32f306b3beab8c876575a25c63f24ee2

Sharing

Copy URL Twitter E-mail

General

Target

32f306b3beab8c876575a25c63f24ee2
Size

180KB
MD5

32f306b3beab8c876575a25c63f24ee2
SHA1

3e2a9557b81ed7bdd79443f06ef5ab2835cefc95
SHA256

ccbc77e107e3b5e29f3c080b7058e3544a0c6e1a754fc3167260ddcf38dd2a86
SHA512

c03d95ba088bb02f4ec05e0bccd8973d12690f9ec809fc39482d9eac5c38c8c257e86828f3b04e575fb48d92a9ce52c6bec63df9506e7e30f568b7756bfb7fb3
SSDEEP

3072:Pp+3QPFywNij3cwWh4teyfgZVx5cidmkc7NjvX7rjpl+8o3Qa6:PqQpij3cbhieyfgZVx/Qjf1o3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32f306b3beab8c876575a25c63f24ee2

Files

32f306b3beab8c876575a25c63f24ee2
.exe windows:4 windows x86 arch:x86

e0aa2b91342407283b2677ba820e4bd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
TerminateThread
CloseHandle
InterlockedIncrement
ExitProcess
VirtualFree
GetModuleHandleA
Sleep
GetProcAddress
InterlockedExchange
GetTickCount
SetEvent
SetFirmwareEnvironmentVariableA
CreateMutexA
VirtualAlloc
SetStdHandle
SetFilePointer
GetLocaleInfoA
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
WriteFile
LoadLibraryA
DebugBreak
InterlockedDecrement
OutputDebugStringA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
RaiseException
MultiByteToWideChar
FlushFileBuffers

user32

EnableWindow
MessageBoxA
PostMessageA
LoadImageA
ShowWindow
SendMessageA
DestroyWindow
PeekMessageA

winmm

midiStreamStop

Exports

Exports

?EnumWindowsProc@@YIHKK@Z

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VDXE
Size: 4KB - Virtual size: 99B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.INIT2
Size: 4KB - Virtual size: 513B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0aa2b91342407283b2677ba820e4bd5

Headers

File Characteristics

Imports

kernel32

user32

winmm

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.VDXE Size: 4KB - Virtual size: 99B

.INIT2 Size: 4KB - Virtual size: 513B

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 8KB

.vdata Size: 12KB - Virtual size: 9KB

.rsrc Size: 68KB - Virtual size: 66KB

.text
Size: 72KB - Virtual size: 68KB

.VDXE
Size: 4KB - Virtual size: 99B

.INIT2
Size: 4KB - Virtual size: 513B

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 8KB

.vdata
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 68KB - Virtual size: 66KB