3a58bb5a72dd9851a97d3dee45b4f138

Sharing

Copy URL Twitter E-mail

General

Target

3a58bb5a72dd9851a97d3dee45b4f138
Size

512KB
MD5

3a58bb5a72dd9851a97d3dee45b4f138
SHA1

192d2aabe3616d397181bf03720131060dc65a48
SHA256

c6d1389db095c472bf3f2516d583d69f43d3686bb9ecc1055d70d680d90af619
SHA512

1d4310a01e99b0ad60c94fed49e470c181eb35ef29df6ddd477a354a279fe8d65b89e38ef18e98c9c923011372e0cbffa2fefc89b382591de7ec3c7f2858fbd0
SSDEEP

12288:bTGwhROmZUByplEBhLBINEfdQJHgVEgd/dCRFR:vLdeByUvuCrmRFR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a58bb5a72dd9851a97d3dee45b4f138

Files

3a58bb5a72dd9851a97d3dee45b4f138
.exe windows:4 windows x86 arch:x86

3eb94b89cc2d083a748f1827972a1ed8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetStartupInfoW
GetStringTypeW
IsValidLocale
GetProcAddress
GetTimeZoneInformation
HeapReAlloc
LCMapStringW
GetFullPathNameA
GetEnvironmentStringsW
GetCurrentProcessId
MultiByteToWideChar
GlobalAlloc
FreeEnvironmentStringsA
SetConsoleCtrlHandler
TlsAlloc
GetUserDefaultLCID
Sleep
SetEnvironmentVariableA
TlsFree
GetACP
SetLastError
GetFileTime
GetModuleFileNameW
HeapCreate
CommConfigDialogA
GetCurrentThread
GetPrivateProfileSectionW
WriteFile
ExitProcess
GetTickCount
ExpandEnvironmentStringsA
LeaveCriticalSection
HeapFree
CompareStringW
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
QueryPerformanceCounter
CompareStringA
VirtualAlloc
GetStringTypeA
SetVolumeLabelW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
UnhandledExceptionFilter
DeleteCriticalSection
FreeEnvironmentStringsW
GetCommandLineA
InterlockedIncrement
SetHandleCount
GetStdHandle
FindNextFileW
GetSystemTimeAsFileTime
EnterCriticalSection
EnumTimeFormatsA
GetThreadLocale
EnumSystemLocalesA
FreeLibrary
GetPrivateProfileSectionNamesW
IsValidCodePage
HeapDestroy
TlsSetValue
CompareFileTime
GetCPInfo
IsDebuggerPresent
VirtualFree
GetStartupInfoA
LCMapStringA
GetCommandLineW
lstrcmp
InterlockedExchange
GetFileType
TlsGetValue
lstrcpy
HeapSize
GetDateFormatA
WritePrivateProfileStructA
GetVersionExA
GetProcessHeap
HeapAlloc
InterlockedDecrement
GlobalFindAtomW
DeleteFileA
GetOEMCP
VirtualQuery
GetModuleHandleA
InitializeCriticalSection
GetEnvironmentStrings
GetLocaleInfoW
RtlUnwind
FlushConsoleInputBuffer
WideCharToMultiByte
GetTimeFormatA

advapi32

CryptDuplicateHash
GetUserNameW
RegDeleteKeyA
RegQueryValueA
RegNotifyChangeKeyValue
RegRestoreKeyA
LookupAccountNameW
CryptExportKey
CryptEnumProvidersW
CryptSignHashW
CryptSetKeyParam
CryptDuplicateKey
CryptGetDefaultProviderW
LookupPrivilegeValueW
StartServiceW
RegSaveKeyA
RegEnumKeyExW
CreateServiceA
LogonUserW
CryptSetProviderExW
RegRestoreKeyW
CryptDestroyKey
CryptSetProviderA
CryptVerifySignatureW

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3eb94b89cc2d083a748f1827972a1ed8

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 190KB - Virtual size: 190KB

.data Size: 315KB - Virtual size: 314KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 190KB - Virtual size: 190KB

.data
Size: 315KB - Virtual size: 314KB

.rsrc
Size: 5KB - Virtual size: 5KB