3ea27ea385287f0bddf75a77896e083a

Sharing

Copy URL Twitter E-mail

General

Target

3ea27ea385287f0bddf75a77896e083a
Size

141KB
MD5

3ea27ea385287f0bddf75a77896e083a
SHA1

dfb916a3bd2dd7ffa3ccf2580ca49867b6b3ebe1
SHA256

46e658b8ac02ec21babef7a11541ba8917e08948ad93aaf8a6d308fc1555fc15
SHA512

9af3d2257e53a45571f0bf2cf5f8aeba3fd6488798f580379e548fc9b628b39f1c1f97690579d06fa78f88a40dc888b6b7540f8187e8854c84eb93e4a4360684
SSDEEP

3072:hl0UInHO9PS2no3zSdz3InDJrRAJwPhsa7sGPUEDpygS90w+0JOZekIBCaGgS:fIHOoB3kz4D5jhsMzC82/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ea27ea385287f0bddf75a77896e083a

Files

3ea27ea385287f0bddf75a77896e083a
.exe windows:5 windows x86 arch:x86

38915e7c4b4e5007fd336716c8820b0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSizeEx
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetVersionExA
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
FindNextFileW
LoadLibraryW
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
RtlUnwind
SetThreadLocale
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte
lstrcmpiW
lstrlenW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
CreateFileW
LoadLibraryExW
CreateFileMappingW

user32

CharNextW
UnregisterClassA

ntdll

memcpy
memmove
memset
wcstoul
_wcsicmp
_vsnwprintf
_vsnprintf
RtlInitUnicodeString
RtlFreeHeap
RtlAllocateHeap
NtQueryValueKey

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcrt

calloc
_unlock
_purecall
_onexit
_lock
_initterm
_errno
free
_amsg_exit
__set_app_type
__p__fmode
__dllonexit
__CxxFrameHandler
_XcptFilter
_CxxThrowException
malloc
printf
_callnewh
realloc

userenv

ForceSyncFgPolicy
RsopResetPolicySettingStatus

shell32

ShellHookProc
SHGetSettings
WOWShellExecute
DragAcceptFiles
SHUpdateRecycleBinIcon
SHLoadInProc

advapi32

GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags

Exports

Exports

GetDriverInfo
HrGetStyleSheet
LoadMappedToolbarBitmap
OpenDatabase
SetQoSql
StrToUintW

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38915e7c4b4e5007fd336716c8820b0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

version

msvcrt

userenv

shell32

advapi32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 25KB - Virtual size: 25KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 16KB - Virtual size: 15KB