3921bbcd3fc4d6e03d2413a99b519bac

Sharing

Copy URL

Twitter E-mail

General

Target

3921bbcd3fc4d6e03d2413a99b519bac
Size

375KB
MD5

3921bbcd3fc4d6e03d2413a99b519bac
SHA1

f2fcb74678342e677e16457e47ae34ff7dc891e5
SHA256

1d3c24b2ef11c009c0f093ee51c9f6b1f61ecf969ad6b8df1c418b95a5c67202
SHA512

8fb07eb5284f635ea8d68e400bf0505b10dbf86e2685feab2a2f9cfb892cf32bb842e8f5812b504a6a342a4cd62157e31f62a0b646caabf7fd903156eb297add
SSDEEP

6144:rrzeXGJQ0DgFKRdyic/aIqRcZ/fWFVYsY7jvTG0aPVppknz4:PFJ/EKRgiEa1RcBfWFKDrao4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3921bbcd3fc4d6e03d2413a99b519bac

Files

3921bbcd3fc4d6e03d2413a99b519bac
.exe windows:4 windows x86 arch:x86

5df683593811169f62fac31f53dae79a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetFileTitleA

advapi32

LookupPrivilegeValueA
RegQueryValueExW
CryptCreateHash
RegQueryValueExA
InitiateSystemShutdownA
RegOpenKeyExA
CreateServiceA
LookupPrivilegeNameA
LookupAccountNameA
RegConnectRegistryA
InitiateSystemShutdownW

kernel32

WideCharToMultiByte
GetConsoleCP
SetConsoleCtrlHandler
GetProcAddress
TlsSetValue
GetUserDefaultLCID
GetStdHandle
lstrcpyA
EnumResourceTypesA
IsDebuggerPresent
SetStdHandle
GetStringTypeW
CreateMutexA
GetTimeFormatA
SetLastError
LCMapStringW
GetComputerNameA
LoadLibraryA
HeapDestroy
VirtualQuery
GetTickCount
CloseHandle
ReadFile
InitializeCriticalSection
SetHandleCount
DeleteCriticalSection
GetStartupInfoA
VirtualFree
WriteConsoleW
GetTimeZoneInformation
TlsFree
CreateFileA
GetACP
LCMapStringA
GetProcessHeap
EnterCriticalSection
GetOEMCP
GetModuleFileNameA
GetCommandLineA
WriteFile
GlobalCompact
FreeEnvironmentStringsA
GetVersionExA
SetUnhandledExceptionFilter
HeapFree
GetCurrentProcess
EnumDateFormatsA
GetFileType
GetConsoleOutputCP
GetModuleHandleA
InterlockedDecrement
SetFilePointer
FlushFileBuffers
GetCurrentProcessId
HeapSize
LeaveCriticalSection
GetEnvironmentStringsW
Sleep
IsValidLocale
UnhandledExceptionFilter
FreeLibrary
IsValidCodePage
GetCurrentThread
InterlockedIncrement
TlsGetValue
WriteConsoleInputA
GetCurrentDirectoryW
GetLocaleInfoA
GetLocaleInfoW
CompareStringA
WriteConsoleA
HeapAlloc
GetConsoleMode
TerminateProcess
OpenMutexA
HeapReAlloc
HeapCreate
CompareStringW
SetThreadAffinityMask
GetDateFormatA
EnumSystemLocalesA
VirtualAlloc
SetEnvironmentVariableA
RtlUnwind
CreateSemaphoreW
TlsAlloc
DeleteFileW
GetLastError
SetThreadLocale
GetCPInfo
GetCurrentThreadId
MultiByteToWideChar
GetEnvironmentStrings
GetStringTypeA
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedExchange
ExitProcess
FreeEnvironmentStringsW
WriteConsoleOutputA
ResetEvent

comctl32

InitCommonControlsEx

user32

IsChild
RegisterClassExA
RegisterClassA
FillRect
MsgWaitForMultipleObjectsEx
RemovePropW
MapVirtualKeyA
GetTabbedTextExtentA
GetUpdateRect

gdi32

StartPage
SetROP2
CreateScalableFontResourceW
ExtEscape
SetICMProfileA
CreateDIBPatternBrush
CreateColorSpaceW
FloodFill
GdiSetBatchLimit
GetTextExtentPoint32W
CreateFontW

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5df683593811169f62fac31f53dae79a

Headers

File Characteristics

Imports

comdlg32

advapi32

kernel32

comctl32

user32

gdi32

Sections

.text Size: 241KB - Virtual size: 241KB

.rdata Size: 26KB - Virtual size: 55KB

.data Size: 95KB - Virtual size: 94KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 241KB - Virtual size: 241KB

.rdata
Size: 26KB - Virtual size: 55KB

.data
Size: 95KB - Virtual size: 94KB

.rsrc
Size: 11KB - Virtual size: 11KB