a3dca0d089629c2a4c0af752d49b99e2d0185d30530e36fb4ac707a459123de4

Sharing

Copy URL Twitter E-mail

General

Target

a3dca0d089629c2a4c0af752d49b99e2d0185d30530e36fb4ac707a459123de4
Size

2.0MB
MD5

2b1053dffaffabaccb402b98ccab5433
SHA1

29ced9432bfacef9b9ead7666e47a754d5ea5066
SHA256

a3dca0d089629c2a4c0af752d49b99e2d0185d30530e36fb4ac707a459123de4
SHA512

b83a1988fcb6f4d32338a92f07e7c0b25cbcefa7afaa5dcb19d4575af9ac3296f4a05f829ea94e13ed5b35d5d2516a11063e113290e75c8233ca4878c755eccc
SSDEEP

24576:y1N8BW33i0My0N5kvr46AEfygCsbM9tlP+NaH2mzU+SXFWyxJCKYLuJ:UUW3xakvM+fygetkwp+FWyxQTuJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3dca0d089629c2a4c0af752d49b99e2d0185d30530e36fb4ac707a459123de4

Files

a3dca0d089629c2a4c0af752d49b99e2d0185d30530e36fb4ac707a459123de4
.exe windows:5 windows x86 arch:x86

8899c6c639bfdf3e5f64574050bc30a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

dbghelp

MakeSureDirectoryPathExists

kernel32

CreateFileA
GetLocalTime
Sleep
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
GetSystemDefaultLangID
GetModuleFileNameA
GetModuleHandleA
CreateEventA
GetDiskFreeSpaceA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
ReadFile
GetEnvironmentVariableA
GetCurrentProcessId
WaitForSingleObject
GetCurrentProcess
MultiByteToWideChar
GetPrivateProfileSectionNamesA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
GetTickCount
GetFileAttributesExA
CreateProcessA
GetStartupInfoA
GetLastError
DeviceIoControl
GetVersionExA
GetComputerNameA
CreateToolhelp32Snapshot
Process32Next
Process32First
WideCharToMultiByte
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
HeapSize
HeapReAlloc
GetStringTypeW
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
HeapDestroy
HeapCreate
ExitProcess
IsValidCodePage
GetOEMCP
SetFilePointer
WriteFile
GetCurrentThreadId
CreateFileW
CloseHandle
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
FreeLibrary
LoadLibraryW
WriteConsoleW
SetEndOfFile
GetProcessHeap
CreatePipe
GetACP
GetFileType
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStdHandle

user32

ExitWindowsEx
CreateDialogParamA
GetDesktopWindow
GetWindowRect
SetWindowPos
UpdateWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
EndDialog
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
ShowWindow
SetDlgItemTextA
SetFocus
DestroyWindow
SetWindowTextA
SendMessageA
MessageBoxA
PostQuitMessage

advapi32

RegSetValueExA
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteValueA
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8899c6c639bfdf3e5f64574050bc30a4

Headers

DLL Characteristics

File Characteristics

Imports

version

dbghelp

kernel32

user32

advapi32

shell32

Sections

.text Size: 421KB - Virtual size: 420KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 7KB - Virtual size: 816KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 421KB - Virtual size: 420KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 7KB - Virtual size: 816KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 24KB