3fe9b79682c63d3df28eb9492e96e352

Sharing

Copy URL Twitter E-mail

General

Target

3fe9b79682c63d3df28eb9492e96e352
Size

15KB
MD5

3fe9b79682c63d3df28eb9492e96e352
SHA1

231c75fefab393d5228ebb2da0f6557e15b0503a
SHA256

7c67f93dd125835ea126ab3a85bfae92047d40e8d4077cdf02b1d889dc521e9f
SHA512

40551c547491becd91657b6d13fec2c12d7a6ba7365f8362fccde88f53d8a0d4c93cdcdc7bf467a228b09b0f2bd45cf23f77d7d5f53329cae12cca767a2039c1
SSDEEP

384:ouZ7PEfLKWRHDX8J6OCFVMSNKA7IBbP6EqmhpTH8:TZ7PEfRRHDA6OwX7sBPhpT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fe9b79682c63d3df28eb9492e96e352

Files

3fe9b79682c63d3df28eb9492e96e352
.exe windows:4 windows x86 arch:x86

ffbd2e91da16a2793be588531f8ec48d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetSetOptionA

ntdll

_wcsicmp
memmove
strlen
_strcmpi

kernel32

GetCurrentThread
GetPriorityClass
GetThreadPriority
SetPriorityClass
GetCurrentProcess
SetThreadPriority
InterlockedExchange
OpenEventA
SetEvent
GlobalAlloc
DisableThreadLibraryCalls
GlobalFree
FreeLibrary
CreateEventA
LoadLibraryA
GetModuleHandleA
ReadFile
CreateFileW
GetTempPathA
GetTickCount
GetLastError
GetCommandLineW
WriteFile
GetCommandLineA
GetFileSizeEx
CreateFileA
GetProcAddress
Sleep
ReleaseMutex
GetSystemDirectoryA
WaitForSingleObject
lstrcpyA
lstrcatA
CreateDirectoryA
GetModuleFileNameW
VirtualAlloc
VirtualProtect
MoveFileExA
SetFilePointerEx
FindFirstFileA
GetComputerNameA
FindClose
lstrcpynA
FindNextFileA
GetVolumeInformationA
HeapAlloc
GetProcessHeap
HeapFree
Process32First
CreateProcessA
CloseHandle
CreateToolhelp32Snapshot
GetExitCodeProcess
CreateMutexA
GetModuleFileNameA
Process32Next
OpenProcess
lstrlenA
ExitProcess
DeleteFileA

user32

wsprintfA
UnhookWinEvent
SetWinEventHook

advapi32

OpenServiceA
OpenSCManagerA
SetThreadToken
RegFlushKey
DuplicateToken
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
SetServiceStatus
RegisterServiceCtrlHandlerA
RegSetValueExA
RegOpenKeyExA
OpenProcessToken
CloseServiceHandle
DeleteService
RegCloseKey
RegCreateKeyA
StartServiceA
CreateServiceA
RegQueryValueExA

shell32

CommandLineToArgvW

Exports

Exports

DllInstall
ServiceMain
sd
wep

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffbd2e91da16a2793be588531f8ec48d

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ntdll

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 904B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 904B