3db4a968b58ce4c974f725499aaa7448

Sharing

Copy URL Twitter E-mail

General

Target

3db4a968b58ce4c974f725499aaa7448
Size

451KB
MD5

3db4a968b58ce4c974f725499aaa7448
SHA1

77b342ccd86066567fe050046ad97b00eec5b074
SHA256

98bbcb169329902fe327c8f001e418e42d8454e4d0ded7e1c89d8f32fd3b5323
SHA512

ab0fdbde00a373498195bbca9992ec304ee6e60d898ca5b675ee75c8db7c1ecb751ba32aa4b39de8f3c0e9ec0b6518f6960e68e553f4e2508202bbd49edd91fc
SSDEEP

12288:8JLdT/k8nbDvZk/sdV8ZH/P96kGvHXkApf77V78sXBye:8Jpw8nhcsdKfPQkGPXVpf7Rf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3db4a968b58ce4c974f725499aaa7448

Files

3db4a968b58ce4c974f725499aaa7448
.exe windows:4 windows x86 arch:x86

421c4af508a95f32d60eb9bcec479b4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

LresultFromObject
CreateStdAccessibleObject

ws2_32

WSAGetLastError

version

GetFileVersionInfoSizeA

kernel32

LeaveCriticalSection
GetVersion
VirtualAlloc
GlobalReAlloc
TlsSetValue
GetLocaleInfoW
lstrcmpW
GlobalFlags
InitializeCriticalSection
GlobalLock
ConvertDefaultLocale
CloseHandle
FindClose
LocalReAlloc
GetSystemInfo
GetCurrentProcess
LocalAlloc
MoveFileW
GlobalUnlock
LockResource
WideCharToMultiByte
UnlockFile
CreateFileW
FindResourceW
SetThreadPriority
FindFirstFileW
GetVersionExA
GetPrivateProfileIntW
CreateProcessW
GetProcessHeap
TlsGetValue
GetUserDefaultLCID
EnumResourceLanguagesW
lstrlenW
LockFile
GetCurrentThread
TlsAlloc
lstrcpyA
lstrcmpA
ReadFile
GlobalAlloc
FreeResource
FormatMessageW
GlobalFindAtomW
SystemTimeToFileTime
InterlockedIncrement
ResumeThread
lstrcmpiW
GetCurrentProcessId
HeapReAlloc
ResetEvent
GetFullPathNameW
GetModuleFileNameW
GlobalAddAtomW
GlobalHandle
SizeofResource
SetFilePointer
GetStringTypeExW
LocalFileTimeToFileTime
LoadResource
GetFileSize
InterlockedDecrement
DeleteCriticalSection
GetVersionExW
FileTimeToSystemTime
CompareStringW
SetErrorMode
GetFileTime
GetLastError
MulDiv
GetVolumeInformationW
CreateEventW
DeleteFileW
EnterCriticalSection
InterlockedExchange
FileTimeToLocalFileTime
DuplicateHandle
GlobalGetAtomNameW
lstrlenA
FlushFileBuffers
GlobalSize
LoadLibraryA
Sleep
WaitForSingleObject
GetModuleHandleA
SetFileTime
GetShortPathNameW
HeapAlloc
SetLastError
CompareStringA
SetEndOfFile
WriteFile
HeapFree
GlobalFree
GetFileAttributesA
GlobalDeleteAtom
CopyFileW
SuspendThread
GetCurrentThreadId
GetThreadLocale

comdlg32

PrintDlgA
GetOpenFileNameA

shell32

ExtractIconW
Shell_NotifyIconW

user32

SetForegroundWindow
KillTimer
GetScrollRange
GetDialogBaseUnits
GetForegroundWindow
SetWindowTextW
GetWindowRect
ShowScrollBar
GetKeyState
AppendMenuW
CallWindowProcW
DrawTextExW
BeginDeferWindowPos
GetDlgItemInt
GetMenu

msvcrt

_initterm
_ultoa
strtoul
_snwprintf
_ltow
_ltoa
wcschr
_adjust_fdiv
wcscpy
atol
strncmp
wcscmp
__dllonexit
wcscat
_itow
strncpy
sprintf
wcslen
free
qsort
isdigit
memmove
_wcsicmp
bsearch
malloc
isupper
_except_handler3
_wcsnicmp
_onexit
isxdigit

rpcrt4

NdrClientCall2
UuidCreate
RpcRevertToSelf
RpcImpersonateClient

advapi32

SystemFunction041
CryptSetProvParam
RegNotifyChangeKeyValue
CryptGenKey
RegEnumKeyExW
SetSecurityDescriptorGroup
LookupPrivilegeValueA
GetUserNameA
CryptGenRandom
InitializeAcl
AddAccessAllowedAce
OpenServiceW
CryptSetHashParam
CryptExportKey
RegGetKeySecurity
GetAce
CryptSetProviderA

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW

wininet

FtpCommandA

gdi32

CreateHatchBrush
GetClipRgn
SetWindowOrgEx
DeleteDC
GetDeviceCaps
SaveDC
SetColorAdjustment
SetROP2
CreateDCW
ModifyWorldTransform
GetStockObject
GetPixel
ArcTo
OffsetWindowOrgEx
SetStretchBltMode
CreatePen
ExtCreatePen
GetObjectType
ScaleViewportExtEx
SelectPalette
StartDocW
SetTextJustification
SetViewportOrgEx

Sections

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

421c4af508a95f32d60eb9bcec479b4f

Headers

File Characteristics

Imports

oleacc

ws2_32

version

kernel32

comdlg32

shell32

user32

msvcrt

rpcrt4

advapi32

shlwapi

wininet

gdi32

Sections

.rsrc Size: 29KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 920KB

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 406KB - Virtual size: 405KB

.rsrc
Size: 29KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 920KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 406KB - Virtual size: 405KB