3c16ac0a47e1a6c077147991d15c0c1b

Sharing

Copy URL Twitter E-mail

General

Target

3c16ac0a47e1a6c077147991d15c0c1b
Size

1.3MB
MD5

3c16ac0a47e1a6c077147991d15c0c1b
SHA1

1b0982d483cd489e265914c2616c77ce84ba28a3
SHA256

69359e9de6e0df0e5968f99874ea946400a63ccb615c76dfbfe73e883bc688d4
SHA512

bd9fb97b45971aa81f6f86ac54d639549365e27c6d463b48521f16105c569c89a8b675dd17f2aa16d327dcc1998539b96d0ba032fcc594af8608489dff18a513
SSDEEP

24576:pU0nNJQ/pi9zzs3Cx94ZWyvPGr4/BD9MCilLZeJ3Sc/3VMOlxNcep6h7T:hNJQxi9Xr7ryvHFixZm/3VZFcep2n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c16ac0a47e1a6c077147991d15c0c1b

Files

3c16ac0a47e1a6c077147991d15c0c1b
.exe windows:5 windows x86 arch:x86

9d9df440272db8e32c757c9d670b0ba3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostname
gethostbyname

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetProcessMemoryInfo

netapi32

NetGetJoinInformation
DsGetDcNameW
NetApiBufferFree

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

userenv

ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock

iphlpapi

GetAdaptersInfo

kernel32

FlushFileBuffers
SetNamedPipeHandleState
GetCurrentThreadId
SetFilePointer
MoveFileExW
GetProcessTimes
GetFileAttributesW
FreeLibrary
InterlockedIncrement
SystemTimeToFileTime
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetSystemTime
CopyFileExW
LoadLibraryExW
FormatMessageW
WaitForMultipleObjects
ExpandEnvironmentStringsW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
ReadDirectoryChangesW
TerminateThread
lstrcpynW
FindClose
FindNextFileW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateMutexW
MoveFileW
IsWow64Process
CreateFileMappingW
GetCurrentProcessId
SetThreadPriority
ResumeThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
EndUpdateResourceW
GetModuleFileNameW
BeginUpdateResourceW
UpdateResourceW
SetFileTime
WideCharToMultiByte
MultiByteToWideChar
GetCurrentDirectoryW
ReadFile
FindResourceW
LoadResource
CreateProcessW
SystemTimeToTzSpecificLocalTime
HeapAlloc
InterlockedDecrement
CompareFileTime
HeapFree
GetProcessHeap
LoadLibraryW
SizeofResource
DisconnectNamedPipe
ProcessIdToSessionId
LockResource
RemoveDirectoryW
QueryDosDeviceW
DuplicateHandle
GetThreadTimes
CreateFileA
GetFileSize
GetLocalTime
GetFileInformationByHandle
ExitProcess
GetVersionExW
DeviceIoControl
GetCurrentThread
ResetEvent
ReleaseMutex
GetOverlappedResult
OpenEventW
GetCurrentDirectoryA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
InterlockedCompareExchange
SetLastError
HeapSize
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
WriteFile
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
LocalFree
DeleteFileW
CloseHandle
GetFileAttributesExW
OpenFileMappingW
CreateEventW
OpenMutexW
TerminateProcess
CopyFileW
OpenProcess
SetEvent
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
FindFirstChangeNotificationW
GetLastError
lstrlenW
Sleep
GetTickCount
GetComputerNameW
FileTimeToSystemTime
CreateFileW
GetModuleHandleA
SetEnvironmentVariableW
SetEndOfFile
lstrlenA
GetCPInfo
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
LocalFileTimeToFileTime
CreateDirectoryA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
CompareStringA
GetLocaleInfoW
IsValidLocale
TlsFree

user32

GetThreadDesktop
CloseDesktop
OpenDesktopW
GetProcessWindowStation
GetWindowThreadProcessId
OpenWindowStationW
SetThreadDesktop
SetProcessWindowStation
wsprintfW
MessageBoxW
DispatchMessageW
RegisterHotKey
ShowWindow
GetLastInputInfo
PeekMessageW
AttachThreadInput
GetFocus
CloseWindowStation
GetKeyState
SetFocus
FindWindowW
PostMessageW
GetDesktopWindow
GetForegroundWindow

advapi32

CryptHashData
RegSetValueExW
AdjustTokenPrivileges
CryptDestroyHash
GetLengthSid
ReportEventW
SetEntriesInAclW
CryptCreateHash
DuplicateTokenEx
LookupPrivilegeValueW
SetTokenInformation
DeregisterEventSource
RegOpenKeyW
CreateProcessAsUserW
CryptReleaseContext
CopySid
GetTokenInformation
RegCreateKeyW
CryptAcquireContextW
OpenProcessToken
RegisterEventSourceW
CryptGetHashParam
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CloseEventLog
ReadEventLogW
RegConnectRegistryW
LookupAccountSidW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
NotifyChangeEventLog
RegQueryValueExW
OpenEventLogW
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegCloseKey
BuildExplicitAccessWithNameW
RegNotifyChangeKeyValue
RegOpenKeyExW
AllocateAndInitializeSid
SetNamedSecurityInfoW
FreeSid

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
VariantClear
SysFreeString

wininet

HttpSendRequestA
HttpAddRequestHeadersA
InternetSetCookieA
InternetAttemptConnect
HttpOpenRequestA
InternetOpenA
InternetSetOptionW
HttpSendRequestW
InternetWriteFile
InternetReadFile
HttpSendRequestExW
InternetQueryOptionW
InternetConnectA
HttpSendRequestExA
HttpEndRequestW
InternetCloseHandle

sensapi

IsNetworkAlive

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d9df440272db8e32c757c9d670b0ba3

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

netapi32

rpcrt4

userenv

iphlpapi

kernel32

user32

advapi32

ole32

oleaut32

wininet

sensapi

version

Sections

.text Size: 687KB - Virtual size: 687KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 411KB - Virtual size: 410KB

.text
Size: 687KB - Virtual size: 687KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 411KB - Virtual size: 410KB