343bd1b58fb5215279d983e61cf3c8a7

Sharing

Copy URL Twitter E-mail

General

Target

343bd1b58fb5215279d983e61cf3c8a7
Size

261KB
MD5

343bd1b58fb5215279d983e61cf3c8a7
SHA1

6da36ff860b5413ded56d489333c60ed0cb914a1
SHA256

757c37b14c8611c0b80e2d8e7ed9d2f54cfe0581429f5ce6636c7734ea7f5424
SHA512

30742f9e26e81f04cde2a72ff6b538649ea1a30de6c4f88e8c98ee2669781e7129d9a61cfde7fe79cf1a83b8e5189ff61304fb9031f8f607d498c57d6819e112
SSDEEP

6144:ypoqkPtoYJJgs7vBcIizR/7S0/Qg4gZdvmcwWt:ypoqkVH/96fF4V+mIt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
343bd1b58fb5215279d983e61cf3c8a7

Files

343bd1b58fb5215279d983e61cf3c8a7
.exe windows:4 windows x86 arch:x86

f1dd2d6cf26a743c6f23a4cf254dd4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW
EnumProcessModules

kernel32

EnterCriticalSection
LocalFree
GetProcessHeap
GetSystemDirectoryW
SetThreadPriority
OpenFileMappingW
ReleaseSemaphore
GetModuleHandleW
PulseEvent
HeapAlloc
SetUnhandledExceptionFilter
WideCharToMultiByte
UnhandledExceptionFilter
CreateThread
GetFileSize
GetPriorityClass
CreateSemaphoreW
TlsSetValue
SetProcessWorkingSetSize
GetDateFormatW
FindCloseChangeNotification
lstrcmpW
TryEnterCriticalSection
SetPriorityClass
LoadLibraryExW
GetTempFileNameW
UnmapViewOfFile
OpenEventW
GetSystemInfo
CreateMutexW
CompareFileTime
SetLastError
TlsFree
CreateProcessW
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingW
FindNextChangeNotification
ExpandEnvironmentStringsW
HeapReAlloc
GetDriveTypeW
SystemTimeToFileTime
DeviceIoControl
lstrcpyW
ReleaseMutex
DeleteCriticalSection
FlushFileBuffers
FindFirstChangeNotificationW
GetSystemTime
WaitForSingleObject
TlsAlloc
GetLocalTime
GetWindowsDirectoryW
GetFileTime
SetFilePointer
GetCurrentDirectoryW
OpenSemaphoreW
GetPrivateProfileIntW
GetQueuedCompletionStatus
ResumeThread
MapViewOfFile
CreateFileW
LocalAlloc
RaiseException
DeleteFileW
SetEndOfFile
CreateEventW
lstrlenW
HeapFree
OutputDebugStringW
GetCurrentThreadId
LeaveCriticalSection
lstrcpynW
FindFirstFileW
FindNextFileW
GetPrivateProfileStringW
OpenMutexW
GetComputerNameW
lstrcatW
GetTempPathW
OpenProcess
lstrcmpA
WriteFile
IsDebuggerPresent
FindClose
SetCurrentDirectoryW
TlsGetValue
ResetEvent
TerminateThread
DuplicateHandle
CreateIoCompletionPort
SetErrorMode
lstrlenA
FreeLibrary
FormatMessageW
GetTimeFormatW
VirtualAllocEx

user32

MessageBoxW
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
LoadStringW
FindWindowW
PeekMessageW

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyW
SetSecurityDescriptorDacl
RegQueryValueExW
QueryServiceStatus
GetTokenInformation
OpenServiceW
RegDeleteValueW
RegSetValueExW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
RegOpenKeyA
StartServiceW
ControlService
CloseServiceHandle
CreateProcessAsUserW
InitializeSecurityDescriptor
EnumDependentServicesW
RegOpenKeyExW

mscms

RegisterCMMA
UnregisterCMMA
InternalGetDeviceConfig
RegisterCMMW
ConvertIndexToColorName
SelectCMM
InstallColorProfileA
CreateProfileFromLogColorSpaceW
InternalGetPS2ColorSpaceArray

iedkcs32

BrandICW

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pghfZ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.B
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.utmKY
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.T
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hVu
Size: 1024B - Virtual size: 961B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 213KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.go
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1dd2d6cf26a743c6f23a4cf254dd4d6

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

mscms

iedkcs32

Sections

.text Size: 18KB - Virtual size: 17KB

.pghfZ Size: 2KB - Virtual size: 2KB

.B Size: 1KB - Virtual size: 2KB

.utmKY Size: 1024B - Virtual size: 1KB

.T Size: 1KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 3KB

.hVu Size: 1024B - Virtual size: 961B

.data Size: 213KB - Virtual size: 451KB

.go Size: 2KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 18KB - Virtual size: 17KB

.pghfZ
Size: 2KB - Virtual size: 2KB

.B
Size: 1KB - Virtual size: 2KB

.utmKY
Size: 1024B - Virtual size: 1KB

.T
Size: 1KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 3KB

.hVu
Size: 1024B - Virtual size: 961B

.data
Size: 213KB - Virtual size: 451KB

.go
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 16KB