3a86b53dd96c37347c305c876b84f550

Sharing

Copy URL Twitter E-mail

General

Target

3a86b53dd96c37347c305c876b84f550
Size

94KB
MD5

3a86b53dd96c37347c305c876b84f550
SHA1

2631d9945884a94577949ad33fdc54dd55ced2ca
SHA256

ca893f22a886e2fdc69ebf15d5779bb0e0c1a91ad7ab32d128138aeec98a677b
SHA512

3927c82e8199502366157e246900b6047df1c581420216fa86eb7aba7018f7d703d4071cbb40a61ad06c94217bde04eb35ca880275674218a9c2ead59e15043a
SSDEEP

1536:TnqP3qoHXocQpDRlkFOMIJ+zQ1esxLRcmRBKMTDH6woSQPO145MjpIP:TWqoHXocQpDfMOMIJKIBRReMTDHutW1K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a86b53dd96c37347c305c876b84f550

Files

3a86b53dd96c37347c305c876b84f550
.exe windows:5 windows x86 arch:x86

49ae01841a8bebd02ae95db43069fa42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

iswdigit
wcscpy
wcsncmp
wcslen
strcpy
wcsncpy
wcscat
wcschr
memcpy

kernel32

VirtualProtectEx
LoadLibraryA
GetFileTime
FindResourceA
SystemTimeToFileTime
CompareFileTime
GetLogicalDrives
GetLastError
RemoveDirectoryA
GlobalFree
LockResource
OpenEventA
WaitForMultipleObjects
GetModuleHandleA
CloseHandle
EnumResourceLanguagesW
GlobalReAlloc
SuspendThread
ResumeThread
LocalAlloc
GetProcAddress
FreeLibrary
InterlockedExchange
RaiseException
GetModuleHandleW
GetThreadContext
GetNamedPipeInfo
PostQueuedCompletionStatus
SetNamedPipeHandleState
CreateWaitableTimerW
OpenSemaphoreW
GetCurrentProcess

user32

TranslateAcceleratorA
GetMenuItemRect
OffsetRect
DrawStateA
TranslateMessage
EnumWindows
BeginPaint
ShowCaret
WindowFromPoint
MenuItemFromPoint
TabbedTextOutW
DrawTextW
GetKeyNameTextA
FillRect
ScreenToClient
GetMessageA
ClientToScreen
EndPaint
MoveWindow
CloseWindow
MessageBoxW
CreateWindowExA
MessageBoxA
IsCharAlphaA
SendInput
DestroyWindow
GetSysColor
GetCursorPos
GetSysColorBrush
DispatchMessageA
SetCaretPos
SwitchToThisWindow
MapWindowPoints
GetDC

gdi32

DeleteDC
DeleteObject
CreateCompatibleDC
GetCharWidthA
Chord
GetTextMetricsA
GetPixel
RestoreDC
SetMetaRgn
SelectObject
CreateRectRgn
DPtoLP

advapi32

CloseEventLog
ReadEventLogA
GetNumberOfEventLogRecords
OpenBackupEventLogW
OpenEventLogW
RegisterEventSourceW

Exports

Exports

_FindSharedMem@12
_MoveSharedMem@4
_ReadSharedMem@4
_SetSharedMem@4
_UpdateShareMem@16

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49ae01841a8bebd02ae95db43069fa42

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 452B

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 1024B - Virtual size: 686B

.text
Size: 13KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 452B

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 1024B - Virtual size: 686B