3028bf552c7ba17681d3114ed9b1bfbe

Sharing

Copy URL Twitter E-mail

General

Target

3028bf552c7ba17681d3114ed9b1bfbe
Size

329KB
MD5

3028bf552c7ba17681d3114ed9b1bfbe
SHA1

03ce56ce6ce657a6d2098de7dc47eb09e42a00d2
SHA256

dd258850de29de0e33e0dfb6045a7ed6bfa0a8ef057d3c28e279a0d06b701c5c
SHA512

ade8755c0524c131823727779f902eebbb94fce6b0793450d583413c39a603aed05ec2d1d18276da77170a1f27a8c3368fcc0e2a56b7a57f3af7ba741b3840e0
SSDEEP

6144:co3X1fX0YnjVJpUkUvQcGw2XEe9L7R6HEavTHSrDiQHuFo3b+EL4:c/qjV3tCqZ7RIpHSXPOd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3028bf552c7ba17681d3114ed9b1bfbe

Files

3028bf552c7ba17681d3114ed9b1bfbe
.exe windows:5 windows x86 arch:x86

74c3f5057e0d75e23585136688703769

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CIcos
malloc
qsort
memmove
_adjust_fdiv
_lock
_CIatan
_errno
_CItan
_fpclass
_CItanh
__dllonexit
_CIsin
_stricmp
_CIfmod
ceil
_wtof
isdigit
_CIexp
floor
modf
_clearfp
_CIcosh
_wcsicmp
_isnan
_purecall
_CIacos
isxdigit
_CIatan2
memset
atoi
_CIpow
atof
realloc
_amsg_exit
_CIsinh
_CIasin
_controlfp
_unlock
_XcptFilter
_strdup
setlocale
wcsstr
wcschr
_vsnwprintf
_resetstkoflw
calloc
_vsnprintf
_initterm
strchr
toupper
_onexit
_CIsqrt
wcstol
_CIlog
_finite
free
isalpha
isspace
memcpy
_copysign
tolower
clock
_wtoi
isalnum

user32

SetLayeredWindowAttributes
GetDC
GetClientRect
TranslateMessage
EnumDisplayDevicesW
OffsetRect
GetMonitorInfoW
InvalidateRect
MsgWaitForMultipleObjects
PeekMessageW
UpdateLayeredWindow
SystemParametersInfoW
GetWindowDC
CopyRect
GetWindowLongW
IsWindow
EnumDisplayMonitors
EnumDisplaySettingsW
IntersectRect
GetGuiResources
SetRect
IsRectEmpty
ReleaseDC
ClientToScreen
PostMessageW
DispatchMessageW
GetDesktopWindow
RegisterWindowMessageW
EqualRect

psapi

GetProcessMemoryInfo

gdi32

CreateCompatibleDC
DeleteObject
DrawEscape
RealizePalette
DeleteDC
CreateRectRgnIndirect
OffsetRgn
GdiEntry13
CombineRgn
GetSystemPaletteEntries
RectInRegion
GetDeviceCaps
SelectPalette
CreateDIBSection
CreateICW
GetDIBits
GetDCOrgEx
CreateCompatibleBitmap
CreatePalette
CreateDCW
GetRegionData
SetLayout
SelectObject
BitBlt
GetRgnBox

ntdll

NtUnmapViewOfSection
DbgBreakPoint
NtAllocateVirtualMemory
RtlClearBits
RtlInitializeGenericTable
NtMapViewOfSection
RtlUlongByteSwap
NtCreateSection
DbgPrompt
RtlIsGenericTableEmpty
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlInterlockedFlushSList
RtlInitializeBitMap
NtAddAtom
RtlLookupElementGenericTable
RtlNumberGenericTableElements
RtlFindClearBitsAndSet

rpcrt4

RpcAsyncCancelCall
RpcStringBindingComposeW
RpcBindingVectorFree
NdrAsyncClientCall
RpcSsDestroyClientContext
RpcBindingSetAuthInfoExW
UuidToStringW
NdrAsyncServerCall
RpcAsyncCompleteCall
RpcAsyncGetCallStatus
RpcServerUnregisterIfEx
RpcServerUseProtseqW
RpcAsyncInitializeHandle
RpcStringFreeW
RpcBindingFromStringBindingW
UuidCreate
I_RpcExceptionFilter
RpcBindingFree
RpcServerInqCallAttributesW
RpcServerRegisterIfEx
RpcEpRegisterW
RpcServerInqBindings

kernel32

HeapAlloc
GetCurrentThreadId
RaiseException
lstrcmpiA
GetCurrentThread
GetModuleHandleW
SetThreadPriority
CompareStringW
GetSystemDirectoryW
CreateFileMappingA
InitializeCriticalSection
SystemTimeToFileTime
GetCurrentProcessId
CreateWaitableTimerW
LocalFree
DeleteCriticalSection
SetWaitableTimer
InterlockedDecrement
VirtualAlloc
CreateEventW
InterlockedPushEntrySList
FindClose
CreateFileA
LoadLibraryA
InterlockedExchange
GetTickCount
Sleep
GetFullPathNameA
DuplicateHandle
GetFileSize
LoadLibraryW
QueryPerformanceCounter
HeapFree
LoadResource
UnmapViewOfFile
OutputDebugStringW
RtlCaptureStackBackTrace
GetLastError
FreeLibrary
QueryPerformanceFrequency
CreateThread
GetProcessHeap
InitializeSListHead
PulseEvent
RtlUnwind
GlobalUnlock
VirtualQuery
DisableThreadLibraryCalls
UnhandledExceptionFilter
FindResourceW
SizeofResource
QueryDepthSList
GetVersionExA
DebugBreak
GetProcAddress
ProcessIdToSessionId
GetModuleHandleA
LocalAlloc
InterlockedCompareExchange
EnterCriticalSection
GetOverlappedResult
SetUnhandledExceptionFilter
WaitForSingleObjectEx
CreateFileMappingW
VirtualFree
MapViewOfFile
GetVersion
SetLastError
GetSystemTimeAsFileTime
GetSystemInfo
InterlockedExchangeAdd
DelayLoadFailureHook
CloseHandle
ReadFile
GetProcessWorkingSetSize
TerminateThread
GetProcessId
GetCurrentProcess
LeaveCriticalSection
SetEvent
SleepEx
WriteFile
ResetEvent
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
CancelIo
LockResource
InterlockedIncrement
WaitForMultipleObjects
TerminateProcess
InterlockedFlushSList
CreateFileW
MulDiv
OutputDebugStringA
IsProcessorFeaturePresent
SetProcessWorkingSetSize
FindFirstFileW
GetVersionExW
WideCharToMultiByte
VirtualLock
HeapReAlloc
ExitProcess
WaitForSingleObject

ole32

CoUninitialize
PropVariantCopy
CoTaskMemAlloc
CoCreateInstance
CoInitialize
PropVariantClear
CoTaskMemFree

advapi32

RegQueryValueExW
TraceMessage
RegisterTraceGuidsW
RegOpenKeyExW
GetTraceEnableFlags
TraceEvent
RegOpenKeyA
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74c3f5057e0d75e23585136688703769

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

psapi

gdi32

ntdll

rpcrt4

kernel32

ole32

advapi32

Sections

.text Size: 27KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 248KB - Virtual size: 248KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 1.4MB

.text
Size: 27KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 248KB - Virtual size: 248KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 1.4MB