03fb8251ff8baee33c6790ed1868247b

Sharing

Copy URL Twitter E-mail

General

Target

03fb8251ff8baee33c6790ed1868247b
Size

85KB
MD5

03fb8251ff8baee33c6790ed1868247b
SHA1

76774ea0b1a8b20136eefb5ba37cb5882d87c42b
SHA256

54eadef7203b92c6f92a1b4dc4cb42ef4755c1832861d0b70c7d3466fc709170
SHA512

b96d79db59b4e3ef34005fae6dff7df26951597552b25be439ea0bca986978899ce549405fe544fa9c2bdf9d9db507d7bcc8b62b6779f3a05a867c8fcc8d2a4d
SSDEEP

1536:KzyTzNHsYLC4mdTS9MlttBVLc28y68r4SFmnXG976T19YR:ayTzNMYLQdeettPc28y68r4SFm076T1S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03fb8251ff8baee33c6790ed1868247b

Files

03fb8251ff8baee33c6790ed1868247b
.exe windows:5 windows x86 arch:x86

c9270dbaada0468e7d4d8075837bebf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

kernel32

LeaveCriticalSection
EnterCriticalSection
GetProcessId
CreateRemoteThread
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
HeapFree
GetProcessHeap
GetLocalTime
DeleteCriticalSection
GetSystemTime
GetPrivateProfileStringW
WriteFile
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetPrivateProfileIntW
GetLastError
SetLastError
ResetEvent
InitializeCriticalSection
SetUnhandledExceptionFilter
GetTickCount
GetFileSizeEx
GetCurrentThreadId
DeleteFileW
SetFileAttributesW
GetVersionExW
GetVolumeNameForVolumeMountPointW
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
IsBadReadPtr
GetCurrentThread
Thread32First
Thread32Next
ExpandEnvironmentStringsW
WideCharToMultiByte
FormatMessageW
MultiByteToWideChar
LocalFree
CreateMutexW
OpenMutexW
ReleaseMutex
FreeLibrary
LoadLibraryA
SetThreadContext
GetThreadContext
WriteProcessMemory
GetCurrentProcessId
CloseHandle
DuplicateHandle
OpenEventW
lstrcmpiW
CreateEventW
VirtualAllocEx
VirtualProtectEx
GetProcAddress
GetModuleFileNameW
ReadProcessMemory
Sleep
VirtualFreeEx
VirtualQueryEx
GetModuleHandleW
SetEvent
WaitForSingleObject
ExitProcess
SetFilePointer

user32

MessageBoxA
CharUpperW
CharLowerA
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
MessageBoxW

shlwapi

PathCombineW
PathRemoveBackslashW
UrlUnescapeA
StrCmpNIA
PathRemoveFileSpecW
PathAddBackslashW
PathAddExtensionW
PathIsRelativeW
SHDeleteValueW
wvnsprintfW
wvnsprintfA
SHDeleteKeyW

wininet

InternetReadFileExA
InternetConnectA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetQueryOptionW
GetUrlCacheEntryInfoW
InternetCrackUrlA
InternetCloseHandle
HttpSendRequestA
HttpSendRequestW
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW
InternetQueryDataAvailable
InternetQueryOptionA
InternetSetStatusCallbackW
InternetReadFile
InternetOpenA

advapi32

GetLengthSid
CryptGetHashParam
CryptAcquireContextW
RegCreateKeyExW
CryptDestroyHash
RegCloseKey
CryptHashData
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptReleaseContext
CryptCreateHash

shell32

SHGetFolderPathW

ole32

StringFromGUID2
CLSIDFromString

Sections

code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9270dbaada0468e7d4d8075837bebf2

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

shlwapi

wininet

advapi32

shell32

ole32

Sections

code Size: 8KB - Virtual size: 7KB

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 3KB - Virtual size: 2KB

code
Size: 8KB - Virtual size: 7KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 3KB - Virtual size: 2KB