003b68d5af9ef586d794b3ffeff07bf7bc040c4471f52d03c8fcdf11e7e3f38d

Sharing

Copy URL Twitter E-mail

General

Target

003b68d5af9ef586d794b3ffeff07bf7bc040c4471f52d03c8fcdf11e7e3f38d
Size

261KB
MD5

1eb2d932bb916d4db7f483859eebabf8
SHA1

de859d9cacb96d8839e78972d1584fe2e59d23f5
SHA256

003b68d5af9ef586d794b3ffeff07bf7bc040c4471f52d03c8fcdf11e7e3f38d
SHA512

777a3ab6f8b11534eeb12906941f23992634fba75b1eea70d1497382aa82cf1bce1b68dcaf1f318a71554b79449102f3611f8db354e7c981bd1068acf27175f3
SSDEEP

6144:1/t3esz7BrEs+2EZ873ebfLUA7jEDaRn3Uc/AO0TmIKHKK:9t31z7Bn+2Y873QfLUAXEDa1xuOKK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
003b68d5af9ef586d794b3ffeff07bf7bc040c4471f52d03c8fcdf11e7e3f38d

Files

003b68d5af9ef586d794b3ffeff07bf7bc040c4471f52d03c8fcdf11e7e3f38d
.exe windows:5 windows x86 arch:x86

dbe7741d342aa19c116a7c55ca539280

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetCurrentThreadId
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrlenW
CreateMutexW
GetCommandLineW
MultiByteToWideChar
CreateProcessW
WideCharToMultiByte
GetModuleHandleW
CreateFileA
DeviceIoControl
GetCurrentProcess
GetVersionExW
SetFilePointerEx
GetConsoleMode
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetProcessHeap
HeapSize
SetStdHandle
FreeLibrary
LoadLibraryW
GetProcAddress
GetTickCount
SetWaitableTimer
CreateWaitableTimerA
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
GetLastError
GetConsoleCP
RaiseException
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
GetFileType
CreateFileW
WriteConsoleW
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
EncodePointer
EnterCriticalSection
LeaveCriticalSection
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
SetEvent

user32

GetDoubleClickTime
SendMessageW
GetParent
MessageBoxA
PostMessageW
DispatchMessageW
PeekMessageW
RegisterWindowMessageW
SetForegroundWindow
CreateDesktopW
GetThreadDesktop
SendMessageTimeoutW
OpenDesktopW
GetClassNameW
EnumChildWindows
GetWindow
FindWindowExW
TranslateMessage
EnumDesktopWindows
GetWindowTextW

advapi32

CryptAcquireContextW
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
CryptCreateHash

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
VarBstrCmp

shlwapi

SHGetValueW
SHDeleteValueW
StrCatW
SHSetValueW

userenv

RefreshPolicy

winmm

timeKillEvent
timeSetEvent

winhttp

WinHttpCrackUrl
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCheckPlatform
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpConnect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbe7741d342aa19c116a7c55ca539280

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

winmm

winhttp

version

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 7KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 7KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 10KB - Virtual size: 10KB