3f21b125ae6bebcf1c12f6e22d792fdd

Sharing

Copy URL Twitter E-mail

General

Target

3f21b125ae6bebcf1c12f6e22d792fdd
Size

344KB
MD5

3f21b125ae6bebcf1c12f6e22d792fdd
SHA1

19c03e750171fdf0d624c11fa519943f49f6549a
SHA256

ad69f48802b44899c67230c5237fb937ed0271ccc50e6fcaa5231f65ac35d09f
SHA512

90079952e82b0ab21fe345d0fa9883b65d5256b85ca72d6c409b1d7316f51224f7b1737ac8f448f5df47c34d33ab0a440be1c0200f91862d1c2ebd419918ea45
SSDEEP

6144:XmXjAEi4e5P0181dUoPgr/8ZxbfAF9lUDRmIiGesmF8kdbXJo:2zNJe5PUadnPi/Ixb5pejxlJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f21b125ae6bebcf1c12f6e22d792fdd

Files

3f21b125ae6bebcf1c12f6e22d792fdd
.exe windows:4 windows x86 arch:x86

ec38c3ba1e25644cd0842000b2cf3d20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryFortezzaStatus
InternetGoOnlineW
FindFirstUrlCacheEntryA
SetUrlCacheEntryInfoW
InternetCanonicalizeUrlA
GopherGetAttributeW

comdlg32

PrintDlgW
GetSaveFileNameW

kernel32

ExitProcess
GetLastError
GetTickCount
FreeLibrary
TlsAlloc
LCMapStringW
FlushFileBuffers
LeaveCriticalSection
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
GetStdHandle
HeapCreate
CompareStringA
TlsSetValue
GetEnvironmentStrings
IsDebuggerPresent
GetFileType
VirtualQuery
GetStartupInfoA
RtlUnwind
GetACP
WriteFile
CompareStringW
VirtualAlloc
FreeEnvironmentStringsA
SetStdHandle
EnterCriticalSection
ReadFile
FreeEnvironmentStringsW
DeleteCriticalSection
WriteConsoleA
MultiByteToWideChar
GetConsoleOutputCP
GetProcessHeap
CloseHandle
TlsFree
SetEnvironmentVariableA
GetStringTypeW
GetCurrentProcess
GetOEMCP
HeapSize
GetSystemTimeAsFileTime
TlsGetValue
TerminateProcess
GetTimeFormatA
LoadLibraryA
IsValidLocale
GetConsoleTitleA
OpenMutexA
GetConsoleCP
InterlockedDecrement
GetUserDefaultLangID
VirtualProtect
GetCPInfo
HeapReAlloc
UnhandledExceptionFilter
GetVersionExA
WriteConsoleW
CreateMutexA
GetProcAddress
WideCharToMultiByte
GetTimeZoneInformation
InitializeCriticalSection
GetUserDefaultLCID
GetCurrentThreadId
VirtualFree
CreateFileA
QueryPerformanceCounter
GetCurrentProcessId
SetConsoleCtrlHandler
LCMapStringA
HeapAlloc
HeapDestroy
GetModuleFileNameA
SetHandleCount
SetFilePointer
HeapFree
Sleep
GetConsoleMode
GetEnvironmentStringsW
GetCurrentThread
InterlockedExchange
GetLocaleInfoW
GetDateFormatA
SetLastError
InterlockedIncrement
IsValidCodePage
EnumSystemLocalesA
GetCommandLineA
GetLocaleInfoA

comctl32

InitCommonControlsEx

advapi32

CryptDecrypt
RegOpenKeyExW
RegReplaceKeyW
CryptGetHashParam
RegOpenKeyExA

user32

RegisterClassA
CreateIconFromResource
RegisterClassExA
SetDlgItemTextA

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec38c3ba1e25644cd0842000b2cf3d20

Headers

File Characteristics

Imports

wininet

comdlg32

kernel32

comctl32

advapi32

user32

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 9KB - Virtual size: 31KB

.data Size: 174KB - Virtual size: 173KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 9KB - Virtual size: 31KB

.data
Size: 174KB - Virtual size: 173KB

.rsrc
Size: 13KB - Virtual size: 12KB