3b8bab471f1f17db0655510cdd43b5ac

General

Target

3b8bab471f1f17db0655510cdd43b5ac
Size

100KB
MD5

3b8bab471f1f17db0655510cdd43b5ac
SHA1

0ccf04943843cddcb2331540f58370b047e41ce7
SHA256

645e894777dd68d868841a9e4c4e0c881453fe5ed30f68818e3fca084c5699ec
SHA512

46ada7bc116971e1d4cf546483a08d40b59f3c9894c5132532df07f89c93aaec542ccf1088d4a6ff15ef662a1ba91786d76530e3906483fb5c253d94cb8655ed
SSDEEP

1536:aMMRlWtAdAwT3do3AY3bP0kbMIy2429NFbnf60UoV7molbM+BEe:aZQAO+topLPpMe4+VSOmolIBe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b8bab471f1f17db0655510cdd43b5ac

Files

3b8bab471f1f17db0655510cdd43b5ac
.dll windows:4 windows x86 arch:x86

c93de80f7cd2be26cb8a9750401a7f95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
lstrcpyW
lstrlenW
VirtualQuery
TerminateProcess
VirtualAlloc
GetVersionExW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetLocaleInfoW
LCMapStringW
lstrcatW
lstrcpynW
lstrcmpiW
InterlockedDecrement
VirtualProtect
GetSystemInfo
GetCommandLineA
GetTickCount
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
RtlUnwind
GetVersionExA
InterlockedExchange
ExitProcess
GetProcAddress
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
LoadLibraryA
HeapSize
LCMapStringA
MultiByteToWideChar
GetLocaleInfoA

user32

CharPrevW
CharNextW

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c93de80f7cd2be26cb8a9750401a7f95

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB