3d82ba91fef0328787e99df3bbcfb3b5

Sharing

Copy URL

Twitter E-mail

General

Target

3d82ba91fef0328787e99df3bbcfb3b5
Size

71KB
MD5

3d82ba91fef0328787e99df3bbcfb3b5
SHA1

78318d87c666884d636e9ab377c1200edce1905b
SHA256

13d49ac282d66379dc7ba96e7e800632b8bb913945dbba4939e7d42c93fe6685
SHA512

7637da60734150144810b25977c540ce595d836f87811e2c4c98152f48f682905126b963bb5142bc5fb7b892aaff8f4dafb4d3a72968dfbdf5259e08195d3ae9
SSDEEP

1536:c5kr8+IqhwW6DWeG6HLH1Sf0WSioNTCenjhUy/G4RuaGjfxYyCpekO:cWjIcwDw8HE03HVUypRolbCpekO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d82ba91fef0328787e99df3bbcfb3b5

Files

3d82ba91fef0328787e99df3bbcfb3b5
.exe windows:4 windows x86 arch:x86

af734e2764b51005fc1bd7d5ad8f2089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate
DirectDrawCreateEx

shell32

Shell_NotifyIconW
FindExecutableW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
SHAppBarMessage
ShellExecuteExW

secur32

GetUserNameExW

kernel32

UnhandledExceptionFilter
Sleep
LoadLibraryExW
GetVersionExW
MulDiv
IsDebuggerPresent
FormatMessageW
FindResourceW
FreeLibrary
SetUnhandledExceptionFilter
CreateFileW
GetCurrentThreadId
InterlockedIncrement
CloseHandle
CreateEventW
GetModuleFileNameW
GetSystemTimeAsFileTime
InterlockedDecrement
LoadResource
LockResource
InterlockedExchange
EnterCriticalSection
GetSystemInfo
InitializeCriticalSection
GetStartupInfoW
GetThreadLocale
ReleaseMutex
LocalAlloc
LoadLibraryA
GlobalLock
GetSystemDirectoryW
GetACP
OpenProcess
IsProcessorFeaturePresent
LocalFree
RaiseException
VirtualLock
VirtualAlloc
SizeofResource
HeapSetInformation
GetProcAddress
HeapSize
CreateThread
WaitForMultipleObjects
lstrcmpW
GetLocaleInfoW
lstrlenW
GetComputerNameW
SetEvent
LCMapStringW
VirtualUnlock
FindResourceExW
GlobalAlloc
ResetEvent
FlushInstructionCache
MultiByteToWideChar
TerminateProcess
GlobalHandle
GetTickCount
HeapAlloc
ProcessIdToSessionId
WideCharToMultiByte
HeapDestroy
LoadLibraryW
GetCurrentProcess
LeaveCriticalSection
GetLastError
GlobalFree
lstrlenA
VirtualFree
HeapFree
WaitForSingleObject
SetLastError
HeapReAlloc
DeleteCriticalSection
GlobalUnlock
GetProcessId
GetVersionExA
QueryPerformanceCounter
InterlockedCompareExchange
GetLocaleInfoA
CreateMutexW
GetTempPathW
GetModuleHandleW

gdi32

DeleteDC
GetStockObject
GetDeviceCaps
CreateCompatibleDC
DeleteObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SelectObject
GetObjectW

msvcrt

_wcmdln
_cexit
_initterm
?terminate@@YAXXZ
__set_app_type
fabs
memset
__p__commode
_exit
__setusermatherr
memcpy
exit
_controlfp
_wtoi64
__p__fmode
__wgetmainargs
_amsg_exit
iswdigit
_initterm
_XcptFilter

ole32

OleUninitialize
CoGetClassObject
CLSIDFromString
CreateStreamOnHGlobal
CoSetProxyBlanket
StringFromGUID2
OleInitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoInitializeSecurity
CoTaskMemAlloc
CoUninitialize
CoAllowSetForegroundWindow
OleLockRunning
CoInitializeEx
CLSIDFromProgID
CoCreateGuid

shlwapi

UrlApplySchemeW
PathCombineW
UrlCanonicalizeW
UrlCombineW
UrlGetPartW
PathAppendW

crypt32

CryptUnprotectData
CryptProtectData

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSRegisterSessionNotification

gdiplus

GdipAlloc
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipFree
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromFileICM

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af734e2764b51005fc1bd7d5ad8f2089

Headers

File Characteristics

Imports

ddraw

shell32

secur32

kernel32

gdi32

msvcrt

ole32

shlwapi

crypt32

version

wtsapi32

gdiplus

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 22KB - Virtual size: 22KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 2KB - Virtual size: 2KB