3c20a124a62162441d6561dddf978665

Sharing

Copy URL

Twitter E-mail

General

Target

3c20a124a62162441d6561dddf978665
Size

249KB
MD5

3c20a124a62162441d6561dddf978665
SHA1

669759c1bb8723b6c71e4aa1d4ed919bd18b8742
SHA256

8e83bcf7cea72c4ca57f28413cf818e12db30b8c23db06ec0454b6315ff9a353
SHA512

b79f1deefbba3e5be84f803796083aeb758b596efaa2f00dcefcba7eb9246d00334459d79dbac736dfd96418fe50b55a4658cecda20a357377a00927cdec2c4e
SSDEEP

6144:TM/VNhn3bYwx85pBBA9ze6a2SGnzbXF5kAsWK9lRb4Ixx:Yswx85pL70bFSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c20a124a62162441d6561dddf978665

Files

3c20a124a62162441d6561dddf978665
.exe windows:4 windows x86 arch:x86

c88b12c6e41f3f1c2e58e416b1ca93b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PrintDlgW
GetOpenFileNameW

kernel32

GetSystemDirectoryW
GetEnvironmentStrings
VirtualProtect
LoadLibraryA
CloseHandle
LeaveCriticalSection
IsValidLocale
UnhandledExceptionFilter
GetStringTypeA
TlsGetValue
DeleteCriticalSection
GetModuleFileNameA
GetEnvironmentStringsW
GetCurrentProcess
GetDateFormatA
RtlUnwind
GetProcessShutdownParameters
ExitProcess
TerminateProcess
GetLastError
GlobalHandle
CompareStringW
WideCharToMultiByte
VirtualAlloc
TlsAlloc
HeapAlloc
HeapCreate
WriteFile
TlsFree
WaitForMultipleObjectsEx
GetModuleFileNameW
EnterCriticalSection
DeleteFileW
IsBadWritePtr
FoldStringA
GetACP
SetCriticalSectionSpinCount
GetCommandLineW
GetFileType
GetStartupInfoW
LocalUnlock
ReadConsoleA
GetTempPathW
MultiByteToWideChar
GetCurrentThreadId
GetStdHandle
GetCommandLineA
GetCurrentProcessId
HeapReAlloc
GetCPInfo
CreateEventA
GetTimeZoneInformation
LCMapStringW
VirtualFree
GetOEMCP
QueryPerformanceCounter
VirtualQuery
EnumSystemLocalesA
GetSystemInfo
TlsSetValue
GetTimeFormatA
GetVersionExA
AddAtomW
FileTimeToSystemTime
GetCurrentThread
GetModuleHandleA
InterlockedExchange
GetSystemTimeAsFileTime
GetLocaleInfoW
EnumCalendarInfoExA
HeapSize
InitializeCriticalSection
GetTickCount
HeapDestroy
SetEnvironmentVariableA
GetProcAddress
GetLocaleInfoA
PulseEvent
IsValidCodePage
FreeEnvironmentStringsW
SetHandleCount
GetStartupInfoA
LCMapStringA
SetLastError
FindFirstFileW
GetStringTypeW
CompareStringA
GetUserDefaultLCID
WritePrivateProfileStringW
HeapFree
FreeEnvironmentStringsA

shell32

RealShellExecuteExW

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c88b12c6e41f3f1c2e58e416b1ca93b9

Headers

File Characteristics

Imports

comdlg32

kernel32

shell32

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 7KB - Virtual size: 27KB

.data Size: 110KB - Virtual size: 110KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 7KB - Virtual size: 27KB

.data
Size: 110KB - Virtual size: 110KB

.rsrc
Size: 7KB - Virtual size: 6KB