3d6169c30de3e9aa33913a587a511fcd

Sharing

Copy URL Twitter E-mail

General

Target

3d6169c30de3e9aa33913a587a511fcd
Size

418KB
MD5

3d6169c30de3e9aa33913a587a511fcd
SHA1

815cbb3227e2a55ce39b58babcc80938dc5a1293
SHA256

f9a5ed9d57dd3048adadb03359c6b56ca0629cfd565c5bf6715fef77ad51f8e0
SHA512

84b0858fb993729bb95a4ee6d7372d2c9aab7ca3962faec038ff6803a78601f60e847776fdcb05557879ef00f054b49fa854a16618fbed3031d75ba95b726750
SSDEEP

12288:khccqi2+yXoXRfLnHOamL8okvya4dUyUcFSC:k8wxXRznHO9L1av2ft

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d6169c30de3e9aa33913a587a511fcd

Files

3d6169c30de3e9aa33913a587a511fcd
.exe windows:4 windows x86 arch:x86

8338e8b2a4fc2d4bd25d4de6c99a6968

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
GetStartupInfoA
DuplicateHandle
FreeEnvironmentStringsW
GetFileType
LoadLibraryW
HeapAlloc
VirtualFree
SetLastError
IsValidLocale
TlsAlloc
LockFileEx
GetConsoleMode
DeleteCriticalSection
SetEnvironmentVariableA
SetHandleCount
CompareStringA
GetLocaleInfoW
GetOEMCP
SetConsoleTextAttribute
MultiByteToWideChar
FreeLibrary
GetProcessHeap
GetACP
LoadLibraryExA
GetStringTypeW
Sleep
GetLocaleInfoA
GetProcAddress
SetThreadAffinityMask
GetLastError
TlsSetValue
CreateSemaphoreW
FreeEnvironmentStringsA
GetFileAttributesW
GetTimeFormatA
VirtualQuery
IsValidCodePage
TlsGetValue
LCMapStringW
CompareStringW
GetUserDefaultLCID
SetUnhandledExceptionFilter
GetEnvironmentStringsW
HeapReAlloc
IsDebuggerPresent
ExitProcess
ReadConsoleInputA
GetProcAddress
VirtualAlloc
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
HeapSize
GetModuleHandleA
GetCurrentThread
HeapCreate
HeapDestroy
GetCurrentThreadId
LeaveCriticalSection
WriteFile
EnumSystemLocalesA
GetDateFormatA
GetCurrentProcessId
GetModuleFileNameA
InterlockedDecrement
EnterCriticalSection
OpenEventW
GetTickCount
GetStringTypeA
GetVersionExA
GetCommandLineA
SetConsoleCtrlHandler
LCMapStringA
RtlUnwind
GetCPInfo
GetSystemTimeAsFileTime
InterlockedExchange
InterlockedIncrement
MoveFileExA
InitializeCriticalSection
GetEnvironmentStrings
WideCharToMultiByte
GetStdHandle
GetTimeZoneInformation
HeapFree
TerminateProcess
LoadLibraryA
GetProcessHeaps
TlsFree

gdi32

SwapBuffers
CreateFontIndirectW
GdiPlayJournal
Chord
CreateHatchBrush
GdiPlayScript
GetFontLanguageInfo
GetObjectA
SetPolyFillMode
GetTextFaceA
BitBlt
GetMiterLimit
GetTextExtentExPointA
CreateBrushIndirect
PtInRegion
SetBitmapDimensionEx
GetTextCharset
GetObjectW
PolyTextOutW
ColorMatchToTarget
EnumFontsW

user32

SetFocus
WaitMessage
DlgDirListW
AdjustWindowRect
KillTimer
DlgDirListA
IsDlgButtonChecked
SetWindowPlacement
GetKeyState

advapi32

RegDeleteKeyA
ReportEventA
LookupPrivilegeNameW
CryptReleaseContext
GetUserNameW
RegReplaceKeyA
LookupSecurityDescriptorPartsW
CryptHashSessionKey
RegNotifyChangeKeyValue
CryptSignHashW
RegDeleteValueA
CryptSetProviderW
CryptDuplicateKey
LookupAccountSidW
RegQueryMultipleValuesW

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8338e8b2a4fc2d4bd25d4de6c99a6968

Headers

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

Sections

.text Size: 138KB - Virtual size: 137KB

.data Size: 274KB - Virtual size: 273KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 138KB - Virtual size: 137KB

.data
Size: 274KB - Virtual size: 273KB

.rsrc
Size: 5KB - Virtual size: 5KB