c3872fa9fe2858f2fa6a9655de6931a9

Sharing

Copy URL

Twitter E-mail

General

Target

c3872fa9fe2858f2fa6a9655de6931a9
Size

464KB
MD5

c3872fa9fe2858f2fa6a9655de6931a9
SHA1

a7686ef2f29ee49b4a7b9ccb4a2d258f35e887d6
SHA256

96f84433da9c0f8a921715c232e5fbdbcdf07254a4a143ea98759f8d047cf366
SHA512

9e72a70d9e413bd9412bf560513f1e83ca5f81fb78c8ea33f5a6c8eab15d0c79fc71fd3a2e884dd784bb7fc2facedf02caa11cc0d76c76d3809d155a34548872
SSDEEP

12288:ugJIfaZZSNcuyIXfVhBjLce74nCZGWbp6P1O1K:VKlRXDBOCZGWtGSK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3872fa9fe2858f2fa6a9655de6931a9

Files

c3872fa9fe2858f2fa6a9655de6931a9
.exe windows:4 windows x86 arch:x86

d71d6bf9c508562fb29a8814224e71c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

atl

AtlModuleRegisterClassObjects

advapi32

RegOpenCurrentUser
RegOpenKeyExA
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
CheckTokenMembership
RegQueryValueExA
FreeSid
RegOpenKeyExW
RegQueryValueW
RegSetValueExW
RegCreateKeyW
AllocateAndInitializeSid

ddraw

DirectDrawCreate

kernel32

SetFilePointer
GetUserDefaultLCID
LoadLibraryA
GetThreadLocale
HeapFree
ExitProcess
FreeEnvironmentStringsW
VirtualQuery
CreateThread
GlobalReAlloc
HeapAlloc
EnumResourceLanguagesW
GetStringTypeW
GetUserDefaultLangID
FindResourceW
GlobalUnlock
GetCPInfo
lstrcmpW
MultiByteToWideChar
VirtualFree
GetFileSize
IsBadReadPtr
LocalAlloc
GetLocaleInfoA
HeapReAlloc
GetOEMCP
GlobalHandle
EnumCalendarInfoW
MulDiv
GetCurrentProcessId
GetProcessHeap
GlobalAlloc
TlsFree
GetModuleFileNameA
GetStringTypeA
lstrcpynW
FindResourceExW
GetLastError
LoadLibraryW
InterlockedIncrement
VirtualAlloc
FindResourceExA
GetEnvironmentStringsW
GlobalFree
GetEnvironmentStrings
Sleep
IsBadWritePtr
InterlockedExchange
FreeResource
FlushFileBuffers
LocalSize
WriteFile
lstrcmpiA
LocalFree
LeaveCriticalSection
UnmapViewOfFile
GetLocaleInfoW
GetStartupInfoA
GetCurrentThreadId
EnterCriticalSection
TlsAlloc
GetSystemInfo
SetHandleCount
lstrcmpiW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
GetTimeFormatW
WideCharToMultiByte
GetFileType
GetNumberFormatW
GetWindowsDirectoryW
GetLocalTime
InterlockedDecrement
CreateEventW
CloseHandle
FreeEnvironmentStringsA
DisableThreadLibraryCalls
CreateFileW
GlobalAddAtomW
SetStdHandle
LoadResource
GetSystemDefaultLCID
GetStringTypeExW
GetSystemTimeAsFileTime
GetCurrentProcess
TlsSetValue
HeapCreate
GetProcAddress
SizeofResource
GetACP
CompareStringW
FreeLibrary
SetEvent
LockResource
GetModuleHandleW
LocalReAlloc
LCMapStringA
GetVersionExA
QueryPerformanceCounter
GetDateFormatW
LCMapStringW
GetModuleHandleA
GetStdHandle
DeleteCriticalSection
VirtualProtect
lstrlenW
HeapDestroy
lstrcmpA
InitializeCriticalSection
TlsGetValue
SetLastError
TerminateProcess
CompareStringA
WaitForSingleObject
GetCommandLineA
GetTickCount
lstrlenA
CreateFileMappingW
GetModuleFileNameW
MapViewOfFile

gdi32

CreatePolygonRgn
SetPixel
CreateRectRgnIndirect
CombineRgn
RectVisible
SetPixelV
CreateCompatibleDC
GetTextMetricsW
GetBitmapBits
SetDIBColorTable
Arc
GetViewportExtEx
StretchDIBits
SetDIBits
GetPaletteEntries
GetTextCharsetInfo
BitBlt
CreateSolidBrush
GetObjectW
GetClipBox
SetTextColor
SetBkColor
FillRgn
SetTextAlign
GetBkColor
EnumFontFamiliesExW
SetBrushOrgEx
Rectangle
GetNearestColor
Ellipse
SaveDC
CreatePatternBrush
UnrealizeObject
IntersectClipRect
ExtTextOutA
GetTextColor
GetCharWidthW
TranslateCharsetInfo
PatBlt
ExtTextOutW
DeleteObject
FrameRgn
DeleteDC
CreateRectRgn
GetDIBits
SelectPalette
CreateHalftonePalette
SelectClipRgn
SelectObject
RestoreDC
SetWindowOrgEx
CreateFontW
SetBkMode
GetTextExtentPoint32W
ExtSelectClipRgn
CreateBitmapIndirect
RealizePalette
CreateDIBSection
GetCharWidthA
CreatePalette
OffsetRgn
GetDeviceCaps
LineTo
Polyline
OffsetWindowOrgEx
GetTextExtentPointA
CreateRoundRectRgn
CreateFontIndirectW
GetStockObject
CreateBitmap
StretchBlt
GetDIBColorTable
GetDCOrgEx
GetClipRgn
TextOutW
MoveToEx
GetTextAlign
ExcludeClipRect
GetTextExtentPointW
CreatePen
GetCurrentObject
MaskBlt
CreateCompatibleBitmap
GetPixel
GetWindowExtEx

ntdll

RtlAddAuditAccessAceEx

Sections

.text
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d71d6bf9c508562fb29a8814224e71c2

Headers

File Characteristics

Imports

atl

advapi32

ddraw

kernel32

gdi32

ntdll

Sections

.text Size: 4KB - Virtual size: 928B

.rdata Size: 372KB - Virtual size: 371KB

.data Size: 12KB - Virtual size: 2.4MB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 64KB - Virtual size: 63KB

.text
Size: 4KB - Virtual size: 928B

.rdata
Size: 372KB - Virtual size: 371KB

.data
Size: 12KB - Virtual size: 2.4MB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 64KB - Virtual size: 63KB