3af7af0c421d3fda210e9279198f05d0

Sharing

Copy URL

Twitter E-mail

General

Target

3af7af0c421d3fda210e9279198f05d0
Size

67KB
MD5

3af7af0c421d3fda210e9279198f05d0
SHA1

e1d991dec542e4f9b8fcd6bb773faeb4bf991da5
SHA256

7da108efb763260a2afcc87333d07d411a06cb25d7600dd2733e37d894f00d2d
SHA512

c744520116da4a241fc17ac9b64dfc1878e3c96d8b7309c7eced2bc9c0697fe8add76b3b6b4be1a480d38b959da84bb9e600af38553fe1fdee452bd4fb66c019
SSDEEP

1536:Q81rm7NhN0bRx8QOUgTXs6bGhcmB4PdbdnQ:Az0bRWoa2cy4Pd5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3af7af0c421d3fda210e9279198f05d0

Files

3af7af0c421d3fda210e9279198f05d0
.exe .vbs windows:6 windows x86 arch:x86 polyglot

1e5ff26b36e32b7820b86ff83da357f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
strchr
_strupr
strncpy
malloc
fprintf
memset
fopen
fwrite
fclose

advapi32

OpenSCManagerA
ConvertStringSecurityDescriptorToSecurityDescriptorA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
SetServiceStatus
DeleteService
ControlService
OpenServiceA
StartServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CreateServiceA
CloseServiceHandle
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertStringSidToSidA
EqualSid

kernel32

LoadLibraryA
ExpandEnvironmentStringsA
Sleep
GetVersionExA
GetCurrentThread
GetCurrentProcess
GetLocalTime
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetLastError
WritePrivateProfileStringA
GetTickCount
GetPrivateProfileIntA
CreateFileA
CloseHandle
GetWindowsDirectoryA
lstrcpyA
GetProcAddress
SetLastError
CreateEventA
HeapSetInformation
SuspendThread
SetEvent
WaitForMultipleObjects
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateThread
CreateDirectoryA
FreeLibrary

gdi32

GetStockObject

user32

RegisterDeviceNotificationA
RegisterWindowMessageA
GetMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassA
DestroyWindow
PostQuitMessage
DeleteMenu
SetMenuDefaultItem
CreateWindowExA
ShowWindow
UpdateWindow
SetTimer
FindWindowA
KillTimer
EnableMenuItem
GetSystemMenu
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
SendMessageA
DefWindowProcA
LoadStringA
MessageBoxA
wvsprintfA
wsprintfA
RegisterClassExA

setupapi

SetupDiEnumDeviceInfo
CM_Reenumerate_DevNode
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

brevif

SetFmAutoSelStat
GetRsmgGlobalEventArea
RsmgGlobalMutexIfService
SetRsmgGlobalEventArea
SetOverMainAlive
GetOrgMainAlive
ExecReqRsmgGlobalEvent
GetOverMainAlive
SetOverMainUnloading
GetOverMainUnloading
SetOrgMainAlive

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e5ff26b36e32b7820b86ff83da357f2

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

setupapi

brevif

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 1024B - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 24KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 1024B - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 24KB