3feb4f1f454b2c0b36f7fd53618805a5

Sharing

Copy URL Twitter E-mail

General

Target

3feb4f1f454b2c0b36f7fd53618805a5
Size

24KB
MD5

3feb4f1f454b2c0b36f7fd53618805a5
SHA1

e7dda915ef1d8cfcd740634d574e512da28687b2
SHA256

b948cafa0ba5f4746094f77ecfe97ceaf723a9ceb64c38d03bc3762a1caf373c
SHA512

65745014c93d9c1286529a921581990780bd1763bde94b76e7cef0a84819d83b0588c5fea57ce5bf91316130724e75db517bb6f33ab6ca390ae06ec72e3dc710
SSDEEP

384:SaghnoN56b6N8aHfFBOBQbYX9w8c6XJlvsQ3LUt3qMOfgaMNyizMxhxxgcMlDZL3:/geN8APtU2oLc3Q7UtYo+hxmDFBo870C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3feb4f1f454b2c0b36f7fd53618805a5

Files

3feb4f1f454b2c0b36f7fd53618805a5
.exe windows:5 windows x86 arch:x86

5d7a9d29b39c1c7707044c6353d938ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenSCManagerW
RegOpenKeyW
UnregisterTraceGuids
RegCreateKeyW
RegDeleteValueA
IsValidSid
ControlService
RegOpenKeyExA
RegDeleteValueW
StartServiceW
OpenThreadToken
RegOpenKeyA
RegEnumKeyW
RegEnumKeyA

ntdll

RtlSetOwnerSecurityDescriptor
RtlValidSecurityDescriptor
wcsstr
strrchr
RtlUnicodeStringToAnsiString
RtlInitializeGenericTable
RtlAllocateAndInitializeSid
RtlInitializeCriticalSection

shlwapi

PathAppendA
StrRetToBufW
PathIsRootW
PathFileExistsW
StrCmpNIA
SHGetValueW
PathFindExtensionA
PathRemoveBlanksW

msvcrt

__p__fmode
__set_app_type
floor
??3@YAXPAX@Z
atol
__p__commode
_unlock
_vsnprintf
_purecall
_lock
malloc
wcscpy
wcscspn
__setusermatherr
wcstombs

user32

CallWindowProcW
LoadIconA
GetSystemMetrics
KillTimer
GetWindowDC
BeginPaint
LoadCursorW
GetDlgItem
GetSysColorBrush
LoadBitmapW
GetWindowLongA
GetMessagePos
IsWindow
EqualRect
IsRectEmpty
IsWindowVisible
GetWindowTextA
CharPrevW
GetWindow
IsWindowEnabled
ChangeMenuW

kernel32

GetVersion
MultiByteToWideChar
GetThreadLocale
DeleteFileA
VirtualAlloc
FlushFileBuffers
lstrcatW
GetFileAttributesA
CreateFileW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetOEMCP
GetDriveTypeA
CreateFileA
GetConsoleMode
ExitProcess
GetCurrentProcessId

ole32

WriteClassStm
CreateILockBytesOnHGlobal
CoCreateInstanceEx
OleUninitialize
CoSetProxyBlanket
CreateItemMoniker
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoRegisterClassObject

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d7a9d29b39c1c7707044c6353d938ee

Headers

File Characteristics

Imports

advapi32

ntdll

shlwapi

msvcrt

user32

kernel32

ole32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 11KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 484B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 11KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 484B