3b5cc5075aabdaa82d75fb1f794de1ad

General

Target

3b5cc5075aabdaa82d75fb1f794de1ad
Size

44KB
MD5

3b5cc5075aabdaa82d75fb1f794de1ad
SHA1

78faa0935d60b9a854ee050918c2b515f17a4148
SHA256

cffc6dc46c54ceb5e71dbc05c21d5d83a4f8e1e95484d8359fc83ccc157f26b3
SHA512

539222dedcfdd110a38cc4bd3025f660dcab002283af689d532d4a767e64918e982633a19b092a2c3eff109b160ee9cfee0d34da26d3770600551d07e3bebfcd
SSDEEP

768:ztyHWdkuy9gKD8zTuFub3TQ2m7C+DABBQARQkL0D35bNEUXa:ztOWdkV9gK4/pBBQARgD35bNE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b5cc5075aabdaa82d75fb1f794de1ad

Files

3b5cc5075aabdaa82d75fb1f794de1ad
.dll windows:4 windows x86 arch:x86

b11680ebc400ac6607dba3eb05d49972

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

memcpy
memcmp
strstr
_snprintf
RtlZeroMemory
RtlUnwind
strlen

ws2_32

gethostname

kernel32

CreateFileMappingA
IsBadReadPtr
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualProtectEx
UnmapViewOfFile
ReadFile
MoveFileExA
MapViewOfFile
GetTempPathA
GetTempFileNameA
CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GlobalAlloc
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
ReadProcessMemory
Sleep
VirtualAlloc
VirtualFree
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
GetProcAddress
LoadLibraryA
CreateFileA
GetSystemDirectoryA
CreateProcessA
DeleteFileA
GetExitCodeThread
GetFileSize
GetLastError
GetStartupInfoA

user32

GetWindowTextA
GetWindowThreadProcessId
KillTimer
SetTimer
SetWindowLongA
CallNextHookEx
FindWindowA
RegisterWindowMessageA
SendMessageA
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA
CallWindowProcA
EnumWindows
GetWindowLongA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b11680ebc400ac6607dba3eb05d49972

Headers

File Characteristics

Imports

ntdll

ws2_32

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 22KB

.bss Size: - Virtual size: 12B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 816B

.text
Size: 24KB - Virtual size: 22KB

.bss
Size: - Virtual size: 12B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 816B