3d92d8e8e3b83efc21bc56e32bcbf683

Sharing

Copy URL

Twitter E-mail

General

Target

3d92d8e8e3b83efc21bc56e32bcbf683
Size

2.5MB
MD5

3d92d8e8e3b83efc21bc56e32bcbf683
SHA1

f438d0d2129f7d30fa45c3298f28af9f80b5f2c7
SHA256

bb24a3a84b1ef029b32f582f81b086a6f99cf9eb910d6fe912cd8a6811333e83
SHA512

962cb6e345b644d7e695f5268bd3c87f7069c135268aebfb852d5a57281d978cb15ce8a260dfa4b4e580352808cd425f820bda77dd8c2f0adc41d1f0d9b829be
SSDEEP

49152:l0g7mM+M6RkMkIM7I067c9VfWboJdXN0BMOwLloBrugxljxCIabjKoh9Wj:EM+M6RkMkIM7L9FTJdXN0B7+s6IabjKV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d92d8e8e3b83efc21bc56e32bcbf683

Files

3d92d8e8e3b83efc21bc56e32bcbf683
.exe windows:6 windows x64 arch:x64

2b84b899b6f300d0016ed11889c0ae02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
RegOpenKeyExW
GetTraceEnableLevel
RegCloseKey
RegisterTraceGuidsW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW

kernel32

DeleteCriticalSection
ReleaseMutex
CloseHandle
GetWindowsDirectoryW
LocalFree
ExpandEnvironmentStringsW
LoadLibraryW
Sleep
GetLastError
GetSystemDefaultLCID
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultUILanguage
CreateFileMappingW
GetFileTime
HeapSetInformation
IsWow64Process
LocalAlloc
GetProcAddress
SetLastError
VerifyVersionInfoW
lstrlenW
CreateFileW
GetModuleFileNameW
TerminateProcess
GetVersionExW
GetLocaleInfoW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeCriticalSection
RaiseException
LoadLibraryA
GetModuleHandleW
GetCurrentProcess
VerSetConditionMask
SetDllDirectoryW
CreateProcessW
SetErrorMode
GetCommandLineW
GetCurrentDirectoryW

user32

CharNextW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindowVisible
MessageBoxW
FindWindowExW
SendMessageTimeoutW
LoadStringW
IsWindowEnabled

msvcrt

??3@YAXPEAX@Z
_wcsicmp
_wcsnicmp
bsearch
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
memmove
memset
memcpy
??2@YAPEAX_K@Z
_vsnwprintf
iswspace
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wcsncmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shlwapi

SHSetValueW
SHRegGetValueW
PathQuoteSpacesW
PathCombineW
UrlCreateFromPathW
UrlApplySchemeW
SHEnumValueW
StrStrW
PathFindFileNameW
ord158
PathAppendW
SHStrDupW
SHQueryValueExW
PathAddBackslashW
SHGetValueW
PathRemoveFileSpecW
ord154
ord437
UrlCanonicalizeW
ord462
PathIsURLW
ord219
ord172

shell32

ord17
ord16
ord147
SHCreateShellItem
ord152
SHGetDesktopFolder
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx

iertutil

ord650
ord163
ord74
ord85
ord81
ord79
ord58
ord46
ord42
ord32
ord44
ord325
ord9
ord31

urlmon

ord410
ord104
ord111

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b84b899b6f300d0016ed11889c0ae02

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

iertutil

urlmon

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 604KB - Virtual size: 604KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 604KB - Virtual size: 604KB

.reloc
Size: 2KB - Virtual size: 1KB