31b995a83cd3008d2f12d41b923f4fd5

Sharing

Copy URL Twitter E-mail

General

Target

31b995a83cd3008d2f12d41b923f4fd5
Size

198KB
MD5

31b995a83cd3008d2f12d41b923f4fd5
SHA1

60377dbf5e4d6797141ab85e8ffc438995202c0a
SHA256

dd11af22947bce52dc1abc5d336dc7d5ac891397dc1966c6be66c3d9a152c890
SHA512

15cc375aa81446497dab3270948d5c0cd03762612051369bcdb76039d3aaf665074d470a608d1ccc89e5f952204e11ebed6e738830633c9ebb6b4edba966eb94
SSDEEP

3072:SVdlbP/jb06exMa06yYuvFoV5aPMNgdSkXaIrV5NgMYXGuMt8fGx:StLLb1QM6yYPyMgdSkqIx5NaWutO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31b995a83cd3008d2f12d41b923f4fd5

Files

31b995a83cd3008d2f12d41b923f4fd5
.exe windows:4 windows x86 arch:x86

947dd6cc37ebe8dcd9099407c4143e33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

imagehlp

ImageRvaToVa
ImageNtHeader
ImageGetDigestStream
ImageDirectoryEntryToData

user32

MonitorFromWindow
wsprintfW
CharNextA
CharNextW

kernel32

InterlockedIncrement
DeleteFileW
LocalFree
MoveFileW
MultiByteToWideChar
IsDebuggerPresent
lstrlenW
GetProcessHeap
FindFirstFileW
FreeResource
GetCommandLineW
HeapAlloc
CreateDirectoryA
EnterCriticalSection
LockResource
GetTempFileNameW
SetLastError
LoadLibraryExA
UpdateResourceW
RemoveDirectoryW
CreateFiberEx
WideCharToMultiByte
CreateFileA
ExitProcess
HeapReAlloc
CreateFileMappingA
SizeofResource
HeapFree
DeleteFileA
QueryPerformanceCounter
InitializeCriticalSection
GetSystemDirectoryA
EscapeCommFunction
_lwrite
InterlockedDecrement
GetFileAttributesW
GetCurrentProcess
LoadResource
GetThreadLocale
GetACP
lstrlenA
GlobalFree
GlobalLock
WriteFile
CopyFileW
FindResourceExW
CreateFileW
CloseHandle
EnumResourceNamesA
SetEndOfFile
LoadLibraryA
UnhandledExceptionFilter
FindNextFileA
GetCurrentProcessId
_lclose
LeaveCriticalSection
EndUpdateResourceW
FindClose
RaiseException
GetCurrentDirectoryW
GetFileInformationByHandle
MapViewOfFile
GetVersionExA
_llseek
Sleep
CopyFileA
GetEnvironmentVariableA
GetTickCount
GetStringTypeExW
FormatMessageW
GetTempPathW
GetSystemTimeAsFileTime
HeapDestroy
DeleteCriticalSection
FreeLibrary
CreateDirectoryW
GetFileSize
OutputDebugStringA
GlobalAlloc
FatalExit
ReadFile
SetUnhandledExceptionFilter
lstrcmpiA
GetModuleHandleW
RemoveDirectoryA
GetOEMCP
GetCurrentThreadId
SetFileAttributesW
SetFileAttributesA
UnmapViewOfFile
TerminateProcess
GetFullPathNameW
EnumResourceLanguagesW
HeapSize
GetLastError
SetFilePointer
GetVersion
_lread
EnumResourceNamesW
GetFullPathNameA
GetLocaleInfoA
FindNextFileW
FindFirstFileA
InterlockedCompareExchange
InterlockedExchange
DebugBreak
GetProcAddress
FindResourceW
GlobalUnlock
BeginUpdateResourceW
GetVersionExW
EnumResourceTypesW
GetFileAttributesA
AreFileApisANSI
LoadLibraryExW
lstrcpyA

shell32

CommandLineToArgvW

msvfw32

ICInfo

psapi

GetProcessMemoryInfo

advapi32

CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

947dd6cc37ebe8dcd9099407c4143e33

Headers

File Characteristics

Imports

imagehlp

user32

kernel32

shell32

msvfw32

psapi

advapi32

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 15KB

.lib Size: 512B - Virtual size: 352KB

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 15KB

.lib
Size: 512B - Virtual size: 352KB