36825aa069a0c406f432d42ce990e114

Sharing

Copy URL Twitter E-mail

General

Target

36825aa069a0c406f432d42ce990e114
Size

1.9MB
MD5

36825aa069a0c406f432d42ce990e114
SHA1

7b28e3067ec3271715e8f35cfb8ee5ff8038b6fc
SHA256

2cc2935122134a19dc529c69447af7168bc1fee91072da26ee8689756bf8dce2
SHA512

27f29a267dd6cfe3c52b1eb8a10c9146a7df1294cf220d01c6f6cc027590a8f87f9b4a3201d91a744a454ce706089ff6b1380bfb765ef7eb45636d03e745179c
SSDEEP

12288:EGxLdGXOKiiEuuOa3A4nRPCWCimrlsQR4PD4pa7+oy1Z4eA:9RGXgTRPCW5ElPC71

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36825aa069a0c406f432d42ce990e114

Files

36825aa069a0c406f432d42ce990e114
.exe windows:6 windows x86 arch:x86

2aee886860b23589c54811b1c7790b78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnumSystemLocalesEx
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLocalTime
GetLocaleInfoW
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetPerformanceInfo
K32GetProcessMemoryInfo
K32QueryWorkingSetEx
LCMapStringW
LoadLibraryExW
LoadLibraryW
LocalFree
DeleteFileW
MapViewOfFile
MoveFileW
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
ProcessIdToSessionId
VirtualProtect
VirtualAlloc
WaitForSingleObject
Sleep
SetEvent
CloseHandle
CreateThread
GetModuleHandleW
CreateEventA
SetFilePointerEx
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
GetOEMCP
GetProcessHeap
HeapQueryInformation
HeapFree
SetConsoleCtrlHandler
WriteConsoleW
HeapReAlloc
HeapSize
GetUserDefaultLCID
CompareStringW
GetTimeFormatW
WriteFile
GetStdHandle
HeapValidate
HeapAlloc
GetModuleHandleExW
GetModuleFileNameW
VirtualQuery
CreateFileW
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
lstrcmpiA
WideCharToMultiByte
FreeLibrary
DeleteCriticalSection
GetProcAddress
DecodePointer
LoadResource
IsDBCSLeadByte
RaiseException
GetLastError
MultiByteToWideChar
GetModuleHandleA
FindResourceA
InitializeCriticalSectionEx
LeaveCriticalSection
LoadLibraryExA
EnterCriticalSection
SetLastError
SizeofResource
LockFileEx
GetModuleFileNameA
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent

user32

SetProcessDPIAware
CharNextA
AllowSetForegroundWindow
CloseDesktop
CloseWindowStation
CreateDesktopW
CreateWindowExW
CreateWindowStationW
DefWindowProcW
DestroyWindow
DispatchMessageW
FindWindowExW
GetMessageW
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
GetWindowThreadProcessId
IsWindow
UnregisterClassA
PostMessageW
RegisterClassW
SendMessageTimeoutW
GetMessageA
DispatchMessageA
PostThreadMessageA
MessageBoxA
CharNextW
CharUpperA
UnregisterClassW
TranslateMessage
SetProcessWindowStation

advapi32

RegQueryInfoKeyA
SystemFunction036
SetTokenInformation
GetKernelObjectSecurity
GetAce
FreeSid
EventWrite
EventUnregister
EventRegister
EqualSid
DuplicateTokenEx
DuplicateToken
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA

ole32

CoRegisterClassObject
CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemRealloc
CoResumeClassObjects

oleaut32

UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
SysStringLen
VariantCopy
SysFreeString
RegisterTypeLi
VariantInit
LoadRegTypeLi
SysAllocString

shlwapi

PathMatchSpecW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

timeGetTime

Sections

.text
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2aee886860b23589c54811b1c7790b78

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

userenv

version

winmm

Sections

.text Size: 538KB - Virtual size: 538KB

.rdata Size: 149KB - Virtual size: 148KB

.data Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 538KB - Virtual size: 538KB

.rdata
Size: 149KB - Virtual size: 148KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 22KB