3cb6fb827386f8e94d447c764dcc072e

Sharing

Copy URL

Twitter E-mail

General

Target

3cb6fb827386f8e94d447c764dcc072e
Size

1.9MB
MD5

3cb6fb827386f8e94d447c764dcc072e
SHA1

e4f9959b7b31b9e0437e6b7b49267164d18ea2c6
SHA256

f91610ae25056478e4d016caf5dbbc5866ad55b0423f33e0eeedcaa3968caeb9
SHA512

e441291f37e57b7698202f9488a351dde4bb17e837100334252016ac2782d2429a235198b962ce7ea234ad358127c72e03b27d42840677ce0aa8980779f81b74
SSDEEP

49152:Qvg5Jlqh51SS6a6gURviHgiRPzAGXcrvLgjdBPSkjJ:l5Q5k/PBiAqrcIT1jJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cb6fb827386f8e94d447c764dcc072e

Files

3cb6fb827386f8e94d447c764dcc072e
.exe windows:6 windows x86 arch:x86

ef3a03e6b696d4e8e4e63c7e89f56ca8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTextAttribute
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

fclose

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

user32

CharUpperBuffW

advapi32

RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Exports

Exports

��τwc>I �i��W�FR$�&��r`��v�j-`�(��#^:T��޼��j��~�t��mS^��K��(��"��tu6�ഉ(�u�U��R��4nz�%��AJ]p%�-�k�O? 4��*b��!�S��_3�_| �H}��p�؆<�l F*��W�#2�u5��>Ҝd�r\�o}�/r��R��F�@��H�n�;�.,et�`O�l�G��z��a�u~L[�8lcJ��Ć�i퓥I��Y��X|��f6��0'��8ci��\Ii��~r�� ]��@�Ǚ��.K�Cȴ��Gġ�l�dTxZz��YϠ?ԝ�L`�`��5��_c��Ɏ*c��V-�ŭA��ܺ�xuW��4��{�ѓ�z ]8Xk��Z�T�;�e'��e�)l"�6�םTL3�$5�H��J��(M��u)��mG��9�� n�xz KC��j(��T3��F.�4�gVI�+w&L�zԃ�w�+�b��p��+��D�+a�M&^c�02�!�KU�ǯ� O�1a��9��)�%��H��8�«�S\��z��Gtj��M��ٍ�Lk�An �uA��5��Y�`��0�� UՅx]��F ��a��ߚxגO��;:j ��O�߱�l>k�D,H^xo��%c]�ԥ�`q��ld!ˉ9�4�:N8\"��" ��]��àHuk-�M)| ��߫�Z�֐�"̱娌�j,�c��Q��Sቧ�m;`H��Έ� ��;l i�>�I�5��<g��U��U�J� 5�_�W1l�|�-��-�i.��`g�eS~��M�QߡP�w�̽4��R<��L4*��yQ,P��C�*�~�X�h��h��F>��?,J�?ߋ�*��ޛ��0��]�M�#/.��0��{��A�U�ecw[H��ߊM�ү7�{��ʆ�%��ƭ��m��=r��=��é �� ^9c�;躈��4�\�C>� T>f��1nDu��`��D�EV� ��>��"��e�߂��sC�S�ņ(E�=�Ѯ�R=��G�*o��Vs��x��p��<��a�TQ|�d�^�@�sW�s�!�v�b�[�K8VS�ʎ߸�^�5ʘ�G�zz��Ϭ��,�5��twVU�˯��:��r��d ��<*�1n��CO��r� �%��H�G��C��B|�g@!��&��=�Mu��e��|9$�K&��XSd��a9U�|}��3�J�o�1nDHR� ��_i��R��z�G�+O7%E_8�rN�G�tBm]�G)M$�4�k��d c+Wn��z ��l��v�p��.�!�� i۲�B�b/�j�U&�w��l�`��PTwg��C��z]��E��R�_��p�f:�7��mL̝6�X��$��+i�D��c��@�43T|�a��\*B3�r�@��j"!�^�p%��!��'�JĲ��)�)�]�-�w4Cr�:B��Cro��Pa6�k�g�� ^L�<�)�>�kJ��V��ꪬ%�R4DZ��?��N��i�C�V��Ұ�0�_��@u��DÇ;�P}��b�]��R�u{�!7'} ϛ��|3g�{� �q��?�~��%��T��~�N��hʊ�"��>"��M`��"Eۖ��e;D$�xu�b2��M�1�Y�e�䙘LFr��O�7"�p2XH�v�`&½�g�*��o^��"�)�'��E�®l�pu&��كD�)��DWI�A�Ouܶ��#��Q+@'�(`��x�Z^�~�\�_|m�¼z��g��S^�:��R��-l�ɻ��":Qx��_�o��(�,��>��?�\�\�8ފfL��۾W(��[6��1�1�;�[)��[�n9Rfࠜ�N�(8� �60�AL��8o��T��z��U>J��B-��&��I��n&�LPe��'��Z@t��x��d�[��$��E:w5ڔROi3$ �;��[��7��aǷ;�;�BZ�R�@�ꇮ��&@�#��w�O,r��1|��ޓ�^�s�̻;O#�ς��>�r�f�M�DQ��N�22�I�<��2Nqz@d VG��)0I3�k=��\��u��"��fq��ӷ1M��ݰ�.�+sz�5%09� j+�-t\�3��+RH��t9�nr0�K�E��ޓ�ɧZ�%f�9��v@�.C��+9��F�>D6�Ϳ��;?J��?��"t��lpP^��q�Z� ��ӝ�-�L/��0_�+r7�d` 5o��S��S��S� ��rL@��j�#��`X�Vﶔm��oqG��D�C��4�h9�y�9��o�9�F��V�y��j�v��rrB�=#��Caz��p�XJg��@, ��H2�0�t"��-��q�<��=Ti·*D5��^B5�n��o��R9�{�ݏ(Ĺ��&ԴU��V��2��.�ࢵw��=�K��11W��T�;}�o+��:��E��s֪a�&�b�JNu8��H�bAh՗�q�* 㾴��` LJ��#��l��1$0>�#@׮�\� Z�r��SĒ��i[-~�+(�N}�6ć|�jMu��,'�T��t�GˏߧMK�o�X�&��bG@���DS)�^��L8��0��*�)�._Q�U��{,��/�v�Q�� 28��n�D`�XZRy%�x��(C�w�/��T�9j�� Т�$�j��D��P@��|�O��//>\��Č��@dx��qVy~7��\v6�� >%U��6��~&�R�T�@JB�%/#�9.�[��^ss�Pj�@��ު��+��C�1��gt��4�8��sƢSoq� �iVw�n��;,��G�(��O�<�O

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.z8J2k10
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.z8J2k11
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef3a03e6b696d4e8e4e63c7e89f56ca8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

user32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 27KB

.rdata Size: - Virtual size: 11KB

.data Size: - Virtual size: 1KB

.z8J2k10 Size: - Virtual size: 1.8MB

.z8J2k11 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 512B - Virtual size: 328B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 27KB

.rdata
Size: - Virtual size: 11KB

.data
Size: - Virtual size: 1KB

.z8J2k10
Size: - Virtual size: 1.8MB

.z8J2k11
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 512B - Virtual size: 328B

.rsrc
Size: 512B - Virtual size: 469B