3fc96d171624f6f41a4a56c6c3d85901

Sharing

Copy URL Twitter E-mail

General

Target

3fc96d171624f6f41a4a56c6c3d85901
Size

140KB
MD5

3fc96d171624f6f41a4a56c6c3d85901
SHA1

2d33ed65a72c63ecab7ef9f37118875e05b8253d
SHA256

9c33ebc3520444d26c7bb97303f5b053c2039a1da880fc2cce34a91162afc9a7
SHA512

37e87f633a99975d8db6a87c45093269de765e5697a25e25f7f6c54c547e0afb4527762d0450037f139e4b03e3676da4c121fe01fbea30e2f8bb9f65e7002258
SSDEEP

3072:Wm8lG1SVDUDfinyd8tbNB/cFv8qxMOPT:GE8Ein68tbNqEq5P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fc96d171624f6f41a4a56c6c3d85901

Files

3fc96d171624f6f41a4a56c6c3d85901
.exe windows:4 windows x86 arch:x86

bbffc2acce2f8c877b10bd93f3176639

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
htons
inet_addr
socket
connect
recv
send
closesocket

kernel32

GetCurrentProcessId
GetTickCount
Sleep
CloseHandle
WriteProcessMemory
ReadProcessMemory
OpenProcess
CreateThread
GetLastError
CreateMutexA
QueryPerformanceCounter
HeapSize
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
VirtualQuery
InterlockedExchange
InitializeCriticalSection
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
VirtualProtect
GetSystemInfo
GetStringTypeW
TlsFree
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
TlsAlloc
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetProcAddress
SetUnhandledExceptionFilter
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr

user32

SetTimer
LoadCursorA
LoadIconA
RegisterClassExA
CreateWindowExA
UpdateWindow
GetMessageA
DispatchMessageA
TranslateMessage
GetWindowThreadProcessId
FindWindowA
ShowWindow
UnregisterHotKey
PostQuitMessage
BeginPaint
DrawTextA
EndPaint
RegisterHotKey
LoadBitmapA
PostMessageA
MessageBoxA
DefWindowProcA

gdi32

SelectObject
GetObjectA
BitBlt
DeleteDC
SetBkColor
SetTextColor
CreateCompatibleDC

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbffc2acce2f8c877b10bd93f3176639

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 84KB - Virtual size: 83KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 84KB - Virtual size: 83KB