a3105cc530426c7f4302483a2366f264

Sharing

Copy URL

Twitter E-mail

General

Target

a3105cc530426c7f4302483a2366f264
Size

217KB
MD5

a3105cc530426c7f4302483a2366f264
SHA1

aa5c1eeb28f91912c12677df85f724380464e4b1
SHA256

2f3c6d60342a0f0d0d70bf32c61e2543f32ec8c80f4fff3b5a21b09e753ffe51
SHA512

c3168ed72c74971b5232d0bad5ace105c929768db9d60764c68a87c5756d835c7397efde4e89fdbeeb2358012d937b10fb65b9b822c639d93545be262a14981f
SSDEEP

6144:9tjUnXdOFuiOFsAG7xmoDbxYJicc3kMXPO+ZAG:LUNxiOGB7xmSxY3c3kM/XA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3105cc530426c7f4302483a2366f264

Files

a3105cc530426c7f4302483a2366f264
.exe windows:4 windows x86 arch:x86

112974948199c5f91fc68cde8eb0f7d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
FreeLibrary
GetFullPathNameW
CreateNamedPipeA
OpenFile
lstrcpynA
lstrlen
GetCPInfo
CreatePipe
ReadDirectoryChangesW
MulDiv
OpenWaitableTimerA
FindResourceW
EndUpdateResourceW
GetLocalTime
GetCurrentThreadId
lstrcpyn
GetOEMCP
SearchPathW
Sleep
Beep
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryA
GetTempFileNameA
ReplaceFileW
TlsAlloc
CreateSemaphoreA
GetStringTypeW
lstrcmpW
GetSystemInfo
GlobalGetAtomNameA
GlobalFindAtomW
GetTempFileNameW
IsDebuggerPresent
IsBadStringPtrA
GetLongPathNameW
SystemTimeToFileTime
GlobalGetAtomNameW
HeapCreate
QueryPerformanceCounter
SleepEx

user32

GetSysColorBrush
ArrangeIconicWindows
CreateDesktopA
IsChild
FlashWindow
SetFocus
SetWindowLongA
SetWindowLongW
WaitForInputIdle
CreatePopupMenu
GetKeyState
CharPrevA
TrackPopupMenu
EnumWindows
SetDlgItemTextW
CallWindowProcW
GetMenuItemInfoA
SetMenu
GetForegroundWindow
GetClassInfoExA
CreateAcceleratorTableA
GetClassLongA
ShowCaret
GetWindowRect
SetWindowPos
MonitorFromWindow
EmptyClipboard
GetFocus
FindWindowW
DestroyCursor
DefDlgProcW
EndDialog
LoadMenuIndirectW
OffsetRect
GetActiveWindow
GetAsyncKeyState

gdi32

ExtTextOutW
SetDIBits
GetMetaFileW
LineTo
SetAbortProc
GetDeviceGammaRamp
SetColorSpace
GetEnhMetaFilePaletteEntries
CreateDCA

advapi32

RegCloseKey
RegDeleteKeyA
RegFlushKey
RegReplaceKeyA
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyW
RegRestoreKeyW
RegCreateKeyExW
RegOpenKeyExA

shlwapi

SHQueryValueExA
PathIsNetworkPathA
wnsprintfA
SHDeleteValueA
PathUnExpandEnvStringsA
StrChrNW
StrChrIW
IntlStrEqWorkerW
PathMatchSpecA
PathMakePrettyW
SHSkipJunction
StrFormatByteSizeA

version

VerInstallFileW
VerQueryValueA
GetFileVersionInfoW
VerLanguageNameA

wininet

DeleteIE3Cache
FindCloseUrlCache
InternetHangUp
InternetEnumPerSiteCookieDecisionA
CommitUrlCacheEntryA
RetrieveUrlCacheEntryFileW
InternetCanonicalizeUrlW
FtpGetCurrentDirectoryW
FtpRenameFileA
HttpEndRequestA
GopherGetLocatorTypeW
InternetAutodialCallback
FindNextUrlCacheGroup

winspool.drv

ReadPrinter
SetPrinterDataA
AddJobW
DeleteMonitorW
SpoolerPrinterEvent
EnumPortsW
AddFormW

Sections

.U
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZwpN
Size: 2KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Yp
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.g
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.la
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XU
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LhAI
Size: 5KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

112974948199c5f91fc68cde8eb0f7d4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

version

wininet

winspool.drv

Sections

.U Size: 5KB - Virtual size: 5KB

.ZwpN Size: 2KB - Virtual size: 449KB

.Yp Size: 86KB - Virtual size: 86KB

.g Size: 13KB - Virtual size: 13KB

.la Size: 4KB - Virtual size: 36KB

.XU Size: 85KB - Virtual size: 85KB

.data Size: 6KB - Virtual size: 259KB

.LhAI Size: 5KB - Virtual size: 70KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

.U
Size: 5KB - Virtual size: 5KB

.ZwpN
Size: 2KB - Virtual size: 449KB

.Yp
Size: 86KB - Virtual size: 86KB

.g
Size: 13KB - Virtual size: 13KB

.la
Size: 4KB - Virtual size: 36KB

.XU
Size: 85KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 259KB

.LhAI
Size: 5KB - Virtual size: 70KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B