3ea2628dd5451e43e1d636623a757f98

Sharing

Copy URL

Twitter E-mail

General

Target

3ea2628dd5451e43e1d636623a757f98
Size

736KB
MD5

3ea2628dd5451e43e1d636623a757f98
SHA1

9e75930acd028c1289944ffda8720824c73bbd29
SHA256

e59cc6fe0a05aae0a84cf61e0d62f202586ed4bd71216fa56192a0c60eb0a376
SHA512

7bfab8afe7c29ca72fdfaa6ef4066e41ee4601cc16e19639cac34248fcd5455d1ecc93e0d06f821292c548d3a91c887d497e4c4c8451aab96827226f3d305890
SSDEEP

12288:GM2haUXM96TuiTV3GmxmjFdIm1H1tBL/0JXMO3PvAhIwFKUJduE22kzvFI/F8:D2haUc96TXTYHIMPL8tH+RKydczvF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ea2628dd5451e43e1d636623a757f98

Files

3ea2628dd5451e43e1d636623a757f98
.exe windows:4 windows x86 arch:x86

6514779fa7ea86a72736321f61e494fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetVersionExA
FreeResource
DeleteFileA
MultiByteToWideChar
CreateProcessA
WriteFile
GetPrivateProfileStringA
GetPrivateProfileIntA
LockResource
WritePrivateProfileStringA
GetOEMCP
GetACP
ReadFile
FreeLibrary
LoadResource
SizeofResource
FindResourceA
GetFileAttributesA
CreateDirectoryA
CreateFileA
GetLastError
GetFileTime
SetFileTime
CloseHandle
LoadLibraryA
GetProcAddress
GetDiskFreeSpaceA
GetWindowsDirectoryA
CopyFileA
SetFilePointer
RaiseException
RtlUnwind
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
UnhandledExceptionFilter
LCMapStringW
GetModuleFileNameA
GetEnvironmentStringsW
HeapSize
HeapReAlloc
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersion
SetEndOfFile
LCMapStringA
WideCharToMultiByte
FlushFileBuffers
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA

user32

MessageBoxA
SendDlgItemMessageA
GetWindowRect
SendMessageA
EnableWindow
GetWindowTextA
GetDlgItem
EnumWindows
SetWindowLongA
EndDialog
GetSystemMetrics
SetWindowPos
DialogBoxParamA
SetWindowTextA
GetParent
SetFocus
PostMessageA

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueA
RegOpenKeyExA
RegCloseKey
RegQueryValueA
RegEnumKeyExA

shell32

SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA
SHBrowseForFolderA
SHGetMalloc
SHChangeNotify
SHGetPathFromIDListA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

comctl32

ord17
PropertySheetA

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 564KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6514779fa7ea86a72736321f61e494fe

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

comctl32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 28KB - Virtual size: 30KB

Size: 60KB - Virtual size: 58KB

.rsrc Size: 564KB - Virtual size: 560KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 564KB - Virtual size: 560KB