3f136d3f963c6745d7ffe667d33cde54

Sharing

Copy URL Twitter E-mail

General

Target

3f136d3f963c6745d7ffe667d33cde54
Size

395KB
MD5

3f136d3f963c6745d7ffe667d33cde54
SHA1

a4d6ecf6261d2d577fe01f9a1874d153bfb0db9e
SHA256

cbbe2da11446f1f67e2fa03d45c4e0a1b2f381e6da503c88a7bf3ee02bc76336
SHA512

f6c1f84a733541300d02d5ab713ae2d24eab18a66944b4b0367f9893e434520d1799f70c9bdc6bde63453249c2a6b327c40cfae59dd2523f6c4d77f92c6a4770
SSDEEP

6144:L3z7afqwMbkcx2E1Wv7MykM09yDB6y3ls9+bhrss1z1gCFQH5+R1Or:L3gMbegcxF7Y+bhgs1zIH5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f136d3f963c6745d7ffe667d33cde54

Files

3f136d3f963c6745d7ffe667d33cde54
.exe windows:4 windows x86 arch:x86

3b0fe206bdeafddb806a71c61e4a2be9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
HeapCreate
HeapSize
TlsFree
GetProcAddress
InitializeCriticalSection
HeapReAlloc
TlsSetValue
EnumDateFormatsW
GetStartupInfoA
GetCurrentProcessId
VirtualFree
GlobalAddAtomW
GetCPInfo
VirtualProtect
GetModuleHandleA
IsBadWritePtr
FindResourceExW
WideCharToMultiByte
MultiByteToWideChar
GetDateFormatA
GetTimeZoneInformation
CompareStringA
GetTimeFormatA
IsValidLocale
GetEnvironmentStrings
GetLocaleInfoA
GetThreadSelectorEntry
GetLocaleInfoW
ExitProcess
GetTickCount
FlushInstructionCache
UnhandledExceptionFilter
HeapFree
EnumSystemLocalesA
GetModuleFileNameA
GetStringTypeW
LoadLibraryA
QueryPerformanceCounter
EnterCriticalSection
VirtualAlloc
WaitForMultipleObjects
OpenProcess
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
FreeEnvironmentStringsA
GetCommandLineA
GetFileType
SetHandleCount
WriteFile
HeapDestroy
CompareStringW
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
lstrcmpA
LoadLibraryW
GetACP
GetCurrentThread
GetFileAttributesExA
TlsAlloc
LCMapStringA
GetSystemInfo
ReadConsoleW
GetEnvironmentStringsW
SetLastError
LCMapStringW
GetVersionExA
TlsGetValue
GetLastError
LoadResource
InterlockedExchange
GetStdHandle
GetOEMCP
DeleteCriticalSection
LeaveCriticalSection
GetCompressedFileSizeA
VirtualQueryEx
IsValidCodePage
GetUserDefaultLCID
HeapAlloc
SetEnvironmentVariableA
EnumTimeFormatsW
CreateDirectoryExW

advapi32

RegEnumKeyA
CryptEnumProviderTypesW
RegSaveKeyA
RegSetValueW
GetUserNameW
CryptGetDefaultProviderW
DuplicateTokenEx
RegEnumValueA
RegSetKeySecurity
RegLoadKeyW
CryptDestroyHash
RegSetValueExW
RegCreateKeyExA
RegQueryValueExW
RegQueryMultipleValuesA
CryptCreateHash
RegEnumKeyW
CryptSetProvParam
RegConnectRegistryA
LookupAccountNameA
RegEnumValueW

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b0fe206bdeafddb806a71c61e4a2be9

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 270KB - Virtual size: 270KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 270KB - Virtual size: 270KB

.rsrc
Size: 7KB - Virtual size: 6KB