3c1a738f378e27d43d23abd83dac6d27

Sharing

Copy URL

Twitter E-mail

General

Target

3c1a738f378e27d43d23abd83dac6d27
Size

531KB
MD5

3c1a738f378e27d43d23abd83dac6d27
SHA1

ad84b2315ffef27a9be1604f7a660e8e2c408d96
SHA256

4dcf0ad247833591e1ca7e92c90d0cf96c0d73d360ce6dc5970e2842aa7a3654
SHA512

25581bfd60af20193db01ada3d099223f0df021cfc92c5b278c79c6b27144c34c266dc5033d27e615e64104e02c4e9a360d0d0f6c7b95ffaf4bb3bf5d62dc14c
SSDEEP

12288:WJl+r3z1mNC9NS+X9v+5pCNWrmqQ2biKZUBlbBA:WJsrzwNC9NSuv+FrmqhWP5BA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c1a738f378e27d43d23abd83dac6d27

Files

3c1a738f378e27d43d23abd83dac6d27
.exe windows:4 windows x86 arch:x86

6c889325aa21cd3c92b82a91a7d5ee84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringW
CharUpperBuffA
WaitForInputIdle
RegisterClassExA
ReplyMessage
EndMenu
GetCursor
RegisterClassA

kernel32

TlsAlloc
CompareStringW
SetEnvironmentVariableA
GetTimeFormatA
LCMapStringA
GetFileType
VirtualAlloc
GetCurrentProcessId
CloseHandle
SetUnhandledExceptionFilter
GetLocaleInfoA
GetDateFormatA
WideCharToMultiByte
HeapReAlloc
HeapSize
GetACP
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
GetUserDefaultLCID
FreeEnvironmentStringsA
VirtualQuery
UnhandledExceptionFilter
WriteFile
GetStdHandle
EnumResourceNamesW
GetStartupInfoA
GetModuleHandleA
QueryPerformanceCounter
HeapDestroy
GetCurrentThreadId
SetConsoleCtrlHandler
FreeLibrary
TlsGetValue
GetStringTypeA
HeapFree
InitializeCriticalSection
GetLastError
GetStringTypeW
InterlockedIncrement
GetCurrentProcess
SetLastError
DeleteCriticalSection
GetCurrentThread
IsValidCodePage
TlsFree
MultiByteToWideChar
Sleep
HeapAlloc
GetProcessHeap
ExitProcess
TerminateProcess
GetOEMCP
WriteConsoleW
SetFilePointer
InterlockedExchange
IsValidLocale
OpenMutexA
LoadLibraryA
EnumSystemLocalesA
FlushFileBuffers
GetLocaleInfoW
SetHandleCount
GetSystemTimeAsFileTime
InterlockedDecrement
GetCommandLineA
LeaveCriticalSection
CreateFileA
GetVersionExA
GetEnvironmentStringsW
GetTimeZoneInformation
SetStdHandle
ReadFile
LCMapStringW
GetTickCount
VirtualFree
CompareStringA
FreeEnvironmentStringsW
GetConsoleOutputCP
IsDebuggerPresent
GetProcAddress
WriteConsoleA
RtlUnwind
TlsSetValue
GetEnvironmentStrings
EnterCriticalSection
CreateMutexA
GetCPInfo
HeapCreate

comctl32

InitCommonControlsEx

shell32

RealShellExecuteExW
DragQueryFileA
ShellAboutA
InternalExtractIconListA
DragAcceptFiles

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c889325aa21cd3c92b82a91a7d5ee84

Headers

File Characteristics

Imports

user32

kernel32

comctl32

shell32

Sections

.text Size: 199KB - Virtual size: 199KB

.rdata Size: 9KB - Virtual size: 19KB

.data Size: 316KB - Virtual size: 316KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 9KB - Virtual size: 19KB

.data
Size: 316KB - Virtual size: 316KB

.rsrc
Size: 5KB - Virtual size: 5KB