3d9b64e08ab06082f7518e8b51f51985

Sharing

Copy URL Twitter E-mail

General

Target

3d9b64e08ab06082f7518e8b51f51985
Size

53KB
MD5

3d9b64e08ab06082f7518e8b51f51985
SHA1

2819b9cb8f4462a99ded0c621621b179cdb2a9e5
SHA256

4fb741ae1dec8fc788cfab1b3522bf936a4a5b9359bb405d501006cbf1843f18
SHA512

57a245ca89b3800a762987d33402172af37e19f63cde69b7ecf981aacbc7d2642d37002199e3254bc067657247c82fe753d80b26d5a93559610a549fd1bc9fc7
SSDEEP

1536:YlXqVqW4y2UhDB/53VBPZDW8k6pl2iue0DPiruoo4k2:GXaqWL7hVnBPpWGX2i5KK7o4k2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d9b64e08ab06082f7518e8b51f51985

Files

3d9b64e08ab06082f7518e8b51f51985
.exe windows:5 windows x86 arch:x86

f3eca7be9f7c9b2adde87722191dd3ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetClassNameW
ToUnicode
OpenDesktopA
GetWindowTextW
SetThreadDesktop
CharLowerBuffA
PeekMessageW
GetKeyState
GetDlgItemTextW
PeekMessageA
CloseWindowStation
GetKeyboardState
GetWindowThreadProcessId
GetMessageA
GetCursorPos
MsgWaitForMultipleObjects
FindWindowExW
GetMessageW
GetClipboardData
GetWindowLongW
EndDialog
LoadCursorW
DrawIcon
ExitWindowsEx
DispatchMessageW
GetForegroundWindow
OpenWindowStationA
SendMessageW
GetDlgItem
CloseDesktop
GetDlgItemTextA
SetProcessWindowStation
GetIconInfo

kernel32

FindClose
HeapFree
OpenProcess
GetFileTime
CopyFileW
FindFirstFileW
GetTempFileNameW
SetEvent
GetLogicalDrives
GetLocalTime
UnmapViewOfFile
LeaveCriticalSection
GetCurrentProcessId
ExpandEnvironmentStringsW
SetEndOfFile
lstrcmpiW
lstrcatW
SetFileAttributesW
GetExitCodeProcess
CreateThread
MapViewOfFile
GetCommandLineA
CloseHandle
GlobalUnlock
GetProcessTimes
SetThreadPriority
MoveFileExW
GetTimeZoneInformation
lstrlenW
WaitForSingleObject
InitializeCriticalSection
EnterCriticalSection
GetModuleFileNameA
lstrcmpiA
GetProcessHeap
OpenMutexW
CreateFileW
HeapAlloc
lstrcpynW
WriteProcessMemory
GetFileSizeEx
ResetEvent
GetVersionExW
WriteFile
IsBadReadPtr
DisconnectNamedPipe
CreateEventW
lstrcpyA
GetSystemTimeAsFileTime
CreateDirectoryW
GetDriveTypeW
SystemTimeToFileTime
SetFilePointer
GetFileSize
lstrlenA
CreateFileMappingW
GetUserDefaultUILanguage
DeleteFileW

Sections

.loh
Size: 18KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fmdwz
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vyz
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wtkj
Size: 26KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3eca7be9f7c9b2adde87722191dd3ed

Headers

File Characteristics

Imports

user32

kernel32

Sections

.loh Size: 18KB - Virtual size: 39KB

.fmdwz Size: 5KB - Virtual size: 10KB

.vyz Size: 1024B - Virtual size: 1KB

.wtkj Size: 26KB - Virtual size: 132KB

.rsrc Size: 1KB - Virtual size: 4KB

.loh
Size: 18KB - Virtual size: 39KB

.fmdwz
Size: 5KB - Virtual size: 10KB

.vyz
Size: 1024B - Virtual size: 1KB

.wtkj
Size: 26KB - Virtual size: 132KB

.rsrc
Size: 1KB - Virtual size: 4KB