3e64dc4fa8d4521903570826c61bc210

Sharing

Copy URL Twitter E-mail

General

Target

3e64dc4fa8d4521903570826c61bc210
Size

415KB
MD5

3e64dc4fa8d4521903570826c61bc210
SHA1

55f2f271a004d5e643bc6c2d6ddfb3bf39d3ef6c
SHA256

bd24db4eae32f970b055420929a3b74bd9cabaab6d04ce579050f68d52b27346
SHA512

3264a407d503267f88927364550b29318857876a8fec48567a30fe9873c3f5251e9af7b1eb43e3e42526ce25da24f4b09e02e561d77bb6ae2313122a46433299
SSDEEP

6144:cJTUg7CPN71Xdu4LRpLtvNKgX5z95g72q7GnZP2Qrlz8szYnGWz4cJXMpaoHVwdI:CUg7vqHtvL5zf82BdrlgaYnL9mvw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e64dc4fa8d4521903570826c61bc210

Files

3e64dc4fa8d4521903570826c61bc210
.exe windows:4 windows x86 arch:x86

67b8cdd4752bad1c5bc95675d2b7d8f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
FreeEnvironmentStringsW
SetLastError
EnterCriticalSection
RtlUnwind
HeapDestroy
DeleteCriticalSection
GetCurrentProcess
GetTimeFormatA
VirtualAlloc
TlsGetValue
SetEnvironmentVariableA
HeapReAlloc
GetStdHandle
GlobalCompact
GetStartupInfoA
GetDateFormatA
TlsFree
GetModuleFileNameA
GetEnvironmentStringsW
HeapCreate
ExitProcess
GetLocaleInfoA
GetVersionExA
IsBadWritePtr
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCurrentThread
LCMapStringA
QueryPerformanceCounter
ResumeThread
VirtualProtect
AllocConsole
VirtualFree
GetCurrentThreadId
GetCommandLineA
HeapAlloc
GetStringTypeW
HeapFree
SetCriticalSectionSpinCount
TlsSetValue
GetCurrentProcessId
CompareStringW
HeapSize
GetUserDefaultLCID
WriteFile
IsValidLocale
GetCPInfo
GetLocaleInfoW
InitializeCriticalSection
GetEnvironmentStrings
MultiByteToWideChar
WideCharToMultiByte
lstrcpynW
EnumSystemLocalesA
GetModuleHandleA
GetPrivateProfileSectionNamesA
GetLastError
CompareStringA
SetConsoleCursorPosition
UnhandledExceptionFilter
GetWindowsDirectoryW
FindAtomA
GetACP
IsValidCodePage
GetProcAddress
GetOEMCP
GetStringTypeA
FreeEnvironmentStringsA
SetHandleCount
InterlockedExchange
LCMapStringW
TerminateProcess
GetSystemInfo
VirtualQuery
LeaveCriticalSection
TlsAlloc
WriteConsoleOutputCharacterA

comdlg32

PrintDlgW
GetFileTitleA
ChooseFontA
ReplaceTextA
GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCreateKeyW
CryptDuplicateKey
CryptEncrypt
RegOpenKeyExA
CryptDeriveKey
RegEnumKeyExA
CreateServiceW
RegRestoreKeyW
RevertToSelf
LookupSecurityDescriptorPartsA
RegCreateKeyExA
RegReplaceKeyW
CryptAcquireContextA
LogonUserW
LookupPrivilegeValueW
RegConnectRegistryA
RegReplaceKeyA
CryptExportKey
CryptSetHashParam
CryptGenRandom
CryptSetProviderW
CryptImportKey
CryptDestroyKey
CryptContextAddRef

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67b8cdd4752bad1c5bc95675d2b7d8f0

Headers

File Characteristics

Imports

kernel32

comdlg32

advapi32

Sections

.text Size: 136KB - Virtual size: 136KB

.data Size: 273KB - Virtual size: 297KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 136KB

.data
Size: 273KB - Virtual size: 297KB

.rsrc
Size: 4KB - Virtual size: 4KB