c344409b5603b5151e333ea0d75d9b36

Sharing

Copy URL Twitter E-mail

General

Target

c344409b5603b5151e333ea0d75d9b36
Size

182KB
MD5

c344409b5603b5151e333ea0d75d9b36
SHA1

1dac2f35eced5e8b1e10b5b98ac9faf03237373c
SHA256

c7591acf95421e2d3589e8581074ecc56bc9acb6f5d791f5b2ab082f3d2a78e7
SHA512

dab9c5901f6a7152897ada75ce83c4cb992bdb1f8264b0e297656e6dd8fe552d7184ae23395f9078419b2fb9366393df1d63aa66fca11701a0da3549b1e2b234
SSDEEP

3072:cV8V/PHmtwupgdIR3v4jiTFz3rBrhG3jTNiRt1YTV9TKGZPLr4GUEdf:cV8VXmtBRfbFz3rBrMT5iRta3Lr4c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c344409b5603b5151e333ea0d75d9b36

Files

c344409b5603b5151e333ea0d75d9b36
.exe windows:4 windows x86 arch:x86

a89233bbae41a708809e02c71329a08d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetSystemTimeAsFileTime
GetLastError
GetCurrentProcess
CreateDirectoryW
FindNextFileW
QueryPerformanceCounter
lstrcmpiW
GetCalendarInfoW
VirtualProtect
QueryDosDeviceW
InterlockedExchange
GetCurrentDirectoryW
EncodePointer
CreateFileMappingW
GetProcessId
SetEnvironmentVariableW
IsWow64Process
GetCurrentThreadId
MultiByteToWideChar
DuplicateHandle
Sleep
EnterCriticalSection
SetLastError
SetFileAttributesW
OutputDebugStringW
EnumResourceNamesA
GetFileInformationByHandle
LocalAlloc
GetModuleFileNameW
WaitForSingleObject
OpenProcess
UnmapViewOfFile
GetFileAttributesW
ExitProcess
ReleaseMutex
MapViewOfFile
FindFirstFileW
VirtualQuery
GetTickCount
FindClose
GetLogicalDriveStringsW
GetProcAddress
InitializeCriticalSection
UnhandledExceptionFilter
WideCharToMultiByte
SearchPathW
LocalFree
GetFileSizeEx
lstrlenW
InterlockedCompareExchange
LoadLibraryW
GetModuleHandleW
FreeLibrary
GetModuleHandleA
SetUnhandledExceptionFilter
CreateMutexW

gdiplus

GdipGetImageWidth
GdipDisposeImage

advapi32

EncryptFileW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
DecryptFileW
RegSetValueExW
RegEnumValueW
RegCloseKey

ole32

CoGetDefaultContext
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

shlwapi

StrDupW
PathIsUNCW
SHRegGetValueW
PathGetArgsW
PathSkipRootW
PathFindFileNameW

user32

GetPropW
AllowSetForegroundWindow
GetGUIThreadInfo
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a89233bbae41a708809e02c71329a08d

Headers

File Characteristics

Imports

kernel32

gdiplus

advapi32

ole32

shlwapi

user32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 77KB - Virtual size: 77KB

.edata Size: 1024B - Virtual size: 380KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 77KB - Virtual size: 77KB

.edata
Size: 1024B - Virtual size: 380KB