3e7fb1bd6e33ed89737e0e3d636921dd

Sharing

Copy URL Twitter E-mail

General

Target

3e7fb1bd6e33ed89737e0e3d636921dd
Size

3.8MB
MD5

3e7fb1bd6e33ed89737e0e3d636921dd
SHA1

6c932b46fcd30e9ad821799e699a2c1791923edc
SHA256

6ab970e77a8d45decf812fd758a6005a87003438a3bdddef2b743f77e121f211
SHA512

757f68e05232350036987698a9ab01af21a7bee58af88a54dff9a67fdde66a21fa687557bc3afd82630cd3c75048acf92edecf1190128cbf47a197e927c5beeb
SSDEEP

3072:u4fgROS1VNDcKCu05cyQd4asj1wwDSicXqQ5m9Pr3DdofYRxYv0sSpMU4HBcbIhu:uGMOS1VNb5whVu/qJ6Sh4HObUZaVc5u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e7fb1bd6e33ed89737e0e3d636921dd

Files

3e7fb1bd6e33ed89737e0e3d636921dd
.dll windows:5 windows x86 arch:x86

8d5add38f07a6ab738ed84721a0b6ecb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
WaitForMultipleObjects
GetStartupInfoA
LocalSize
OpenProcess
TerminateProcess
GetCurrentThreadId
GlobalMemoryStatus
GetSystemInfo
GetComputerNameA
GetVersionExA
GetCurrentProcess
GetWindowsDirectoryA
SetFileAttributesA
CopyFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
CreateFileA
OpenEventA
SetErrorMode
CreateThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
WriteFile
ExitProcess
FreeLibrary
CreateProcessA
lstrcatA
ReadFile
MoveFileA
SetFilePointer
GetFileSize
DeleteFileA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
ResetEvent
GetLastError
CloseHandle
CancelIo
InterlockedExchange
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
Sleep
VirtualAlloc
VirtualFree
DeleteCriticalSection
LoadLibraryA
GetProcAddress
HeapReAlloc
HeapDestroy
HeapCreate
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetFileType
GetStdHandle
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
WideCharToMultiByte
GetCommandLineA
SetHandleCount

user32

GetWindowTextA
MessageBoxA
LoadCursorA
keybd_event
wsprintfA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
CharNextA
MapVirtualKeyA
LoadIconA
RegisterClassA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetCursorPos
SetRect
GetDC
ReleaseDC
GetCursorInfo
DestroyCursor
SendMessageA
BlockInput
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData

gdi32

GetStockObject
DeleteDC
CreateDCA

advapi32

RegisterServiceCtrlHandlerA
RegDeleteKeyA
RegRestoreKeyA
RegOpenKeyExA
RegSaveKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
CreateServiceA
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
SetServiceStatus
RegOpenKeyA
RegQueryValueExA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
OpenEventLogA
ClearEventLogA
CloseEventLog

shell32

SHGetSpecialFolderPathA

ws2_32

WSAStartup
closesocket
setsockopt
send
WSACleanup
recv
select
WSAIoctl
htons
gethostbyname
socket
getsockname

Exports

Exports

EndWork
Runing
ServiceMain

Sections

.text
Size: 138KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 195KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d5add38f07a6ab738ed84721a0b6ecb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 147KB

.rdata Size: 23KB - Virtual size: 22KB

.rsrc Size: 195KB - Virtual size: 196KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 138KB - Virtual size: 147KB

.rdata
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 195KB - Virtual size: 196KB

.reloc
Size: 9KB - Virtual size: 9KB