3aee806cc02392f2b0032eb11f574226

Sharing

Copy URL

Twitter E-mail

General

Target

3aee806cc02392f2b0032eb11f574226
Size

28KB
MD5

3aee806cc02392f2b0032eb11f574226
SHA1

c5176becf00bd312babc92964eba07d8b474875c
SHA256

e64cd806e3cc54c1ffe2acb19a52048787c2fb6573c0f2ae72bfc80848192e07
SHA512

3104f9bef2828495b0b57612c3e1d4eae58511ca09f2a84e774f3224dfda82dbc217e4e299538b1db7a8f463f2063915f1999f3c923ecd627fe7c90145b0aeb7
SSDEEP

768:HvThVROM7UZYCWxcIsAazhrIeeo6Bjt+ZYJY5L+:HFVROM7UZdWiMaVIef6Bj9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aee806cc02392f2b0032eb11f574226

Files

3aee806cc02392f2b0032eb11f574226
.exe windows:4 windows x86 arch:x86

baa9046b63b8e28af6f2426e9cce985f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA

shlwapi

PathBuildRootW
StrChrW
PathRemoveFileSpecW
PathAppendW
PathAddBackslashW
StrRChrW
StrStrIW
PathFileExistsW
PathCombineW

advapi32

FreeSid
LookupPrivilegeValueW
RegSetValueExW
GetTokenInformation
RegFlushKey
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW
RegSaveKeyW
AdjustTokenPrivileges
RegOpenKeyExW
RegSetValueW
RegEnumKeyW
EqualSid
AllocateAndInitializeSid
RegUnLoadKeyW
OpenProcessToken
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegLoadKeyW
RegCreateKeyExW

msvcrt

memset
_wcsnicmp
_wcsicmp
longjmp
free
_amsg_exit
_wtol
memmove
_ultow
_initterm
_XcptFilter
_vsnprintf
malloc
memcpy
_vsnwprintf
_adjust_fdiv
bsearch
_wtoi
_setjmp3

rpcrt4

RpcStringFreeW

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory

setupapi

SetupGetLineTextW
SetupDefaultQueueCallbackW
SetupQueueCopyW
SetupFindFirstLineW
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupSetDirectoryIdW
SetupFindNextLine
SetupInstallFromInfSectionW
SetupOpenInfFileW
SetupCloseFileQueue
SetupOpenFileQueue
SetupOpenAppendInfFileW
SetupCommitFileQueueW
SetupGetStringFieldW
SetupInitDefaultQueueCallbackEx

ole32

OleInitialize
CoTaskMemFree
OleUninitialize

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleaut32

VariantClear

gdi32

GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetStockObject

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

baa9046b63b8e28af6f2426e9cce985f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

advapi32

msvcrt

rpcrt4

ntdll

setupapi

ole32

version

oleaut32

gdi32

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 72KB

.reloc Size: 512B - Virtual size: 24B

.rdata Size: 5KB - Virtual size: 104KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 72KB

.reloc
Size: 512B - Virtual size: 24B

.rdata
Size: 5KB - Virtual size: 104KB