3b01c0c97df2b1fc98efe8d6bff26c1f

Sharing

Copy URL Twitter E-mail

General

Target

3b01c0c97df2b1fc98efe8d6bff26c1f
Size

182KB
MD5

3b01c0c97df2b1fc98efe8d6bff26c1f
SHA1

b81a86b7ece57830fb28c0004c4f96dd53775ee8
SHA256

9aafae38c3acbbfca01c18244e4d53bc9d05123e1bc747e86c2c3eec0c268ec5
SHA512

94861506e6e04cc6e8afa55a01a1ca6c3288a80007aec3568375b4e911598f18705fc7d25fe191db750feb18b9ceced6f25584bacc7048c4d8507792eaf1ffff
SSDEEP

3072:SIjLO80J68QnUzTpr5RCilsq06tdcjCGIksv/reuzDXq28sr:SIPO80Jx/TlLdtG5snrdzrqbk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b01c0c97df2b1fc98efe8d6bff26c1f

Files

3b01c0c97df2b1fc98efe8d6bff26c1f
.exe windows:0 windows x86 arch:x86

046f46d0b23ca4e9deca1b1dc44e731b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsrchr
_wtoi
_wcsicmp
_unlock
_onexit
_lock
_initterm
memcpy
_XcptFilter
_purecall
realloc
malloc
_amsg_exit
wcsncmp
memset
__dllonexit
_vsnwprintf
free
wcschr
_wtol
_wcsnicmp
wcspbrk

kernel32

HeapAlloc
RtlUnwind
CreateRemoteThread
lstrlenW
HeapFree
RaiseException
FreeLibrary
EnterCriticalSection
GlobalMemoryStatus
CreateMailslotA
GetQueuedCompletionStatus
InterlockedCompareExchange
FileTimeToSystemTime
MultiByteToWideChar
Sleep
GetGeoInfoA
OpenConsoleW
InterlockedDecrement
GetTempPathW
GlobalGetAtomNameW
GetProcessIoCounters
ResetEvent
HeapWalk
GetDateFormatW
GlobalFree
InitializeSListHead
BackupSeek
BeginUpdateResourceW
GlobalLock
CloseHandle
FreeEnvironmentStringsA
GetFileSize
GetCommState
GlobalAlloc
CompareStringW
FreeEnvironmentStringsW
SetConsoleDisplayMode
GetProcessHeap
QueryPerformanceCounter
GetFileSize
VirtualAllocEx
UnhandledExceptionFilter
DeleteCriticalSection
TerminateProcess
lstrcatW
CreateMailslotW
LocalFlags
ReadFileScatter
CopyLZFile
DeviceIoControl
SetUnhandledExceptionFilter
QueryPerformanceFrequency
SetEvent
GetLocalTime
LocalFree
LoadResource
FindResourceW
ReadFile
GetLastError
GlobalReAlloc
GetDiskFreeSpaceA
DeleteFileW
SetConsoleNlsMode
ExpungeConsoleCommandHistoryW
LeaveCriticalSection
InterlockedIncrement
GetExitCodeThread
WriteProfileSectionW
GetLocalTime
LocalAlloc
WaitForMultipleObjectsEx
lstrlenA
GetStartupInfoA
GetDiskFreeSpaceA
IsProcessInJob
ReadConsoleW
UnregisterConsoleIME
GetPrivateProfileSectionNamesA
InterlockedExchange
GetExpandedNameW
GetVersionExA
SetFilePointer
ReadConsoleOutputCharacterA
GetNumberOfConsoleMouseButtons
lstrcpyW
GetTickCount
GetConsoleAliasA
lstrcmpA
SetCommBreak
HeapDestroy
WaitCommEvent
GetVersion
GetTapePosition
BaseFlushAppcompatCache
InvalidateConsoleDIBits
GetVersionExW
DebugBreak
GetLongPathNameW
OutputDebugStringW
GetSystemTimeAsFileTime
WideCharToMultiByte
GlobalUnlock
lstrcpynW
GetTempFileNameW
GetCurrentProcess
GetEnvironmentStringsW
WaitForSingleObject
lstrcmpiW
SizeofResource
GetVersionExW
TerminateJobObject
GetSystemInfo
WaitForMultipleObjects
SetTermsrvAppInstallMode
VirtualQuery
CreateFileW
GetCurrentProcessId
CreateEventW
FindResourceW
SetVolumeLabelW

user32

CharNextW
GetMessageW
DispatchMessageW
RegisterWindowMessageA
PostThreadMessageW
LoadIconW
PostMessageW
CharPrevW

advapi32

UnregisterTraceGuids
RegOpenKeyExW
RegSetValueExA
GetTraceLoggerHandle
RegDeleteValueW
GetTraceEnableFlags
RegCloseKey
RegEnumValueW
RegQueryValueExA
RegisterTraceGuidsW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegQueryInfoKeyW
GetTraceEnableLevel
RegSetValueExW
TraceMessage
RegQueryValueExW

ole32

CoTaskMemRealloc
CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoInitializeEx
PropVariantClear
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

VariantInit
SafeArrayCreateVector
SysAllocStringByteLen
VariantCopy
LoadTypeLi
VariantChangeType
VarUI4FromStr
RegisterTypeLi
VariantClear
SysFreeString
SysAllocString
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SafeArrayRedim

userenv

GetUserProfileDirectoryA
RsopResetPolicySettingStatus
DllCanUnloadNow
DllRegisterServer

Sections

.THHgqC
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.H
Size: 1024B - Virtual size: 947B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.irgho
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UWDN
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

046f46d0b23ca4e9deca1b1dc44e731b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

userenv

Sections

.THHgqC Size: 1KB - Virtual size: 1KB

.H Size: 1024B - Virtual size: 947B

.irgho Size: 2KB - Virtual size: 1KB

.UWDN Size: 2KB - Virtual size: 1KB

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 36KB

.rsrc Size: 145KB - Virtual size: 145KB

.THHgqC
Size: 1KB - Virtual size: 1KB

.H
Size: 1024B - Virtual size: 947B

.irgho
Size: 2KB - Virtual size: 1KB

.UWDN
Size: 2KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 36KB

.rsrc
Size: 145KB - Virtual size: 145KB