3bfb04cf6e494ae3813405b79c032bd2

Sharing

Copy URL Twitter E-mail

General

Target

3bfb04cf6e494ae3813405b79c032bd2
Size

25KB
MD5

3bfb04cf6e494ae3813405b79c032bd2
SHA1

6427350f7264de54dac011c223031482dc8350b4
SHA256

a3f17447c6339ebcc03a52888c88cf7a28b757c44456e0bcedfd654940d2ab88
SHA512

d3563bc475df0ae03f9c094d631adc4373f78bcb16430aac93793770ed9a6a8dcbc11149c81b18698761217cebdd2086a3d7d7fe56aa4f9dbdfa4956043183d0
SSDEEP

384:vunnBDHJQzErBMigpHIdacb34guJBZiuzm2OqS32u2OqyO8zq6GGbMlkGQJOcWTZ:vknBDHvBMRodzmiJORa5BtHH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bfb04cf6e494ae3813405b79c032bd2

Files

3bfb04cf6e494ae3813405b79c032bd2
.exe windows:4 windows x86 arch:x86

6aeca1a095496364060d3db6d5317d72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallMsgFilterA

rtutils

TraceRegisterExA
RouterLogEventDataW
TraceVprintfExA
RouterLogRegisterA
TraceDeregisterA
RouterLogEventA
RouterLogDeregisterA

cfgmgr32

CM_Get_Version
CM_Next_Range

rtm

RtmCloseEnumerationHandle
RtmEnumerateGetNextRoute
RtmDeregisterClient
RtmCreateEnumerationHandle
RtmDequeueRouteChangeMessage
RtmRegisterClient
RtmAddRoute
RtmGetFirstRoute
RtmBlockDeleteRoutes
RtmIsRoute
RtmDeleteRoute

shlwapi

StrCatBuffW

kernel32

FileTimeToSystemTime
HeapDestroy
GetLastError
HeapCreate
Sleep
InitializeCriticalSection
HeapAlloc
LeaveCriticalSection
InterlockedIncrement
SetEvent
LoadLibraryA
HeapFree
GlobalFree
DeleteCriticalSection
EnterCriticalSection
ExitProcess
InterlockedDecrement
GetTickCount
GlobalAlloc
VirtualAlloc
GetModuleFileNameA
WaitForMultipleObjects
BindIoCompletionCallback
CreateEventA

msi

MsiDatabaseExportW

ntdll

wcscpy
wcslen
RtlQueryRegistryValues
RtlUnwind
RtlQueueWorkItem

wmi

WmiNotificationRegistrationW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6aeca1a095496364060d3db6d5317d72

Headers

DLL Characteristics

File Characteristics

Imports

user32

rtutils

cfgmgr32

rtm

shlwapi

kernel32

msi

ntdll

wmi

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 80KB

.rdata Size: 14KB - Virtual size: 14KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 80KB

.rdata
Size: 14KB - Virtual size: 14KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B

.rsrc
Size: 1KB - Virtual size: 1KB