc
CreateFileA
SystemTimeToFileTime
CloseHandle
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryA
GetEnvironmentStrings
lstrlenA
FreeEnvironmentStringsA
SetHandleInformation
SetErrorMode
Sleep
GetVersion
GetSystemDirectoryA
GetVersionExA
MoveFileExA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
UnhandledExceptionFilter
GetSystemTime
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetDlgItemTextA
GetDlgItemTextW
GetDlgItemTextA
EndDialog
GetParent
GetFocus
SetFocus
SetWindowTextA
ShowWindow
MoveWindow
MessageBeep
GetClientRect
GetSystemMetrics
wsprintfA
CreateDialogIndirectParamA
DialogBoxIndirectParamA
GetDlgItem
GetWindowRect
EnableWindow
GetActiveWindow
ScreenToClient
SendMessageA
MessageBoxA
GetWindowLongA

netapi32

Netbios

advapi32

RegQueryValueExW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
GetUserNameW
GetUserNameA
RegSetValueExW
RegSetValueExA
InitializeSecurityDescriptor
RegCreateKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegEnumValueA
RegDeleteValueA
RegQueryValueExA

comdlg32

GetOpenFileNameA

comctl32

ord17

wsock32

WSAGetLastError
ioctlsocket
getservbyport
ntohs
inet_addr
shutdown
accept
bind
WSASetLastError
getservbyname
htonl
listen
recvfrom
gethostbyname
getsockopt
setsockopt
inet_ntoa
send
recv
closesocket
getprotobyname
socket
connect
select
__WSAFDIsSet
getsockname
WSAStartup
WSACleanup
sendto
gethostbyaddr
gethostname
htons
ntohl

rpcrt4

UuidCreate

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
SysStringLen
VariantClear

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringA
CryptDecodeObject

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: - Virtual size: 908KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SSQ0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SSQ1
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff30b8dbfee95efa479b23e68091e63e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

netapi32

advapi32

comdlg32

comctl32

wsock32

rpcrt4

oleaut32

ole32

wintrust

crypt32

Sections

.text Size: - Virtual size: 1.0MB

.textidx Size: - Virtual size: 908KB

CONST Size: - Virtual size: 80B

.rdata Size: - Virtual size: 64KB

.data Size: - Virtual size: 525KB

.fnp_dir Size: - Virtual size: 100B

.fnp_mar Size: - Virtual size: 1B

.SSQ0 Size: - Virtual size: 10KB

.SSQ1 Size: 853KB - Virtual size: 852KB

.reloc Size: 512B - Virtual size: 180B

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: - Virtual size: 1.0MB

.textidx
Size: - Virtual size: 908KB

CONST
Size: - Virtual size: 80B

.rdata
Size: - Virtual size: 64KB

.data
Size: - Virtual size: 525KB

.fnp_dir
Size: - Virtual size: 100B

.fnp_mar
Size: - Virtual size: 1B

.SSQ0
Size: - Virtual size: 10KB

.SSQ1
Size: 853KB - Virtual size: 852KB

.reloc
Size: 512B - Virtual size: 180B

.rsrc
Size: 1024B - Virtual size: 4KB