3e82b76dfa4338688b131a08886f5cb2

Sharing

Copy URL Twitter E-mail

General

Target

3e82b76dfa4338688b131a08886f5cb2
Size

457KB
MD5

3e82b76dfa4338688b131a08886f5cb2
SHA1

61f65cc6c1281cf86528df8732db27536492c5f3
SHA256

889a9c510c4d7a31255ccbb15f300f9066363fa1b1ca48782722fc579096e0d8
SHA512

99d709586e85d24139e3413600ef236d9e17c1364dec57605155f1a2c5620dd8fcb0952484ac773208f3e5cc8d990b355e2b139c157ffbca46c2d79a5c07cb26
SSDEEP

6144:+JZjgfgc4NWkKqPChXHIvzRXGQOJkyw3LK5KkZxh4c7lbN/N6Np:+JZUt4QFRIvztTOJkRLK5RZxic7lbNu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e82b76dfa4338688b131a08886f5cb2

Files

3e82b76dfa4338688b131a08886f5cb2
.exe windows:4 windows x86 arch:x86

84038263cf4375fa0942913965bd3db8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetFileAttributesA
Process32Next
Module32Next
GetFileAttributesExA
Module32First
Process32First
CreateToolhelp32Snapshot
FreeResource
SizeofResource
LockResource
WritePrivateProfileStringA
GetTempFileNameA
LoadResource
FindResourceA
LoadLibraryW
GetLastError
LocalFree
LocalAlloc
CreateFileW
DeleteFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
InterlockedIncrement
CreateEventA
GetWindowsDirectoryA
CreateFileA
ReadFile
WriteFile
GetProcAddress
MoveFileExA
SetFileAttributesA
GetTickCount
CreateProcessA
CloseHandle
lstrlenA
GetTempPathA
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GetModuleHandleA
SetUnhandledExceptionFilter
GetCommandLineA
InterlockedDecrement
EnterCriticalSection
GetCurrentThreadId
GetStartupInfoA
VirtualProtect
SetLastError
DeviceIoControl
ExpandEnvironmentStringsA
GetLongPathNameW
lstrlenW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
GetLongPathNameA
OutputDebugStringA
DebugBreak
WaitForSingleObject
GetModuleFileNameA
SetEvent
CopyFileA
CreateDirectoryA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeA
LoadLibraryExW
MultiByteToWideChar
LeaveCriticalSection
GetEnvironmentVariableA
FindFirstFileA
GetShortPathNameA
MoveFileA
FindNextFileA
RemoveDirectoryA
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
TerminateProcess
WideCharToMultiByte
ReadProcessMemory
lstrcmpiA
GetSystemDirectoryA
SetFilePointer
GetFileSize
SearchPathW
Sleep
DuplicateHandle
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateThread
GetCurrentProcessId
GetVersionExA
FindClose

user32

LoadStringA
CreateDialogParamA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage
MessageBoxA
GetActiveWindow
DestroyWindow
IsDialogMessageA
SetWindowLongA
GetWindowTextLengthA
DispatchMessageA
CharNextA
wvsprintfA
EndDialog
SetDlgItemTextA
DialogBoxParamA
PostMessageA
BeginPaint
ScreenToClient
DrawTextA
EndPaint
PostQuitMessage
GetWindowLongA
GetWindowThreadProcessId
FindWindowA
FindWindowExA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA
SendMessageA
SetWindowTextA
GetDlgItem
EnableWindow
DefWindowProcA

gdi32

SelectObject
SetBkMode
SetTextColor
GetStockObject

shell32

ShellExecuteA
SHGetSpecialFolderPathA
CommandLineToArgvW
SHGetFolderPathA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

comctl32

InitCommonControlsEx

msvcrt

_mbstok
_mbsicmp
_mbslwr
tolower
_CxxThrowException
_mbschr
_mbsnbicmp
sscanf
mbstowcs
_stricmp
_mbsnbcpy
malloc
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
_mbsnbcmp
_strlwr
fputs
strrchr
_vsnprintf
fopen
rewind
fgets
_strnicmp
fseek
fprintf
fclose
_osver
_except_handler3
_snprintf
atoi
_ismbcdigit
wcslen
_beginthread
_purecall
_mbsrchr
sprintf
strstr
??2@YAPAXI@Z
memmove
realloc
setlocale
_mbsstr
free
__CxxFrameHandler
_mbscmp

shlwapi

SHGetValueA
PathFileExistsA
PathCombineA
StrStrIA
SHDeleteKeyA
wnsprintfA
StrChrW
StrStrIW
SHSetValueA
SHDeleteValueA
PathAppendA
PathIsDirectoryA
StrCmpNIA

urlmon

URLDownloadToFileA

wininet

HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
InternetOpenA
InternetConnectA

psapi

GetModuleInformation

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

SetNamedSecurityInfoA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
ControlService
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegQueryValueExA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
RegDeleteValueA
RegEnumKeyExA
RegCreateKeyExA
RegEnumKeyA
DeleteAce
GetExplicitEntriesFromAclA
GetUserNameA

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CHONG
Size: 4KB - Virtual size: 155B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84038263cf4375fa0942913965bd3db8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

comctl32

msvcrt

shlwapi

urlmon

wininet

psapi

version

advapi32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 328KB - Virtual size: 326KB

.CHONG Size: 4KB - Virtual size: 155B

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 328KB - Virtual size: 326KB

.CHONG
Size: 4KB - Virtual size: 155B