c3f7080273c45ae92d3487179e7dce0e

Sharing

Copy URL Twitter E-mail

General

Target

c3f7080273c45ae92d3487179e7dce0e
Size

59KB
MD5

c3f7080273c45ae92d3487179e7dce0e
SHA1

7d8083ea4ec3023844e534777fcaa29319f41db8
SHA256

a4b2569a5f0993aed6a3c6d305825534723840c619783463abe4fed9ceb5489d
SHA512

6d82b0b376c9a5281e4f7e1c1daf220b8c1c286ccb31902cbf21ee4576bd4e3a0c9ee6f5252dc55d27a4da4757d7ab15f6e22502b5b0d66ce6786c4aae6a57e3
SSDEEP

1536:NlsaNs+RkxCSJRkzLGFpReEXu+goiXw/a+VR:7sEwxztnTXu+goiXwLVR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3f7080273c45ae92d3487179e7dce0e

Files

c3f7080273c45ae92d3487179e7dce0e
.exe windows:5 windows x86 arch:x86

e3f66b3efd070d578461644b3207be32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
rand
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
wcsncpy
_purecall
_wsplitpath
malloc
vswprintf
_putws
wcschr
wcsrchr
time
srand
strncpy
sprintf
_wcsicmp
wcslen
wcscpy
wcscat
wcscmp
free
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
_adjust_fdiv
_c_exit
_itow

advapi32

ChangeServiceConfigW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
DeregisterEventSource
AllocateAndInitializeSid
FreeSid
SetServiceStatus
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CryptAcquireContextW
ReportEventW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
CryptGenRandom
CryptReleaseContext
RegCreateKeyW
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
EqualSid
InitializeAcl
GetAce
AddAccessAllowedAce
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
OpenProcessToken

kernel32

SetEvent
GetVersionExW
GetQueuedCompletionStatus
CreateThread
DuplicateHandle
InterlockedCompareExchange
ResetEvent
WaitForMultipleObjects
SetErrorMode
InterlockedDecrement
GetACP
SetFilePointer
GetLocalTime
GetCommandLineW
GetModuleHandleA
GetStartupInfoW
ExpandEnvironmentStringsW
GetConsoleCP
FormatMessageW
LocalFree
GetCurrentProcessId
CreateNamedPipeW
VirtualFree
VirtualAlloc
HeapFree
PostQueuedCompletionStatus
HeapAlloc
GetProcessHeap
OpenProcess
TerminateThread
lstrlenW
lstrcpyW
InterlockedIncrement
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
LeaveCriticalSection
EnterCriticalSection
GetLastError
CloseHandle
GetCurrentProcess
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
GetModuleFileNameW
lstrcpynW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
CreateFileW
CreateEventW
CreateMutexW
InterlockedExchange
ReleaseMutex
GetSystemTime
GetOEMCP
SetHandleInformation
CreateIoCompletionPort
CreateProcessW
Sleep
ReadFile
WriteFile

user32

LoadStringW
CreateDesktopW
SetProcessWindowStation
CreateWindowStationW
CloseDesktop
wsprintfW
CloseWindowStation
wsprintfA
LoadStringA
MessageBoxW
GetProcessWindowStation
CharNextW

ntlsapi

NtLicenseRequestA
NtLSFreeHandle

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysFreeString
SysStringByteLen
LoadRegTypeLi
SetErrorInfo
RegisterTypeLi
LoadTypeLi
VarI4FromStr
VarBstrFromDate
VarDateFromUdate
UnRegisterTypeLi
SysAllocStringLen
SysStringLen

ws2_32

WSAEventSelect
WSAEnumNetworkEvents
accept
WSASetLastError
WSASetEvent
inet_ntoa
WSACloseEvent
WSACleanup
shutdown
WSAResetEvent
WSADuplicateSocketW
getpeername
WSAStartup
htons
socket
setsockopt
bind
listen
WSAGetLastError
inet_addr
closesocket

psapi

EnumProcesses

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3f66b3efd070d578461644b3207be32

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntlsapi

ole32

oleaut32

ws2_32

psapi

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 17KB