3cb8b80363608ef3a5d8d5b6fb2e48b9

Sharing

Copy URL Twitter E-mail

General

Target

3cb8b80363608ef3a5d8d5b6fb2e48b9
Size

168KB
MD5

3cb8b80363608ef3a5d8d5b6fb2e48b9
SHA1

3b4098470bed5b90c3e6667dcdb845eec0d09474
SHA256

e98f3d63dfa15668dabc776211f063d8b0a8a4ab8e791235f24eb1f147430dc3
SHA512

98c9789a9aa2108c3b741348fed221a31012f5001cf0cacb43b31e2c579309cb6e5879c0c71414bb8f05c7353089069b2236ac4d3e61ac97edec23543a5a017b
SSDEEP

3072:nuPHA1Um9AubOCNQAMz7FpgCDbqPDEaU/V3Yqo46qodNwi:n2ETlbrNQRz7HgCDb+DEh/E4hodN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cb8b80363608ef3a5d8d5b6fb2e48b9

Files

3cb8b80363608ef3a5d8d5b6fb2e48b9
.dll windows:4 windows x86 arch:x86

e554405472f9e7d6fc059b0d763c5b0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
CreateDirectoryW
GetFullPathNameW
GetTimeFormatW
LocalFree
InterlockedIncrement
ReleaseMutex
HeapDestroy
OutputDebugStringA
GetModuleHandleW
ExpandEnvironmentStringsA
LoadLibraryA
InterlockedDecrement
lstrcmpiW
GetCurrentThreadId
GetProcessHeap
VirtualQuery
UnmapViewOfFile
GetLocalTime
TlsGetValue
RaiseException
ExitProcess
GetVersion
DeleteFileA
IsBadCodePtr
CompareStringW
Beep
WideCharToMultiByte
GetDateFormatW
CloseHandle
lstrcpynW
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
lstrlenW
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualProtect
DeviceIoControl
GetCommandLineA

user32

CheckRadioButton
GetDlgItem
IsDlgButtonChecked
MessageBoxW
MessageBoxA
CheckDlgButton
SetFocus
EnableWindow
wsprintfW
SetDlgItemTextW
GetDlgItemTextW
LoadStringW
SendDlgItemMessageW
SendMessageW
SetWindowLongW
PostMessageW
GetParent

advapi32

RegOpenKeyW
RegOpenKeyExW
CopySid
RegCloseKey
GetSidSubAuthorityCount
GetSidSubAuthority
LsaStorePrivateData
LsaNtStatusToWinError
LsaOpenPolicy
IsValidSid
GetLengthSid
GetSidIdentifierAuthority
FreeSid
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetSecurityDescriptorGroup
RegQueryValueExW

ole32

OleRun
CoCreateInstance
ReleaseStgMedium

rpcrt4

DceErrorInqTextW
RpcStringFreeW
UuidCreate
UuidToStringW

msvcrt

exit
wcscat
_cexit
memset
_wcsnicmp
fgetws
iswctype
wcsrchr
_vsnprintf
_ismbblead
feof
free
malloc
_initterm
_adjust_fdiv
_wsplitpath
_wmakepath
_snwprintf
_wtoi
wcschr
wcslen
swprintf
wcsncmp
wcstok
memcpy
_except_handler3
wcscpy
_wcsicmp
_CxxThrowException
wcsncpy
wcscmp

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e554405472f9e7d6fc059b0d763c5b0a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcrt

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 36KB - Virtual size: 69KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 36KB - Virtual size: 69KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 4KB