3eb2ba0ada6ace71ae02244d2a293bb7

Sharing

Copy URL

Twitter E-mail

General

Target

3eb2ba0ada6ace71ae02244d2a293bb7
Size

236KB
MD5

3eb2ba0ada6ace71ae02244d2a293bb7
SHA1

706e4ebe772032636f8bff196c21cf357ea43ace
SHA256

4d16f3254784df9f58caa7426c2fff115a6d66423239fd227583b9fdee2a28bd
SHA512

d24912ae296614c030ada636b8984ca0382a558ffb28061ea1f4710b11511c5ebdb36fe82ce7a084faadda7c3509073f5b266fc0951b130a230773cd4ac4a19d
SSDEEP

1536:Pdy3Reso86ZHBP9UZP7U6HxKlWeScw6iBYCCamzXaIEBCqiiQMZ4DfKBal9Vmscv:PdqH69BPdGKMcwVB2aQXfm7SLSDoIh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eb2ba0ada6ace71ae02244d2a293bb7

Files

3eb2ba0ada6ace71ae02244d2a293bb7
.dll windows:4 windows x86 arch:x86

bcb7aaaa9b2672587e1ebd8f62c75fd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
lstrcatA
GetSystemDirectoryA
GetSystemTime
GetModuleFileNameA
LoadLibraryA
GetLastError
GetProcAddress
CreateThread
GetACP
GetCPInfo
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
CreateFileA
FlushFileBuffers
SetStdHandle
VirtualAlloc
HeapReAlloc
HeapAlloc
FatalAppExitA
SetConsoleCtrlHandler
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
LCMapStringW
LCMapStringA
RtlUnwind
SetEndOfFile
GetOEMCP
GetTimeZoneInformation
GetLocalTime
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
FreeEnvironmentStringsA
TlsFree
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCurrentThread
CloseHandle
InitializeCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetStartupInfoA
SetLastError
TlsGetValue
SetFilePointer
SetHandleCount
GetFileType
DeleteCriticalSection
TerminateProcess
ReadFile
ExitProcess
GetCurrentProcess

user32

GetCursorPos
ToAscii
GetKeyState
GetKeyboardState
CallNextHookEx
GetForegroundWindow
UnhookWindowsHookEx
GetWindowDC
GetDesktopWindow
ClientToScreen
ReleaseDC
CallWindowProcA
GetWindowLongA
SetWindowLongA
GetAsyncKeyState
GetDlgItem
GetClassNameA
WindowFromPoint
wsprintfA
GetClientRect
GetWindowTextA
GetWindowThreadProcessId
SetWindowsHookExA
SetCursorPos

gdi32

GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

ws2_32

closesocket
WSACleanup
socket
htons
inet_addr
connect
gethostbyname
send
recv
WSAStartup
gethostname
inet_ntoa

urlmon

URLDownloadToFileA

Exports

Exports

insthook

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcb7aaaa9b2672587e1ebd8f62c75fd6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 16KB

.idata Size: 8KB - Virtual size: 4KB

shared Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 16KB

.idata
Size: 8KB - Virtual size: 4KB

shared
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 6KB