3c529a21b14c70613a227312aba51cb9

Sharing

Copy URL Twitter E-mail

General

Target

3c529a21b14c70613a227312aba51cb9
Size

167KB
MD5

3c529a21b14c70613a227312aba51cb9
SHA1

f5f72b9d7aa2bdaf7ac16e668f5694d511a02a47
SHA256

e93a203f8cd6d979dbba7530428981454c0bb53c077c54b6a7e962ff6b288f8e
SHA512

5df2da22a0bacbab0f52f47cde5d0ad39cc49f54a5df19f5e56602e75212f8872059e9d180eb08ffebe81c48ad52728afe709190e1c38cf1eb9ee5582e435eab
SSDEEP

3072:mgFH0Iv2rbkFBYoIYwTpZ8lkO2k4dH4c0J04U9Wx27BsreZH:PFURbmeoIvEmnH4cbv9AMBskH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c529a21b14c70613a227312aba51cb9

Files

3c529a21b14c70613a227312aba51cb9
.exe windows:4 windows x86 arch:x86

c221788b7bcb4df7d7094ae5a3dfa5e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetObjectW
CreateBitmap
SetBrushOrgEx
GetDIBits
SetBkColor
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
GetObjectType
CreateDCW
StretchBlt
DeleteObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SetStretchBltMode

user32

IsRectEmpty
FillRect
CopyRect
wsprintfW
TranslateMessage
GetClientRect
ReleaseDC
SetRectEmpty
DispatchMessageW
OffsetRect
GetDC
PeekMessageW
GetWindowRect

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoFreeUnusedLibraries
StringFromGUID2
CoCreateInstance
CoInitialize

winmm

timeGetTime

kernel32

InitializeCriticalSection
GetLastError
WaitNamedPipeA
ReleaseMutex
InterlockedExchange
OutputDebugStringW
GetLocaleInfoA
GetFileAttributesA
LocalFree
GetSystemTime
LocalAlloc
GetThreadLocale
SetFileAttributesW
DeleteCriticalSection
MultiByteToWideChar
GetVersionExW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
GetTempFileNameW
GetProcessAffinityMask
OutputDebugStringA
CopyFileA
FindFirstFileW
CreateFileA
MulDiv
lstrlenA
EnumResourceTypesW
FindNextFileW
GetVersionExA
GetTempPathW
GetACP
WideCharToMultiByte
FreeLibrary
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DisableThreadLibraryCalls
QueryPerformanceCounter
LoadLibraryW
ExitProcess
GetModuleFileNameA
lstrlenW
DeleteFileW
RemoveDirectoryW
CloseHandle
SetFilePointer
LeaveCriticalSection
GetTempPathA
ReadFile
Sleep
WriteFile
CreateMutexA
GetTempFileNameA
GetTickCount
SetFileAttributesA
EnterCriticalSection
WaitForSingleObject
FindClose
GetModuleFileNameW
GetProcAddress
GetSystemTimeAsFileTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExA
RegSetValueW
RegCreateKeyExA
RegDeleteKeyA

shlwapi

PathCombineW
PathFileExistsA
PathFileExistsW
PathAppendW
PathRemoveBackslashW
PathAddBackslashW
PathRenameExtensionW
PathIsDirectoryW
PathRemoveFileSpecW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c221788b7bcb4df7d7094ae5a3dfa5e7

Headers

File Characteristics

Imports

gdi32

user32

shell32

ole32

winmm

kernel32

avifil32

advapi32

shlwapi

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 62KB - Virtual size: 61KB

.tls Size: 1024B - Virtual size: 104KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 62KB - Virtual size: 61KB

.tls
Size: 1024B - Virtual size: 104KB