36265e99d275ba39a7ca196063e3ccae

Sharing

Copy URL Twitter E-mail

General

Target

36265e99d275ba39a7ca196063e3ccae
Size

3.1MB
MD5

36265e99d275ba39a7ca196063e3ccae
SHA1

3655aecf251f2856152bd96986a07fc022a4e4d6
SHA256

4449c4bd07c7aa82ebc666cca5e31fde838cc41b3b6a46a9923a7b0e435009f3
SHA512

61595e88c0ef5e2eea06b017e5f6d3bf18d2a174ef0fbe4c7d212c5b62c2ffc47bc4144dde39beba206c591f7ed81f00fc0377029ca82c42baf30c33f71ad1b4
SSDEEP

768:ZLubYuRZN3s8mgxVQhjWgNOsjb3++/lU9qZU9xT1P:ZLubDf3sGxV3qOv+/1KP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36265e99d275ba39a7ca196063e3ccae

Files

36265e99d275ba39a7ca196063e3ccae
.exe windows:5 windows x86 arch:x86

4be5e96b6ec5ddefc7a823100a3aba29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
WSAGetLastError
connect
setsockopt
htons
inet_addr
inet_ntoa
gethostbyname
WSAStartup
closesocket
recv
send
socket
WSACleanup

msvcr100

_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
__CxxFrameHandler3
?terminate@@YAXXZ
_stricmp
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strncpy
strstr
realloc
wcscspn
wcsspn
??_U@YAPAXI@Z
memmove_s
wmemcpy_s
memcpy_s
_resetstkoflw
free
malloc
??_V@YAXPAX@Z
_wtoi
??2@YAPAXI@Z
_wcsicmp
??3@YAXPAX@Z
memset
memcpy
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
SetFilePointer
GetTickCount
GlobalMemoryStatusEx
GetComputerNameW
SetEvent
GetModuleFileNameW
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
LeaveCriticalSection
WideCharToMultiByte
Module32NextW
Module32FirstW
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
CreateMutexW
GetLastError
ReleaseMutex
CreateEventW
WaitForSingleObject
GetTempPathW
lstrcatW
Sleep
LoadLibraryW
GetProcAddress
CreatePipe
GetStartupInfoW
CreateProcessW
CloseHandle
CreateThread
PeekNamedPipe
ReadFile
WriteFile
lstrlenA
SetFileAttributesW
DeleteFileW
CreateFileW
GetFileSize
GetCurrentProcess
EnterCriticalSection

user32

wsprintfW
MessageBoxA
PostThreadMessageW
ExitWindowsEx
PeekMessageW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFindExtensionW

gdi32

GetObjectW
CreateCompatibleBitmap
DeleteObject
BitBlt
CreateCompatibleDC
DeleteDC
SelectObject

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipSaveImageToFile

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4be5e96b6ec5ddefc7a823100a3aba29

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

msvcr100

kernel32

user32

advapi32

shell32

shlwapi

gdi32

gdiplus

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 3KB - Virtual size: 2KB