c3101e91bde43cfb515d6a8a90828810

Sharing

Copy URL

Twitter E-mail

General

Target

c3101e91bde43cfb515d6a8a90828810
Size

329KB
MD5

c3101e91bde43cfb515d6a8a90828810
SHA1

8b56a9ddd924476ed9d3667749d97f3a97efdf93
SHA256

3eea9355a94318e16b36f6451cefd2e31dca4d2a63ea6f811a6a7d5d02b0592c
SHA512

3fbfd4a116e49ad0c12c550527c5a1fec86bab4da7820e527a06fb14ac072562b16286fa93585f1dd0c094f510d147bbe3dcda899e02422f5f375da629cc2b91
SSDEEP

6144:zNej9VNb2hnX2MWNYANr0ef4rLff4BLt9SbXfVtCul6LVf+DMFJt+v:z49Oh2MWaANQe8etgz9ZefCYt+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3101e91bde43cfb515d6a8a90828810

Files

c3101e91bde43cfb515d6a8a90828810
.exe windows:5 windows x86 arch:x86

ba3cba43b9d7890b0e6756b9a423badd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetProcessId
ResetEvent
SetProcessWorkingSetSize
LeaveCriticalSection
SystemTimeToFileTime
IsDebuggerPresent
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
SetThreadPriority
LoadResource
GlobalUnlock
CreateFileW
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedCompareExchange
LoadLibraryW
GetFileSize
GetCurrentThread
QueryPerformanceFrequency
InitializeSListHead
FreeLibrary
MulDiv
DebugBreak
CompareStringW
WaitForSingleObject
CloseHandle
CreateFileMappingA
LockResource
VirtualFree
DeleteCriticalSection
GetOverlappedResult
HeapReAlloc
SetWaitableTimer
InitializeCriticalSection
GetCurrentThreadId
HeapFree
GetVersionExW
FindClose
GetFullPathNameA
UnhandledExceptionFilter
ExitProcess
OutputDebugStringW
InterlockedExchange
SleepEx
InterlockedExchangeAdd
SetEvent
GetTickCount
TryEnterCriticalSection
lstrcmpiA
GetProcAddress
SetLastError
GetACP
HeapAlloc
FindResourceW
InterlockedIncrement
WaitForMultipleObjects
InterlockedPushEntrySList
CreateFileMappingW
CreateEventW
GetLastError
GetVersion
ReadFile
WaitForSingleObjectEx
VirtualQuery
GetVersionExA
SetUnhandledExceptionFilter
FindFirstFileW
PulseEvent
GetSystemDirectoryW
CancelIo
MapViewOfFile
Sleep
TerminateProcess
DelayLoadFailureHook
GetSystemInfo
GetModuleHandleA
RtlUnwind
LocalAlloc
InterlockedFlushSList
VirtualLock
InterlockedDecrement
DisableThreadLibraryCalls
ProcessIdToSessionId
RaiseException
UnmapViewOfFile
GetProcessHeap
CreateWaitableTimerW
DuplicateHandle
GetCurrentProcess
CreateFileA
VirtualAlloc
LocalFree
IsProcessorFeaturePresent
GetModuleHandleW
GetProcessWorkingSetSize
RtlCaptureStackBackTrace
SizeofResource
WriteFile
TerminateThread
LoadLibraryA
GetCurrentProcessId
CreateThread
QueryDepthSList

gdi32

GdiEntry13
GetDeviceCaps
DrawEscape
CreateCompatibleDC
RectInRegion
SelectObject
SelectPalette
GetDCOrgEx
GetDIBits
SetLayout
CombineRgn
CreateRectRgnIndirect
CreateDCW
GetRegionData
BitBlt
OffsetRgn
GetRgnBox
RealizePalette
GetSystemPaletteEntries
CreateICW
CreateCompatibleBitmap
DeleteDC
CreateDIBSection
CreatePalette
DeleteObject

user32

PostMessageW
GetGuiResources
GetWindowDC
PeekMessageW
UpdateLayeredWindow
OffsetRect
DispatchMessageW
SetRect
EnumDisplayDevicesW
GetClientRect
GetWindowLongW
IsRectEmpty
TranslateMessage
GetDC
EnumDisplayMonitors
ClientToScreen
EqualRect
ReleaseDC
EnumDisplaySettingsW
SetLayeredWindowAttributes
IsWindow
GetMonitorInfoW
GetDesktopWindow
InvalidateRect
RegisterWindowMessageW
CopyRect
IntersectRect
SystemParametersInfoW
MsgWaitForMultipleObjects

psapi

GetProcessMemoryInfo

rpcrt4

I_RpcExceptionFilter
RpcServerInqCallAttributesW
UuidToStringW
RpcServerRegisterIfEx
RpcBindingFree
NdrAsyncServerCall
UuidCreate
RpcStringBindingComposeW
RpcServerUnregisterIfEx
RpcServerInqBindings
RpcServerUseProtseqW
NdrAsyncClientCall
RpcAsyncGetCallStatus
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcBindingSetAuthInfoExW
RpcAsyncInitializeHandle
RpcEpRegisterW
RpcSsDestroyClientContext
RpcBindingVectorFree
RpcStringFreeW

ntdll

RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlInterlockedFlushSList
NtUnmapViewOfSection
DbgPrompt
DbgPrintEx
NtAddAtom
RtlFindClearBitsAndSet
NtQuerySystemInformation
NtAllocateVirtualMemory
RtlLookupElementGenericTable
RtlInitializeBitMap
RtlIsGenericTableEmpty
NtCreateSection
RtlEnumerateGenericTableWithoutSplaying
RtlNumberGenericTableElements
RtlDeleteElementGenericTable
RtlSetBits
DbgBreakPoint

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
RegOpenKeyA
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExA
TraceMessage
RegQueryValueExW
TraceEvent
GetTraceEnableFlags
RegCloseKey

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoTaskMemFree
PropVariantClear
CoUninitialize
PropVariantCopy

msvcrt

malloc
isalpha
__dllonexit
isalnum
isdigit
_purecall
_XcptFilter
wcstol
_lock
atof
memmove
_resetstkoflw
_CIsqrt
_amsg_exit
ceil
_stricmp
_CIexp
_CIcos
_errno
_CIatan2
memcpy
_vsnprintf
tolower
wcsstr
clock
floor
_vsnwprintf
strchr
_CIlog
_CIacos
isxdigit
_CIcosh
_finite
_unlock
_copysign
qsort
_initterm
_adjust_fdiv
free
_wcsicmp
toupper
_CIpow
_CIsinh
_CItanh
_CIsin
_strdup
memset
atoi
_wtoi
_controlfp
_isnan
modf
_CIatan
calloc
setlocale
_wtof
realloc
_CItan
_onexit
wcschr
isspace
_CIfmod
_fpclass
_CIasin
_clearfp

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba3cba43b9d7890b0e6756b9a423badd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

psapi

rpcrt4

ntdll

advapi32

ole32

msvcrt

Sections

.text Size: 303KB - Virtual size: 302KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 6KB - Virtual size: 1.4MB

.text
Size: 303KB - Virtual size: 302KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 6KB - Virtual size: 1.4MB