3b0e571e0927712e7942ccb231213674

Sharing

Copy URL

Twitter E-mail

General

Target

3b0e571e0927712e7942ccb231213674
Size

147KB
MD5

3b0e571e0927712e7942ccb231213674
SHA1

c1d187055f2550ea7ab66519f8d3887ae3bc6b9a
SHA256

cb8b199e4225b83d35f0ac9c3724f2eb36e337d5dc6158a75c6b8a8f223753bf
SHA512

31aea29637a5609b52342ecc80672a65c49b42953c38dc3e7fcfd46b91d2134df1e590678b002982557b875cd13fde24b193cdaeea3331b2d234353e24d6d612
SSDEEP

3072:fEXYbNhyoRtimA43qy2w9he+sK33hgkos6//e7/2t:fLhyiBhe+sKnGVez

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b0e571e0927712e7942ccb231213674

Files

3b0e571e0927712e7942ccb231213674
.exe windows:5 windows x86 arch:x86

4bf1319a01ee357a462222c6fae498b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHCopyKeyA
StrCmpNIA
ord157
PathIsContentTypeA
SHRegCloseUSKey

shell32

ord80
ord191

kernel32

ClearCommError
GetCurrentProcess
SetHandleInformation
FindFirstFileExW
BackupSeek
lstrcpynW
TerminateProcess
GetMailslotInfo
GetLastError
BackupRead
HeapAlloc
FindClose
MoveFileA
GetProfileStringA
WaitForMultipleObjects
EnumResourceNamesA
DuplicateHandle
SetFileShortNameA
CloseHandle
ResetWriteWatch
lstrcpyA
lstrcmpiW
EnumResourceTypesW
LoadLibraryA
GetProcAddress
lstrlenW
GetTimeZoneInformation
FileTimeToDosDateTime
GetNamedPipeInfo
GetTempFileNameW
LocalFileTimeToFileTime
FileTimeToSystemTime
FormatMessageW
_lcreat
DosDateTimeToFileTime
BackupWrite

user32

EndPaint
IsWindowVisible
CreateDialogParamW
GetKeyboardState
CharLowerW
CharPrevA
DlgDirSelectExA
CreateCursor
LoadImageW
EnumPropsW
TranslateAcceleratorW
EnumPropsExA
PostMessageW
SetMenuItemBitmaps
GetWindowInfo
BeginPaint
wsprintfW
SetPropW
TranslateMessage
LoadAcceleratorsW
GetWindowTextA
PeekMessageW
SetScrollPos
ReleaseDC
LoadCursorFromFileW
ScrollWindow
ValidateRgn
SendMessageW
SetMenuItemInfoW
GetPropW
DispatchMessageW
GetDC
GetDesktopWindow
GetWindowRgn

gdi32

CreateDiscardableBitmap
CreateCompatibleDC
DeleteDC
GetBitmapBits
GetGlyphIndicesW
GetTextExtentExPointW
LineTo
FillRgn
GetCharABCWidthsA
SetWindowExtEx
DescribePixelFormat
SetDIBitsToDevice
SetBkColor
AngleArc
OffsetClipRgn
SetTextCharacterExtra
CreateBitmapIndirect
UpdateColors

advapi32

GetSidLengthRequired
EqualSid
PrivilegedServiceAuditAlarmA
GetSidSubAuthority
InitializeSid

ntdll

memset

Exports

Exports

_MinCharHeight@12
_ValidateMinCharHeight@12

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TEMP
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.expdat
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pedata
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.impdat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bf1319a01ee357a462222c6fae498b0

Headers

File Characteristics

Imports

shlwapi

shell32

kernel32

user32

gdi32

advapi32

ntdll

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.code Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 188B

TEMP Size: 512B - Virtual size: 128B

.expdat Size: 512B - Virtual size: 116B

.pedata Size: 512B - Virtual size: 416B

.impdat Size: 3KB - Virtual size: 2KB

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 1024B - Virtual size: 824B

.text
Size: 1KB - Virtual size: 1KB

.code
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 188B

TEMP
Size: 512B - Virtual size: 128B

.expdat
Size: 512B - Virtual size: 116B

.pedata
Size: 512B - Virtual size: 416B

.impdat
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 1024B - Virtual size: 824B