3eff22bdfa00e79c52f49c5797e76f93

Sharing

Copy URL Twitter E-mail

General

Target

3eff22bdfa00e79c52f49c5797e76f93
Size

317KB
MD5

3eff22bdfa00e79c52f49c5797e76f93
SHA1

cc8fba9f3f4926c86c16b355f230662645ecb1c1
SHA256

45dafe59d1f43352f48e97fb5d5d285c407e5eb8335f0a30873f26dd7793e10d
SHA512

a76a39f2309b94cc109a904476debf36ad1e3e6dbf54009e0bccff043ff9c71780f62dd7505abfc45d7c2a2e348107c1a70a2fdf86d99341649022ed9ed1d228
SSDEEP

6144:2/fwo9cmJpH6scNYkCq6EGNfyydKPlRKeezJvhHpNIQ7nw:2/fwoWCZ6scN1C/EGNfldgLJe1hpNImw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eff22bdfa00e79c52f49c5797e76f93

Files

3eff22bdfa00e79c52f49c5797e76f93
.exe windows:4 windows x86 arch:x86

493b6558573f58a6fac58dab27a3e948

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassA
ClipCursor
DlgDirSelectComboBoxExW
GetWindowThreadProcessId
GetSystemMetrics
GetClassNameA
AdjustWindowRect
TranslateAccelerator
ReuseDDElParam
SetWinEventHook
DlgDirListW
RegisterClassExA

kernel32

VirtualAlloc
InitializeCriticalSection
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
TlsGetValue
HeapReAlloc
CreateMutexA
LoadLibraryA
TlsAlloc
OpenMutexA
GetUserDefaultLCID
GetFileType
GetStdHandle
GetModuleFileNameW
LeaveCriticalSection
IsBadWritePtr
FreeEnvironmentStringsW
GetLastError
SetStdHandle
TlsSetValue
VirtualQuery
GetStringTypeW
SetEnvironmentVariableA
GetVersionExA
EnterCriticalSection
GetTimeFormatA
InterlockedExchange
HeapAlloc
GetDateFormatA
GetCurrentThread
HeapDestroy
GetStartupInfoW
GetProcAddress
TerminateProcess
QueryPerformanceCounter
FlushFileBuffers
RtlUnwind
GetSystemInfo
DeleteCriticalSection
CompareStringA
FreeEnvironmentStringsA
GetTimeZoneInformation
GetCurrentProcess
WriteFile
GetCPInfo
GetCurrentProcessId
LCMapStringW
SetLastError
IsValidLocale
UnhandledExceptionFilter
LCMapStringA
GetModuleHandleA
GetStringTypeA
SetConsoleOutputCP
GetLocaleInfoA
SetHandleCount
GetCurrentThreadId
SetFilePointer
GetModuleFileNameA
HeapFree
VirtualFree
GetLocaleInfoW
GetEnvironmentStrings
TlsFree
GetCommandLineA
VirtualProtect
EnumSystemLocalesA
GetStartupInfoA
IsValidCodePage
GetSystemTimeAsFileTime
ExitProcess
HeapCreate
LocalShrink
GetTickCount
CloseHandle
GetACP
ReadFile
HeapSize
GetOEMCP
GetEnvironmentStringsW

advapi32

RegQueryInfoKeyA
LookupAccountSidA
RegRestoreKeyW
RegOpenKeyExA
CryptImportKey
CryptGetDefaultProviderA
CryptSetProviderExA
DuplicateToken
RegCreateKeyExA
LookupSecurityDescriptorPartsW
CryptDuplicateHash
DuplicateTokenEx
CryptSetProvParam
CryptSetProviderExW
LookupPrivilegeNameW
LookupPrivilegeValueW
RegEnumKeyExW
CreateServiceA
CryptDeriveKey
RegDeleteValueW
CryptSignHashA
ReportEventA
CryptGetProvParam

comctl32

InitCommonControlsEx

comdlg32

ReplaceTextA

shell32

SHGetSettings
InternalExtractIconListW
SHUpdateRecycleBinIcon
ExtractAssociatedIconW
ExtractIconA

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

493b6558573f58a6fac58dab27a3e948

Headers

File Characteristics

Imports

user32

kernel32

advapi32

comctl32

comdlg32

shell32

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 24KB - Virtual size: 53KB

.data Size: 90KB - Virtual size: 90KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 24KB - Virtual size: 53KB

.data
Size: 90KB - Virtual size: 90KB

.rsrc
Size: 14KB - Virtual size: 14KB