3948baa5ce6b1bcc68405f9c41bd5ff0

Sharing

Copy URL

Twitter E-mail

General

Target

3948baa5ce6b1bcc68405f9c41bd5ff0
Size

316KB
MD5

3948baa5ce6b1bcc68405f9c41bd5ff0
SHA1

b3f3541bce6898ad22a6dea22a382e4bfbff8f0d
SHA256

7c91bf702c563ba9ceedc136dd2d7b7a0f49ee021f4a9d47a8604c9e8be3c7ff
SHA512

9a2829fbfa2e8c87bb8b6c905bfb2a9a3886cc35af2cf8530a40a2ce75fa561aec9fa289dec5d9235ca631eb3565b3836be7f2e178c025cc42477b0545d089cd
SSDEEP

6144:sPfq0F10UDYeBmfV9mX9mPCM5UIJMe00nr8C5BWDfQCU/tqjjqWE8:sabtHmNmP4IJMe00ACmjQCUPWE8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3948baa5ce6b1bcc68405f9c41bd5ff0

Files

3948baa5ce6b1bcc68405f9c41bd5ff0
.exe windows:4 windows x86 arch:x86

c4e6b82ec1798e8fb346b911f55094aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

gdi32

CreateSolidBrush
GetDeviceCaps
CreateDCA
DeleteObject
DeleteDC

advapi32

AllocateAndInitializeSid
GetLengthSid
RegDeleteKeyW
ConvertSidToStringSidA
GetSecurityDescriptorDacl
RegEnumValueW
CheckTokenMembership
InitializeSecurityDescriptor
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW
RegQueryValueExW
CopySid
GetTokenInformation
AddAccessAllowedAce
RegQueryInfoKeyW
IsValidSid
RegCloseKey
FreeSid
RegOpenKeyExW
AddAccessDeniedAce
RegCreateKeyExW
InitializeAcl
SetSecurityDescriptorDacl
OpenProcessToken
RegQueryValueExA
OpenThreadToken
RegSetValueExW
RegEnumKeyExW

kernel32

InitializeCriticalSection
IsDebuggerPresent
CreateEventW
GetModuleFileNameA
lstrlenW
LoadLibraryExW
GetCurrentProcessId
GetCurrentProcessId
TlsAlloc
CreateSemaphoreA
GetSystemTimeAsFileTime
GetShortPathNameW
CreateProcessA
CreateProcessW
ReleaseMutex
GetVersionExW
WideCharToMultiByte
LoadLibraryA
GetSystemWindowsDirectoryW
GetDiskFreeSpaceExW
GetSystemDirectoryW
FlushFileBuffers
WriteFile
GetVersion
GetShortPathNameA
TerminateProcess
CreateMutexA
OutputDebugStringA
TlsFree
EnterCriticalSection
VirtualProtect
GlobalFree
CompareStringW
HeapReAlloc
FreeLibrary
GetCurrentThread
GetTickCount
GetVersionExA
UnhandledExceptionFilter
GetUserDefaultLCID
ExitProcess
IsValidCodePage
IsValidLocale
MultiByteToWideChar
HeapValidate
GetLongPathNameW
GetStringTypeExW
FlushFileBuffers
GetLastError
SetLastError
ExpandEnvironmentStringsW
lstrcmpiW
SetFileAttributesW
VirtualFree
HeapSize
OpenMutexA
LocalAlloc
GetCurrentProcess
LoadLibraryW
HeapAlloc
DeleteCriticalSection
GetFileType
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
WaitForSingleObject
LeaveCriticalSection
InterlockedCompareExchange
SetEvent
GetModuleHandleW
HeapFree
GetProcessTimes
GetProcessHeap
IsProcessorFeaturePresent
IsDBCSLeadByte
GetSystemDefaultLCID
VirtualAlloc
GetModuleHandleA
CreateFileW
CloseHandle
GetModuleFileNameW
RaiseException
GetTempFileNameA
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
QueryPerformanceCounter
GetTimeZoneInformation
DeleteFileW
GlobalMemoryStatus
InterlockedExchange
GetFileAttributesW
GetTempPathA
GetProcAddress
ReleaseSemaphore
GetSystemInfo
GlobalAlloc
CreateDirectoryW
LocalFree
Sleep

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

GetMonitorInfoA
SystemParametersInfoA
GetMenuCheckMarkDimensions
ReleaseDC
EnumDisplayMonitors
EnumWindowStationsW
GetSysColor
GetDC
GetSystemMetrics
GetKeyboardLayout

secur32

GetUserNameExW

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.venue
Size: 5KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4e6b82ec1798e8fb346b911f55094aa

Headers

File Characteristics

Imports

gdi32

advapi32

kernel32

version

user32

secur32

Sections

.text Size: 205KB - Virtual size: 205KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 100KB - Virtual size: 100KB

.venue Size: 5KB - Virtual size: 73KB

.text
Size: 205KB - Virtual size: 205KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 100KB

.venue
Size: 5KB - Virtual size: 73KB