3fca712e04ba7a0249b15934d7fb716b

Sharing

Copy URL

Twitter E-mail

General

Target

3fca712e04ba7a0249b15934d7fb716b
Size

420KB
MD5

3fca712e04ba7a0249b15934d7fb716b
SHA1

c3bf38c49c44daf71cc61c9b4772f16ca4417cad
SHA256

a580770f3490efde6a7ea5de01751d034e9eacefacf0e34bd54ad22083960d65
SHA512

dc489ce53ce2c4fefac400b400d9fe7b9b02c2d59f802151cabf1e3d284aec432a0912c98040aae5f492b0ef0b293f53e675a47324e036576ece25bfcff45bf9
SSDEEP

6144:CT3bxCvkM0z+PBJ3emScMplZElQFPbFqqOe6lTFbrIUOT7dFkHz7m/t:S3EZvfIcMpl+2FzFR2TFbEUOT7dKm/t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fca712e04ba7a0249b15934d7fb716b

Files

3fca712e04ba7a0249b15934d7fb716b
.exe windows:4 windows x86 arch:x86

cbceccd0f91d9b33dd61a9ad61826ba4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatA
FreeEnvironmentStringsA
IsValidLocale
CompareStringW
RtlUnwind
GetTimeFormatA
CompareStringA
GetCurrentProcess
GetStartupInfoA
VirtualAlloc
LeaveCriticalSection
IsDebuggerPresent
HeapReAlloc
GetLocaleInfoW
GetWindowsDirectoryW
GetLocaleInfoA
GetCommandLineA
LCMapStringW
GetModuleFileNameA
GetCurrentThread
GetStringTypeW
ExitProcess
GetEnvironmentStringsW
GetStringTypeA
GetVersionExA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetStartupInfoW
GetCPInfo
HeapSize
QueryPerformanceCounter
TlsSetValue
SetLastError
GetCurrentDirectoryA
SetHandleCount
TlsFree
GetACP
HeapAlloc
GetOEMCP
HeapFree
CreateWaitableTimerW
MultiByteToWideChar
GetCurrentProcessId
GetFileTime
GetTimeZoneInformation
GetStdHandle
Sleep
HeapDestroy
FreeLibrary
GetFileType
GetUserDefaultLCID
GetCommandLineW
WideCharToMultiByte
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
DeleteCriticalSection
GetModuleHandleA
WriteFile
VirtualFree
WriteFileEx
OpenFile
SetEnvironmentVariableA
FillConsoleOutputAttribute
GetSystemDefaultLCID
FreeEnvironmentStringsW
HeapCreate
GetProcAddress
GetLastError
GetModuleFileNameW
EnumSystemLocalesA
IsValidCodePage
InterlockedExchange
InitializeCriticalSection
UnhandledExceptionFilter
GetProcessHeap
VirtualQuery
TlsGetValue
TlsAlloc
EnterCriticalSection
LCMapStringA
GetCurrentThreadId
InterlockedDecrement
lstrcatW
TerminateProcess
GetEnvironmentStrings
InterlockedIncrement
WritePrivateProfileStringA

advapi32

GetUserNameA
RegDeleteKeyA
LookupPrivilegeDisplayNameA
CryptGetDefaultProviderA
CryptContextAddRef
LookupAccountNameW
CryptDuplicateKey
InitiateSystemShutdownA
AbortSystemShutdownA
RegQueryValueExW
CryptGetProvParam
RegQueryValueExA
LookupPrivilegeDisplayNameW
ReportEventW
RegSetKeySecurity
LookupAccountSidW
RegEnumKeyW
CryptVerifySignatureA
RegOpenKeyExW
CryptAcquireContextW
CryptAcquireContextA
RegCreateKeyExW
LookupPrivilegeValueW
CryptImportKey

gdi32

FloodFill
SetBitmapBits
CreateBrushIndirect
SetBrushOrgEx
DPtoLP
CancelDC

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbceccd0f91d9b33dd61a9ad61826ba4

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

Sections

.text Size: 137KB - Virtual size: 137KB

.data Size: 276KB - Virtual size: 275KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 137KB - Virtual size: 137KB

.data
Size: 276KB - Virtual size: 275KB

.rsrc
Size: 6KB - Virtual size: 5KB