3b00398749a7f56f3543cd4065e1a178

General

Target

3b00398749a7f56f3543cd4065e1a178
Size

185KB
MD5

3b00398749a7f56f3543cd4065e1a178
SHA1

1f758a60cef90f88754e026ccbb2628c2b189e7c
SHA256

60c5927b040210718144adc3fe4c1bc6bf270ddf96645e7dfb7d250d3e5f6891
SHA512

89b50721e6e11f8b40688dd899066eed26a0fa502582cf5615fc443c0775bfd544e664fd0bde68c3dab6d081459521719488c62985bc92d872dc7f70688aceb7
SSDEEP

3072:GE2b75GcET2bxnOKj15VijbgFabDKMEJZZJWKxNTGhr3BeCrsOq/jwNr+h3SyGdM:s7zi2xF55V2g0yjbOq9G53Be+PyAQUE9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b00398749a7f56f3543cd4065e1a178

Files

3b00398749a7f56f3543cd4065e1a178
.exe windows:4 windows x86 arch:x86

592e22f7ef36b84e81cee3c086811a91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyExA
RegOpenKeyA
RegCloseKey

kernel32

InitializeCriticalSection
WaitForSingleObject
AddAtomW
LocalFree
GlobalUnlock
CreateFileA
GetModuleFileNameW
Sleep
GlobalLock
GlobalFree
MultiByteToWideChar
ReadFile
GetFileAttributesA
VirtualFree
GetCurrentThreadId
GetTickCount
ReleaseMutex
CreateMutexA
LocalAlloc
DeleteFileA
GetTempFileNameA
DeviceIoControl
GetVolumeInformationA
GetLastError
GetVersionExA
GetSystemTimeAsFileTime
EnumResourceNamesA
SetFileAttributesA
GetFileSize
CreateDirectoryA
CloseHandle
CheckNameLegalDOS8Dot3W
GetModuleFileNameA
SetFilePointer
WideCharToMultiByte
InterlockedDecrement
GetSystemTime
lstrlenA
QueryPerformanceCounter
CreateFileW
DisableThreadLibraryCalls
GetTempPathA
CopyFileA
DeleteCriticalSection
VirtualAlloc
InterlockedIncrement
GetCurrentProcessId
FreeLibrary

lz32

LZClose
LZCopy
LZOpenFileA

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 101KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

592e22f7ef36b84e81cee3c086811a91

Headers

File Characteristics

Imports

advapi32

kernel32

lz32

setupapi

Sections

.text Size: 101KB - Virtual size: 236KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 80KB - Virtual size: 80KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 101KB - Virtual size: 236KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 512B - Virtual size: 4KB