d3be26738d000a1b507628505487e404

Sharing

Copy URL

Twitter E-mail

General

Target

d3be26738d000a1b507628505487e404
Size

554KB
MD5

d3be26738d000a1b507628505487e404
SHA1

de4aa01b90590c55ba0073e1aff30c1ae65f9b0d
SHA256

dd505f64e51305b2ccf45c3e71f0121ed585c2c4e5f86b4d360576b0e7e44ccd
SHA512

ea0ec95735c7c2c8d02a8bb52e3e41138e92fbd3ab933feff840513eba2d94d64539188d9f332a2cca39757b0225596771f467ccb8e9d56b73e38339c57f95cf
SSDEEP

12288:+Nq7uauSqaDZHPUMMvGdoYFAB2C+/0lJ9RKref+MvNTYa:kqStYJP/kBwAK6RKq+MvW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3be26738d000a1b507628505487e404

Files

d3be26738d000a1b507628505487e404
.exe windows:5 windows x86 arch:x86

c8f9c834de33c15b5df418af5b8a7cd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

wscanf
wcsrchr
sin
localtime
isalnum
fputc
_rmtmp
_ismbblead
_finite
_fileno
_exit
_c_exit

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

rpcrt4

double_from_ndr
RpcSmClientFree
RpcServerTestCancel
RpcMgmtStatsVectorFree
RpcMgmtSetComTimeout
RpcMgmtEpEltInqDone
RpcBindingSetAuthInfoExA
MesInqProcEncodingId
DceErrorInqTextA

ntdll

ZwOpenIoCompletion
ZwDeleteAtom
RtlSetTimer
RtlSetAttributesSecurityDescriptor
RtlPrefixString
RtlNtStatusToDosError
NtSetLowWaitHighEventPair
NtLoadKey2
NtEnumerateValueKey
NtAllocateUuids
CsrFreeCaptureBuffer
RtlAddAuditAccessAce

kernel32

SetCommState
CompareFileTime
ExitProcess
FindFirstChangeNotificationW
FindFirstFileExW
FindNextChangeNotification
GetACP
GetCPInfoExW
GetCommandLineA
GetDriveTypeW
GetTapeParameters
GlobalMemoryStatus
HeapAlloc
lstrcpyA
WaitForMultipleObjectsEx
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
TlsSetValue
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriorityBoost
SetThreadLocale
SetThreadAffinityMask
SetLastError
OpenSemaphoreW
OpenMutexW
MultiByteToWideChar
LocalAlloc
LeaveCriticalSection
BeginUpdateResourceW

userenv

UnregisterGPNotification
RegisterGPNotification
LeaveCriticalPolicySection
CreateEnvironmentBlock
DestroyEnvironmentBlock
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
GetProfilesDirectoryW

Exports

Exports

BdhoIbSqLpdf
PfgrvQwdvjqoxR
cIgykamESgxPrjxyw
dXqMambKZpufvCHxaf
eZnwozkyhksKvwlusn
lpdcWweRa
myttjfyGaljhK
ojfqdueryUL
qtwyorxLbeoce
rqyselaUzqzgts
vctCldjzoodmyusvz
wyfhwLMDaoeOuuuhmC

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 486KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8f9c834de33c15b5df418af5b8a7cd6

Headers

File Characteristics

Imports

crtdll

version

rpcrt4

ntdll

kernel32

userenv

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 486KB - Virtual size: 1.1MB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 486KB - Virtual size: 1.1MB

.rsrc
Size: 31KB - Virtual size: 30KB