034b0f314585109f155ff935c2893a54

Sharing

Copy URL Twitter E-mail

General

Target

034b0f314585109f155ff935c2893a54
Size

455KB
MD5

034b0f314585109f155ff935c2893a54
SHA1

9289b1b3233ce254af561ce2a539ef8699a11867
SHA256

7358e3e70adba8b8ddccd913886b0c9184924a0963c808f3a6b93cf035eaad0f
SHA512

7520e740a46d07e2dc60e9e5c595736e8828537d9e117af8fa45bb146a584a660cd14c54fc67434919e98cfdfbc97fa6ee24ee6dbd43ee1b7224c1c0bd8e6d64
SSDEEP

6144:1enYYB4l/Bcziy+GKEij+5bL8Vzz6+zLmts3mNwoIah2PS0FYHkMKQuQ2XsjpO8/:1UBWBWY+pSzWNrvYSRHkJgvQ89

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
034b0f314585109f155ff935c2893a54

Files

034b0f314585109f155ff935c2893a54
.exe windows:4 windows x86 arch:x86

bdf846b05aa46a00c8fd7f87c7d6c280

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

user32

SetTimer
DragDetect
PostThreadMessageW
DdeImpersonateClient
RegisterClassExA
SendDlgItemMessageW
WINNLSGetIMEHotkey
RegisterClassA
MessageBoxA
GetTopWindow
DdeCreateDataHandle
VkKeyScanA
GetWindowWord
DdeAccessData
CheckMenuRadioItem
DispatchMessageW
DestroyCursor
UnhookWindowsHook
DlgDirSelectExW
DdeCreateStringHandleW
NotifyWinEvent
GetClipboardFormatNameA
DrawTextExW

kernel32

SetEnvironmentVariableA
SetWaitableTimer
WriteFile
GetCurrentThreadId
FindClose
WritePrivateProfileSectionA
InterlockedDecrement
GetModuleHandleA
GetCommandLineA
CloseHandle
SetFilePointer
GetTimeZoneInformation
GlobalHandle
VirtualFree
TlsGetValue
GetACP
LoadResource
DeleteCriticalSection
GetSystemTime
RtlUnwind
LeaveCriticalSection
GetSystemTimeAsFileTime
TlsAlloc
GetStringTypeA
UnhandledExceptionFilter
LoadLibraryA
QueryPerformanceCounter
TlsSetValue
SetStdHandle
VirtualQuery
GetModuleFileNameA
GetLocalTime
SetConsoleTextAttribute
HeapFree
CreateMailslotA
IsValidLocale
FreeEnvironmentStringsW
OpenMutexA
VirtualAlloc
ExitProcess
SetSystemTime
CompareStringA
GetLastError
SetThreadIdealProcessor
GetCurrentProcess
TerminateProcess
GetOEMCP
FreeEnvironmentStringsA
LCMapStringW
SetLastError
GetProcAddress
GetEnvironmentStrings
GetCPInfo
HeapCreate
InterlockedIncrement
MapViewOfFileEx
FlushFileBuffers
CompareStringW
GetCurrentProcessId
GetCurrentThread
GetTickCount
ReadFile
MultiByteToWideChar
HeapLock
SetHandleCount
InterlockedExchange
WideCharToMultiByte
HeapAlloc
CreateDirectoryW
GetVersion
HeapReAlloc
HeapDestroy
CreateThread
GetStdHandle
GetFileType
GetStartupInfoA
InitializeCriticalSection
IsBadWritePtr
GetStringTypeW
CreateMutexA
LCMapStringA
GetEnvironmentStringsW
ReadConsoleOutputCharacterA
TlsFree
EnterCriticalSection
WaitNamedPipeA

wininet

ShowSecurityInfo
FtpFindFirstFileA
GopherCreateLocatorW
GopherGetLocatorTypeA
FtpGetFileSize
InternetCanonicalizeUrlW
IsHostInProxyBypassList
FindCloseUrlCache
GopherFindFirstFileA

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdf846b05aa46a00c8fd7f87c7d6c280

Headers

File Characteristics

Imports

shell32

comctl32

user32

kernel32

wininet

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 4KB - Virtual size: 18KB

.data Size: 310KB - Virtual size: 309KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 4KB - Virtual size: 18KB

.data
Size: 310KB - Virtual size: 309KB

.rsrc
Size: 5KB - Virtual size: 4KB