d3d76fea46b39dd97a6c3d72776e47e2

Sharing

Copy URL Twitter E-mail

General

Target

d3d76fea46b39dd97a6c3d72776e47e2
Size

416KB
MD5

d3d76fea46b39dd97a6c3d72776e47e2
SHA1

04dcb09dc31b2de4998f57716468381626fa7118
SHA256

451278b2c5c0b2534b82d3a08d42f594ee70c154bde750ba1ae8c3c9497bf508
SHA512

2e85e3be7abdd61d2fc11af188cea9d12c4ead62935c34c14ae634dbe9a137801f8ffaf8e0fb3c1e25a96781d92ba8c639e7cf93ec69f7dc49eae678f2db6d27
SSDEEP

3072:FtCqNPe2kVfclPfWc8ae/LvX0xIId6Kyx+wcqUCu27DBg/WFc3u/FD6hxdTI7n75:rHyfSWc8P00U2UxIzQVdQ9tsWurIvz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3d76fea46b39dd97a6c3d72776e47e2

Files

d3d76fea46b39dd97a6c3d72776e47e2
.exe windows:4 windows x86 arch:x86

93167ddb9d84228d030452181d31105b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Works\KernelBots_Up16\Server\Release\Server.pdb

Imports

kernel32

LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
DeviceIoControl
CopyFileW
DeleteFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetFileAttributesW
GetVolumeInformationW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
FindClose
FindNextFileW
WideCharToMultiByte
GetFullPathNameW
WriteFile
SetCurrentDirectoryW
Thread32Next
GetCurrentThreadId
SuspendThread
Thread32First
DuplicateHandle
GetModuleFileNameW
CreateThread
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemInfo
VirtualProtect
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
LCMapStringW
LCMapStringA
HeapSize
GlobalFree
GetCurrentProcessId
OpenProcess
ExitProcess
GetSystemDirectoryW
LoadLibraryW
lstrcpyW
GetTickCount
GetProcessHeap
HeapAlloc
HeapFree
Sleep
CreateFileW
GetFileTime
SetFileTime
lstrcatW
GetCurrentProcess
GetLastError
CloseHandle
GetModuleHandleW
FindFirstFileW
GetProcAddress
MultiByteToWideChar
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleFileNameA
InterlockedExchange
VirtualQuery
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

FindWindowW
FindWindowExW
SendMessageW
PostMessageW
RegisterClassExW
CreateWindowExW
ShowWindow
SetWindowPos
UpdateWindow
wsprintfW
DefWindowProcW

advapi32

StartServiceCtrlDispatcherW
RegDeleteValueW
SetServiceStatus
CreateServiceW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
ChangeServiceConfigW
RegCreateKeyW
StartServiceW
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW

psapi

GetModuleFileNameExW

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93167ddb9d84228d030452181d31105b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

psapi

shlwapi

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 36KB - Virtual size: 40KB

.rsrc Size: 332KB - Virtual size: 330KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 36KB - Virtual size: 40KB

.rsrc
Size: 332KB - Virtual size: 330KB