b3f2514ab5097752f7454492a5cc8b3e

Sharing

Copy URL

Twitter E-mail

General

Target

b3f2514ab5097752f7454492a5cc8b3e
Size

523KB
MD5

b3f2514ab5097752f7454492a5cc8b3e
SHA1

c0fae5002584e38c90815e03a896f4baa4838675
SHA256

7b9b50dd23f35cc141bdffcddd656a0e6b91f2faca22ac29b910dff78b36e3f8
SHA512

4410245ab1796b9caa78f4af8867c79bc3eede395840acb407479178cf0a8b2514860ea495c963034912996613de594a165b4f02755a4ea8b00c38e3054aca57
SSDEEP

12288:lzU4+v9fkIk9bG+FxSYsajaG1HEY7kiPkxMX:+4+vlkrM+FxS0x1k+sxM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3f2514ab5097752f7454492a5cc8b3e

Files

b3f2514ab5097752f7454492a5cc8b3e
.exe windows:4 windows x86 arch:x86

0efc26dae9bbc157ad723605bb7948ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\treeoeq.pdb

Imports

wininet

InternetFortezzaCommand
DeleteUrlCacheEntryA
CreateUrlCacheContainerW
InternetGetConnectedState
FtpGetCurrentDirectoryA

advapi32

LogonUserA
RegCreateKeyExW
CryptSignHashA
CryptSetProviderExW
CryptDecrypt
CryptSetKeyParam
CryptSetProviderExA
RegSaveKeyA
RegLoadKeyA
RegCreateKeyExA
RegSaveKeyW
RegQueryValueA
CryptImportKey
ReportEventW
CryptContextAddRef
RegEnumKeyExW
RegEnumKeyW
RegQueryMultipleValuesA
RegQueryInfoKeyA
RegReplaceKeyA
LogonUserW
RegQueryMultipleValuesW
RegEnumValueA

gdi32

CreateICW
Ellipse
GetLogColorSpaceW
PtInRegion
SetROP2
EnumFontFamiliesExA
SetWindowOrgEx
ColorMatchToTarget
SetWorldTransform
GetClipRgn
FrameRgn
GetMetaFileA
CreateHatchBrush
CreateFontIndirectW
SetMagicColors
DrawEscape
BeginPath
CreatePolygonRgn
DeleteMetaFile

shell32

ShellExecuteEx
DragQueryFileAorW
SHGetSpecialFolderPathA
DragQueryPoint

user32

DdeUninitialize
IsIconic
SetWindowLongA
IsDialogMessage
RegisterClassA
ChangeClipboardChain
DdeDisconnect
GetActiveWindow
DestroyCursor
TrackPopupMenu
GetWindowLongW
NotifyWinEvent
SetRectEmpty
GetMonitorInfoA
GetWindowDC
RegisterClassExA

kernel32

InterlockedExchange
CreateMutexA
FreeEnvironmentStringsW
TlsSetValue
SetConsoleCtrlHandler
HeapCreate
GetStartupInfoA
GetCurrentProcess
GetCommandLineW
LCMapStringA
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapFree
LeaveCriticalSection
GetProcAddress
ReadConsoleInputA
DeleteCriticalSection
GetFileType
GetCurrentThread
VirtualAlloc
LoadModule
GetStartupInfoW
TlsFree
QueryPerformanceCounter
GetUserDefaultLCID
OpenMutexA
UnhandledExceptionFilter
GetLastError
GetFileTime
GetTimeFormatA
CompareStringA
FreeLibrary
GetModuleFileNameW
GetPriorityClass
GetEnvironmentStringsW
WideCharToMultiByte
UnmapViewOfFile
SetUnhandledExceptionFilter
WriteConsoleA
CloseHandle
Sleep
GetDateFormatA
HeapReAlloc
VirtualFree
GetLocaleInfoA
HeapDestroy
EnterCriticalSection
GetCurrentProcessId
ReadFile
HeapAlloc
IsValidCodePage
EnumSystemLocalesA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
ExitProcess
LoadLibraryA
GetConsoleOutputCP
FlushFileBuffers
GetConsoleCP
SetHandleCount
GetACP
RtlUnwind
GetTickCount
InterlockedIncrement
LCMapStringW
GetModuleHandleW
GetCPInfo
CompareStringW
CreateProcessW
IsDebuggerPresent
GetConsoleMode
GetStdHandle
InterlockedDecrement
OutputDebugStringW
WriteFile
GetStringTypeW
TerminateProcess
TlsAlloc
GetCurrentThreadId
SetWaitableTimer
SetLastError
WriteConsoleW
SetEnvironmentVariableA
SetFilePointer
VirtualQuery
HeapSize
CreateFileA
GetCommandLineA
GetOEMCP
IsValidLocale
GetTimeZoneInformation
TlsGetValue
SetStdHandle
GetModuleFileNameA
GetModuleHandleA
MultiByteToWideChar

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Write
InitMUILanguage
ImageList_GetDragImage
ImageList_AddMasked
CreateStatusWindowW
ImageList_DrawEx

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0efc26dae9bbc157ad723605bb7948ce

Headers

File Characteristics

PDB Paths

Imports

wininet

advapi32

gdi32

shell32

user32

kernel32

comctl32

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 209KB - Virtual size: 221KB

.data Size: 109KB - Virtual size: 108KB

.rsrc Size: 29KB - Virtual size: 29KB

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 209KB - Virtual size: 221KB

.data
Size: 109KB - Virtual size: 108KB

.rsrc
Size: 29KB - Virtual size: 29KB