3f56c131ee2ec17b6b417df2c35db681

Sharing

Copy URL

Twitter E-mail

General

Target

3f56c131ee2ec17b6b417df2c35db681
Size

27KB
MD5

3f56c131ee2ec17b6b417df2c35db681
SHA1

7f7a50502af01ba95bfd44f39aa8d75739fb7763
SHA256

7dde5a254f9281b366ee2adae2ad45b9b993d12f0187e411a9e4e5aa491d7197
SHA512

ce5bcf631d164a763433edea5a6a26519f1ef19b5800eb46a5b6e1c2273f274d0f54ab73771e6db66e2cf552acd624aab00c0d8d0229ec517ed95a688c830b10
SSDEEP

768:/ZIrlyz1/J/KGmOFiFa8yTmuxP2sXxy4vso0euvIsT7ksHdAS:/yAp9EWqa8SzesXxvUo0PIs79AS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f56c131ee2ec17b6b417df2c35db681

Files

3f56c131ee2ec17b6b417df2c35db681
.exe windows:4 windows x86 arch:x86

f4896ce830a2c027bfd808984a052111

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
ReadFileEx
GetCurrentProcess
GetDiskFreeSpaceA
IsProcessorFeaturePresent
FindFirstFileA
CreateFileA
GetTickCount
GlobalFree
GetUserDefaultLangID
GetCurrentProcessId
GetModuleFileNameA
GetLastError
CreateEventA
Sleep
SetEvent
QueryPerformanceFrequency
GetCurrentThread
UnhandledExceptionFilter
RemoveDirectoryA
FindClose
lstrcmpA
LCMapStringW
CreateMutexA
GetSystemInfo
CreateFileMappingA
HeapCreate
VirtualAlloc
DeleteCriticalSection
ResetEvent
ExpandEnvironmentStringsA
FindNextFileA
GetLocalTime
CloseHandle
GetCurrentThreadId
DeleteFileA
LoadLibraryA
GetFileAttributesA
TlsAlloc
GetOverlappedResult
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
SetThreadPriority
CreateThread
TlsSetValue
ReadProcessMemory
GetSystemDefaultLangID
HeapFree
GetDriveTypeA
WaitForSingleObjectEx
WriteFileEx
ReleaseMutex
TlsGetValue
GetExitCodeThread
GetProcessHeap
lstrcpyA
InitializeCriticalSection
SleepEx
WaitForMultipleObjectsEx
MapViewOfFile
WriteFile
CreateSemaphoreA
HeapDestroy
MoveFileA
FreeLibrary
HeapAlloc
WaitForSingleObject
GlobalAlloc
InterlockedIncrement
VirtualQuery
DebugBreak
ReleaseSemaphore
SetEndOfFile
OutputDebugStringA
QueryPerformanceCounter
ReadFile
GetVersionExA
GetModuleHandleA
UnmapViewOfFile
GetFileSize
lstrlenA
TlsFree
IsValidLocale
GlobalMemoryStatus
TerminateProcess
FlushFileBuffers
CopyFileA
CreateDirectoryA

msvcrt

strchr
exit
fopen
isprint
wcslen
_purecall
atol
_except_handler3
strtoul
_stricmp
strpbrk
_beep
vsprintf
printf
_chdir
time
_ftol
__dllonexit
_strnicmp
strtok
fclose
toupper
_iob
free
strncpy
malloc
_fullpath
fprintf
_onexit
_vsnprintf
_adjust_fdiv
_beginthread
rand
memmove
_ultoa
fflush
_itoa
vprintf
_snprintf
_splitpath
sprintf
_makepath

advapi32

RegCloseKey
RegisterEventSourceA
RegQueryValueExA
RegDeleteValueA
InitializeSecurityDescriptor
RegDeleteKeyA
DeregisterEventSource
ReportEventA
SetSecurityDescriptorDacl
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

winmm

auxSetVolume

Sections

.textbss
Size: 21KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4896ce830a2c027bfd808984a052111

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

winmm

Sections

.textbss Size: 21KB - Virtual size: 96KB

.text Size: 512B - Virtual size: 472B

.idata Size: 4KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 4B

.textbss
Size: 21KB - Virtual size: 96KB

.text
Size: 512B - Virtual size: 472B

.idata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 4B