d3bf7ece049e794f16122fa8ebdafa34

Sharing

Copy URL Twitter E-mail

General

Target

d3bf7ece049e794f16122fa8ebdafa34
Size

368KB
MD5

d3bf7ece049e794f16122fa8ebdafa34
SHA1

058032cb8fa04106876aa0e6c99e524805c3e10c
SHA256

54954fe5238a434d2ebd26cb5d578e3cdbb8b045f6b717cab7b22b847afa8e7e
SHA512

e0dbff6546bae672c94373d4036662362023e2f30cc486329409d765841bfe8e968e65dc1fc12f48f4891f0e71f8f5475b98f738fee6457e1dcac3121e01e04f
SSDEEP

6144:wEeh1LovKIx0ndKy2u1AbDkWS4zefySvlAwxIsGykdvxvzq5B0CfLvoq+S8o:wEI1LoEndrAbzzivlAazGfvxvoB0CThp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3bf7ece049e794f16122fa8ebdafa34

Files

d3bf7ece049e794f16122fa8ebdafa34
.exe windows:4 windows x86 arch:x86

fd077d43c97d7a0466e851df341d1743

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AccessCheck
AddAccessAllowedAce
AddAccessDeniedAce
AllocateAndInitializeSid
CreateProcessAsUserW
CryptVerifySignatureW
DuplicateToken
ElfOpenEventLogW
FreeSid
GetLengthSid
GetSecurityDescriptorDacl
GetSecurityInfo
ImpersonateNamedPipeClient
InitializeAcl
InitializeSecurityDescriptor
OpenThreadToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetServiceStatus

kernel32

GetCommandLineW
ExitProcess
VirtualAlloc
LoadResource
FindResourceA
CloseHandle
ConnectNamedPipe
CreateEventW
CreateMutexW
CreateNamedPipeW
CreateThread
DeleteFileW
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetCurrencyFormatA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetSystemDirectoryW
GetTempPathW
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExW
LocalFree
OpenProcess
ProcessIdToSessionId
ReadFile
RemoveDirectoryW
ResetEvent
SetEvent
SetLastError
Sleep
WaitForMultipleObjects
WaitForSingleObject
WriteFile
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
TerminateProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetSystemInfo

ole32

HGLOBAL_UserSize

rpcrt4

RpcBindingFree
RpcBindingInqAuthInfoA
NdrByteCountPointerUnmarshall

user32

InternalGetWindowText
CloseWindowStation
OpenWindowStationW
SetLayeredWindowAttributes
SetWindowPos
GetMenuBarInfo
GetUserObjectInformationW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 328KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd077d43c97d7a0466e851df341d1743

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

rpcrt4

user32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 328KB - Virtual size: 329KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 328KB - Virtual size: 329KB