3a84babce20451837a0bbef91f50be18

Sharing

Copy URL

Twitter E-mail

General

Target

3a84babce20451837a0bbef91f50be18
Size

1.3MB
MD5

3a84babce20451837a0bbef91f50be18
SHA1

f274f8895cb13f711189c4a4bf045b8198b97f6b
SHA256

3b329e719a898107321de5cc0551e435e2bba9b25c310624a8331cdca96b9576
SHA512

cb858fca4eeeca84bdc542afdb60ebb6f5cbc983e52cd900ee13ad90ff6b7cc4670ee98f734c1326b6d8b046984a05dfef21ffb4983b37022275a54bb0b16051
SSDEEP

24576:fMC1goYgyjT5WL8mY8J25u6TgGcAA5U9CxUPKAmdJzDEOAhc0wH8AQgwAQgwAzT:EC14cgmG59o5U9CwMYhsH8AQgwAQgwA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a84babce20451837a0bbef91f50be18

Files

3a84babce20451837a0bbef91f50be18
.exe windows:4 windows x86 arch:x86

0d4635d1a64a56c834879eeb032e0eb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx

imm32

ImmCreateContext
ImmAssociateContext
ImmGetOpenStatus
ImmSetOpenStatus
ImmGetCompositionStringA
ImmGetCandidateListA
ImmReleaseContext
ImmGetConversionStatus

wsock32

WSAGetLastError
send
socket
inet_ntoa
closesocket
htons
ioctlsocket
gethostbyname
connect
setsockopt
WSACleanup
WSAStartup
select
__WSAFDIsSet
recv

kernel32

FreeLibrary
GetProcAddress
OutputDebugStringA
LoadLibraryA
ExitThread
WaitForMultipleObjects
CreateThread
CreateEventA
CopyFileA
DeleteFileA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
ReleaseMutex
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
SetHandleCount
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileAttributesA
RtlUnwind
GetVersion
GetCommandLineA
GetStartupInfoA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
TerminateProcess
GetFileType
FileTimeToLocalFileTime
Sleep
GetFileSize
MultiByteToWideChar
GlobalHandle
GlobalFree
CreateFileA
WriteFile
CloseHandle
FileTimeToSystemTime
InterlockedIncrement
GlobalAlloc
lstrcpyA
GlobalLock
GlobalUnlock
GetTickCount
FreeEnvironmentStringsA
CompareStringW
CompareStringA
RaiseException
IsBadCodePtr
InterlockedDecrement
GetSystemTime
GetTimeZoneInformation
FlushFileBuffers
PeekNamedPipe
WideCharToMultiByte
SetEvent
InitializeCriticalSection
SetUnhandledExceptionFilter
DeleteCriticalSection
SetEndOfFile
GetLocalTime
ResumeThread
ResetEvent
GetModuleHandleA
GetExitCodeProcess
CreateProcessA
ReadFile
SetFilePointer
WaitForSingleObject
OpenEventA
GetModuleFileNameA
lstrcatA
GetLastError
CreateDirectoryA
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
OpenMutexA
TerminateThread
CreateMutexA
GetComputerNameA
lstrlenA
lstrcmpA
ExitProcess
QueryPerformanceCounter
IsBadReadPtr
GetSystemDirectoryA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle

user32

GetClipboardData
CloseClipboard
wsprintfA
MessageBoxA
GetAsyncKeyState
GetCursorPos
ScreenToClient
DestroyWindow
PostQuitMessage
SetCursor
DefWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
AdjustWindowRectEx
ShowWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
UpdateWindow
SetSysColors
GetSysColor
LoadIconA
LoadCursorA
RegisterClassA
SetWindowTextA
GetKeyboardState
PostMessageA
ShowCursor
SetRect
ClientToScreen
GetClientRect
OffsetRect
GetDC
ReleaseDC
OpenClipboard

gdi32

GetDIBits
BitBlt
DeleteObject
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetDeviceCaps
SetTextColor
TextOutA
CreateFontA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize

dsound

ord1

winmm

timeGetTime
mmioOpenA
mciSendCommandA
mmioDescend
mmioRead
mmioAscend
mmioClose

ws2_32

WSASend

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

advapi32

RegCloseKey
CryptAcquireContextA
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
CryptReleaseContext
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
RegEnumValueA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d4635d1a64a56c834879eeb032e0eb6

Headers

File Characteristics

Imports

ddraw

imm32

wsock32

kernel32

user32

gdi32

shell32

ole32

dsound

winmm

ws2_32

wininet

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 244KB - Virtual size: 9.7MB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 244KB - Virtual size: 9.7MB

.rsrc
Size: 8KB - Virtual size: 7KB