3968b0e30ac035a15b5627247fa5b781

General

Target

3968b0e30ac035a15b5627247fa5b781
Size

299KB
MD5

3968b0e30ac035a15b5627247fa5b781
SHA1

de9809e4629d7f9d2908a43de82a5099990ff629
SHA256

a714aec75fcdc3f24c2a0fbb0b953f92e13978a49b9a08c190c5ee98b96fa566
SHA512

abf156ae20bcbbfc3d9d3082f7cdfdf302f668f4bc309bc6d172a49c108792b5d9686de97449e57c4612f71f928c213f1da20bcdeff1346a4cc55ce6843a87a5
SSDEEP

6144:6ov1J8Q5K5wHOVAxZLsvq+Zs62v44gDwoLQHpu:Vv1J8X54xZ3w4gDwP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3968b0e30ac035a15b5627247fa5b781

Files

3968b0e30ac035a15b5627247fa5b781
.exe windows:4 windows x86 arch:x86

5673d4095779286adcb0ca4dc8d64fd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

SHChangeNotify
SHGetFolderPathW
SHGetSpecialFolderPathA
SHCreateDirectoryExW
SHCreateDirectoryExA
SHGetSpecialFolderPathW

user32

SetForegroundWindow
ShowWindow
GetWindowRect
EnumWindowStationsW
IsIconic
GetLastActivePopup
SetRect
GetClientRect

kernel32

GetProcessHeap
GetVersionExA
FindResourceA
lstrlenW
LoadResource
InterlockedExchange
GetCommandLineA
GetThreadLocale
GetTempPathW
FindFirstFileExW
SetFileAttributesW
GetShortPathNameA
FindClose
GetFullPathNameW
GetLocaleInfoA
SetStdHandle
OutputDebugStringA
SizeofResource
lstrlenA
EnumSystemLocalesW
GetFullPathNameA
CloseHandle
GetVersionExW
GetStartupInfoA
GetUserDefaultLangID
GetLastError
WideCharToMultiByte
FindNextFileA
FindNextFileW
Sleep
GetModuleFileNameA
ExitProcess
CopyFileA
GetACP
GetSystemDefaultLangID
GetLocaleInfoW
MultiByteToWideChar
EnumUILanguagesW
RemoveDirectoryW
CopyFileW
GetVersion
GetUserDefaultUILanguage
lstrcmpiA
FindFirstFileExA
DeleteFileW
GetModuleFileNameW
CreateFileMappingA
DeleteFileA
SetFileAttributesA
GetShortPathNameW
OutputDebugStringW
GetModuleHandleA
LockResource
RemoveDirectoryA

dciman32

DCIBeginAccess

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bore
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5673d4095779286adcb0ca4dc8d64fd1

Headers

File Characteristics

Imports

shell32

user32

kernel32

dciman32

Sections

.text Size: 211KB - Virtual size: 210KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 80KB - Virtual size: 80KB

.bore Size: 5KB - Virtual size: 72KB

.text
Size: 211KB - Virtual size: 210KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 80KB - Virtual size: 80KB

.bore
Size: 5KB - Virtual size: 72KB