a3c2bab902fe7356c17de868fec5b131

Sharing

Copy URL Twitter E-mail

General

Target

a3c2bab902fe7356c17de868fec5b131
Size

18KB
MD5

a3c2bab902fe7356c17de868fec5b131
SHA1

945eb11a145077408af83c4cae4e3fc07bf22f9b
SHA256

51385836e33e4fec7e517d8a4dd4bb3d02a4253f9bf901097361a6b60954b417
SHA512

d9324ea5ccbd899e256ff100d53a5fc15ebe0ae603fabb9977f8663f3e435a3771b070f61cc52c3aea5a75e1a1098c6cc23e2f98efac101faabd8cb22be19595
SSDEEP

384:5OtHl3S+Dt+NrFYwi69+enrST8bODcteQdRh1:5C8+DoNFYusee8bODsea1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3c2bab902fe7356c17de868fec5b131

Files

a3c2bab902fe7356c17de868fec5b131
.dll windows:1 windows x86 arch:x86

d970b5c71c4dbd6b3ec66a8015a8a86d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateFileMappingA
CreateMutexA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindFirstFileA
FindNextFileA
FreeLibrary
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemDirectoryA
GetVolumeInformationA
HeapAlloc
HeapFree
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileA
OpenFileMappingA
RemoveDirectoryA
ResetEvent
SearchPathA
SetEvent
SetFilePointer
Sleep
SleepEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpW
lstrcpyA

user32

CreateDialogParamW
CreateWindowExW
DefWindowProcW
ExitWindowsEx
FindWindowW
GetAsyncKeyState
GetClassInfoExW
GetCursorPos
GetDlgItem
IsDialogMessageW
IsWindowVisible
KillTimer
RegisterClassExW
SendMessageA
SetLayeredWindowAttributes
SetTimer
SetWindowLongA
SetWindowTextW
ShowWindow
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA

wininet

FtpCreateDirectoryA
FtpPutFileA
FtpSetCurrentDirectoryA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryDataAvailable

wintrust

WinVerifyTrust

shell32

SHGetFolderPathA
ShellExecuteExA
StrRChrA

ntdll

RtlAdjustPrivilege

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

d970b5c71c4dbd6b3ec66a8015a8a86d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

wintrust

shell32

ntdll

Exports

Exports

Sections

.data Size: 2KB - Virtual size: 2KB

.code Size: 14KB - Virtual size: 13KB

.reloc Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 2KB

.code
Size: 14KB - Virtual size: 13KB

.reloc
Size: 1KB - Virtual size: 1KB