3a91e7b5b137db36caddee772dee310a

Sharing

Copy URL Twitter E-mail

General

Target

3a91e7b5b137db36caddee772dee310a
Size

348KB
MD5

3a91e7b5b137db36caddee772dee310a
SHA1

7c35fb4d3bbbf56fe010eda492541b4ba7025833
SHA256

897045698a0104be491f8160a9bf6959cc09873489938caf16eb30c34f08124d
SHA512

06c82206c28c6dfc96fe9593fb61c4a0cb4498f5939c9a8ec8281fa5c2bc235d0be5bf8b93758812b61adb7786364e3dfb12f9c61f286e204690a745971a3e52
SSDEEP

3072:hR3+vPWmtlWYw/uT/orW/kfpJbTBfPvq75EFtcKW/Xey7J:hRmWwWeTqxJbTBnvqlEEKI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a91e7b5b137db36caddee772dee310a

Files

3a91e7b5b137db36caddee772dee310a
.exe windows:4 windows x86 arch:x86

7c769a773ce55bfb9db2d3b0ad752dee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpPutFileW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetOpenW
InternetConnectW

ws2_32

WSAEventSelect
WSAConnect
WSAEnumNetworkEvents
WSACloseEvent
WSASetLastError
getservbyport
ntohs
gethostbyaddr
WSACreateEvent
getservbyname
htonl
WSAGetLastError
inet_addr
shutdown
closesocket
gethostname
gethostbyname
inet_ntoa
WSAStartup
WSACleanup
WSASocketW
htons

kernel32

GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
GetFileType
SetHandleCount
FlushFileBuffers
WideCharToMultiByte
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessW
CloseHandle
WriteFile
lstrlenW
lstrcpyW
GetShortPathNameW
GetModuleFileNameW
CreateFileW
GetTempFileNameW
GetTempPathW
GetProcAddress
LoadLibraryW
LocalFree
GetLastError
DuplicateHandle
OpenProcess
TerminateProcess
Sleep
GetExitCodeProcess
Module32NextW
lstrcmpiW
Module32FirstW
CreateToolhelp32Snapshot
Process32NextW
GetPriorityClass
Process32FirstW
GetLocalTime
GetModuleHandleW
DeleteFileW
GetCompressedFileSizeW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetOverlappedResult
ReadFile
lstrlenA
SetFileAttributesW
WaitForSingleObject
ReleaseMutex
CreateDirectoryW
GetSystemDirectoryW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
FreeLibrary
GetThreadLocale
GetACP
GetTimeZoneInformation
GetTickCount
CopyFileW
RaiseException
LoadLibraryA
GetSystemDirectoryA
CreateEventW
InterlockedExchange
GetLocaleInfoA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetFilePointer
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetStartupInfoA
GetCommandLineA
ExitProcess
VirtualQuery
GetSystemInfo
GetModuleFileNameA
GetStdHandle
HeapCreate
GetModuleHandleA
VirtualAlloc
VirtualProtect
RtlUnwind
CreateMutexW
GetSystemTimeAsFileTime
VirtualFree

user32

UnregisterClassA
FindWindowExW
RegisterWindowMessageW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
DefWindowProcW
PostQuitMessage
GetKeyState
GetKeyboardState
ToUnicode
GetKeyNameTextW
GetParent
SendMessageW
SetWindowsHookExW
SetTimer

advapi32

RegCloseKey
SetEntriesInAclW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
SetSecurityInfo
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CoCreateInstance
CoInitialize

shlwapi

PathFileExistsW

dnsapi

DnsRecordListFree
DnsQuery_W

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c769a773ce55bfb9db2d3b0ad752dee

Headers

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

dnsapi

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 147KB

.rsrc Size: 184KB - Virtual size: 180KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 147KB

.rsrc
Size: 184KB - Virtual size: 180KB