3c113b65ce9e0261ba7d9feba745d6db

Sharing

Copy URL

Twitter E-mail

General

Target

3c113b65ce9e0261ba7d9feba745d6db
Size

4.7MB
MD5

3c113b65ce9e0261ba7d9feba745d6db
SHA1

5d6f060225bfc9f71dd8c3865d8a4c7705b61674
SHA256

e5db9665da79d045166fd56246e5073650610c1a37473416b3d050ecdc1ccec1
SHA512

97612f7a05856a38d8160dfd90c7d478c4480020b7ec9f0cbb268629f20ca59c9b06aeafdf1eee4bb7b158d5b3440fd99d17551e6f95d0e0e04876769305815c
SSDEEP

98304:vPpAJTEE4OcNsp0RYPDJDlKo/0q2Imh179dkoVCfd0jZdU:XpAEzjNspCGD9l0qoZq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c113b65ce9e0261ba7d9feba745d6db

Files

3c113b65ce9e0261ba7d9feba745d6db
.exe windows:5 windows x86 arch:x86

5fb612db37e3d9b2c81edf13d95f05cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseEncryptedFileRaw
CloseServiceHandle
CryptAcquireContextA
CryptDecrypt
CryptDestroyKey
CryptGetUserKey
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
DecryptFileW
EncryptFileW
FreeSid
GetFileSecurityW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetUserNameA
GetUserNameW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
InitiateSystemShutdownA
IsValidSid
LookupPrivilegeValueA
OpenEncryptedFileRawW
OpenProcessToken
OpenSCManagerA
OpenServiceA
OpenThreadToken
QueryServiceStatus
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegGetKeySecurity
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RevertToSelf
SetFileSecurityW
SetSecurityDescriptorDacl
SetThreadToken
StartServiceA
WriteEncryptedFileRaw

kernel32

BackupWrite
CloseHandle
CompareStringW
CopyFileA
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
EnterCriticalSection
EnumResourceLanguagesW
EnumResourceNamesW
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindResourceExW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberFormatA
GetNumberFormatW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWorkingSetSize
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetVersion
GetVersionExA
GetVolumeInformationW
GetVolumePathNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFileEx
LockResource
MapViewOfFile
MoveFileA
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenFileMappingA
OpenProcess
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceA
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
RtlUnwind
SetComputerNameA
SetComputerNameW
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetProcessWorkingSetSize
SetThreadPriority
SetUnhandledExceptionFilter
SetVolumeLabelA
SetVolumeLabelW
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
lstrcmpiA
lstrcmpiW
lstrlenW

mpr

WNetCancelConnection2W
WNetCloseEnum
WNetEnumResourceW
WNetGetUniversalNameW
WNetOpenEnumW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winspool.drv

DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comdlg32

GetSaveFileNameA
GetSaveFileNameW

gdi32

EnumFontFamiliesExA
EnumFontFamiliesExW
GetRegionData
GetTextMetricsA
GetTextMetricsW
SetMapMode

shell32

SHGetFileInfoA
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW

user32

CharUpperBuffW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateMenu
CreateWindowExA
DefWindowProcA
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageA
DispatchMessageW
EmptyClipboard
EnumThreadWindows
EnumWindows
FindWindowA
GetClassLongA
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetParent
GetSystemMetrics
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowTextA
GetWindowTextW
GetWindowThreadProcessId
GetWindowWord
InvalidateRect
InvalidateRgn
IsCharAlphaNumericW
IsCharAlphaW
IsWindowVisible
LoadImageA
MessageBoxA
ModifyMenuA
ModifyMenuW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
RegisterClassExA
RegisterClassExW
RegisterClipboardFormatA
RegisterClipboardFormatW
RemoveMenu
ScrollWindowEx
SendMessageA
SendMessageW
SendNotifyMessageA
SendNotifyMessageW
SetForegroundWindow
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TranslateMessage
UpdateWindow
VkKeyScanA
VkKeyScanExA
VkKeyScanExW
VkKeyScanW
WinHelpA
WinHelpW
wsprintfA
wsprintfW
wvsprintfW
GetSystemMenu

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize

oleaut32

GetErrorInfo

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
getsockopt
htons
inet_addr
ioctlsocket
listen
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.5e3d8
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.5e3da
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5fb612db37e3d9b2c81edf13d95f05cc

Headers

File Characteristics

Imports

advapi32

kernel32

mpr

version

winspool.drv

comdlg32

gdi32

shell32

user32

ole32

oleaut32

ws2_32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.data Size: 10KB - Virtual size: 14.1MB

.tls Size: 5KB - Virtual size: 8KB

.5e3d8 Size: 512B - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 12KB

.rsrc Size: 206KB - Virtual size: 206KB

.5e3da Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 10KB - Virtual size: 14.1MB

.tls
Size: 5KB - Virtual size: 8KB

.5e3d8
Size: 512B - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 206KB - Virtual size: 206KB

.5e3da
Size: 2.1MB - Virtual size: 2.1MB