3de7cb21954ca08c31218a23a20b4ce8

Sharing

Copy URL Twitter E-mail

General

Target

3de7cb21954ca08c31218a23a20b4ce8
Size

336KB
MD5

3de7cb21954ca08c31218a23a20b4ce8
SHA1

ff4e1a2eaca4acc92729b4c4659ab4950940108a
SHA256

6e24cd413cfcaea6b7561d29213a419b6f27b40f307a56a1ab409daca051159a
SHA512

33ed7b001f92ad9c5a1b85cc0a4ba92ec671d4a5a72c3118184999268cf1543b70e5128d047a310a3105cea2ac55ffd6af3ec2d652e2cae239961ca296ef0bcf
SSDEEP

6144:dFmEUpsaR7tEuOXrLYbWhCHdT+Oc6PavK6p87R59eO70AUA:dF/UqkJEuObUb39T+OaeHK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3de7cb21954ca08c31218a23a20b4ce8

Files

3de7cb21954ca08c31218a23a20b4ce8
.exe windows:4 windows x86 arch:x86

4bf11adc2dc54215beec801be4e4ef74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetFileAttributesExA
SetEnvironmentVariableA
ExitProcess
PulseEvent
GetSystemInfo
GetCommModemStatus
EnumDateFormatsW
VirtualFree
GlobalAddAtomA
CreateEventA
CreateIoCompletionPort
GetEnvironmentVariableW
SetThreadLocale
CreateProcessA
EnumSystemCodePagesA
GetCommandLineA
GetVersionExA

user32

GetSystemMetrics
SendDlgItemMessageA
InsertMenuA
LoadStringA
SetWindowsHookW
RegisterClassExA
SendDlgItemMessageW
GetClassLongW
IsCharAlphaW
CharNextExA
IsRectEmpty
MessageBeep
DefDlgProcA
MsgWaitForMultipleObjects
SetWindowsHookExA
SetWindowContextHelpId
GetInputState
IsCharLowerA
UnhookWinEvent
EnumWindows
GetWindowTextW

gdi32

GetTextFaceW

comdlg32

PrintDlgA
ChooseFontW
PrintDlgW

advapi32

LookupPrivilegeNameA
RegEnumKeyExA
RegUnLoadKeyW
CreatePrivateObjectSecurity
RegConnectRegistryW
RegOpenKeyExA
CryptReleaseContext
CryptImportKey
GetCurrentHwProfileW
GetSecurityDescriptorControl
RegSetValueA

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHGetSpecialFolderPathA
FindExecutableA
SHChangeNotify

ole32

CoTaskMemRealloc
OleQueryLinkFromData
StringFromGUID2
CoFreeAllLibraries

comctl32

ImageList_Merge

shlwapi

PathCommonPrefixW
StrTrimW
PathIsRelativeA
PathIsDirectoryEmptyW
SHEnumValueW
PathIsDirectoryW
PathFindNextComponentW
PathCombineA
PathRelativePathToA
PathGetArgsW

setupapi

SetupDiEnumDriverInfoW
SetupDiGetClassDescriptionW
SetupDiClassGuidsFromNameExA
SetupDiBuildDriverInfoList

Sections

mayawcc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

sykma
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

uwkoku
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wwuesuw
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bf11adc2dc54215beec801be4e4ef74

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

shlwapi

setupapi

Sections

mayawcc Size: 280KB - Virtual size: 279KB

sykma Size: 4KB - Virtual size: 2KB

uwkoku Size: 12KB - Virtual size: 9KB

wwuesuw Size: 36KB - Virtual size: 33KB

mayawcc
Size: 280KB - Virtual size: 279KB

sykma
Size: 4KB - Virtual size: 2KB

uwkoku
Size: 12KB - Virtual size: 9KB

wwuesuw
Size: 36KB - Virtual size: 33KB