de3c9e8128a556bb40349b07ab061cae

Sharing

Copy URL Twitter E-mail

General

Target

de3c9e8128a556bb40349b07ab061cae
Size

404KB
MD5

de3c9e8128a556bb40349b07ab061cae
SHA1

8e648d2eba37c9ffbc3ce5930a596af5ab5c7566
SHA256

1e3739d9a2d57e5fc475c6d018ee753b463863510e83c973eaf58840251aa0a0
SHA512

f669a2a74cf29d8470bc8d8d8403207123b5783f87206cf006743d1e51f1727d59f31692ab3a22a66756a60d9b260e1bcd349c4580dc1268236d6a4dcea77bda
SSDEEP

6144:lL6f0uVBtr3plmXT4SqyhvU6giZ0UgxwkoDP/64jE7235:lesuVBtr3e1bhvBReUgxK36XS3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de3c9e8128a556bb40349b07ab061cae

Files

de3c9e8128a556bb40349b07ab061cae
.exe windows:4 windows x86 arch:x86

e022b14ace62edbdca240aa36f0cb0b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\tboxvq\exgifjsajh\eai.pdb

Imports

gdi32

GetDeviceCaps
DeleteDC
GetObjectW
GetMetaFileW
TextOutA
SelectObject
CreateEllipticRgnIndirect
CreateDCA
SetEnhMetaFileBits
GetLogColorSpaceW

comdlg32

ChooseColorA
FindTextA

user32

RegisterDeviceNotificationW
EnumPropsA
RegisterDeviceNotificationA
SetLastErrorEx
DefWindowProcW
DdeUninitialize
DrawStateA
KillTimer
GetDesktopWindow
SetClassWord
ShowCaret
DrawMenuBar
ShowWindow
SetRect
MonitorFromWindow
DeleteMenu
DdeDisconnect
RegisterClassA
GetWindowWord
RemovePropA
RegisterClassExA
CreateWindowExW
GetMenuCheckMarkDimensions
GetMenuItemInfoW
GetDlgItemTextW
SendDlgItemMessageW
SetWindowsHookW
SetDoubleClickTime
GetDlgCtrlID
ToAsciiEx
IsClipboardFormatAvailable
AppendMenuW
MapVirtualKeyExW
SetWindowsHookExA
CreateDesktopA
DrawTextA
DialogBoxParamW
GetTopWindow
SubtractRect
LoadKeyboardLayoutA
GetTabbedTextExtentW
DestroyMenu
DestroyWindow
SetCursor
GetMenuItemInfoA
DdeSetUserHandle
CharNextW
MessageBoxA
CharNextExA

shell32

ExtractAssociatedIconExW
SHGetFileInfoW
ExtractAssociatedIconA
SHBrowseForFolderW
ShellExecuteExW

kernel32

CreateDirectoryExA
RtlUnwind
HeapFree
GetThreadSelectorEntry
LocalLock
GetProcAddress
InitializeCriticalSectionAndSpinCount
SetThreadPriority
CreateFileA
LocalFileTimeToFileTime
WriteConsoleA
GetCurrentDirectoryA
UnhandledExceptionFilter
GetCurrentProcessId
EnumDateFormatsA
CreateWaitableTimerW
GetDateFormatA
CreateDirectoryW
FreeEnvironmentStringsW
EnterCriticalSection
GetConsoleCP
WriteFile
GetPrivateProfileStructW
GetConsoleOutputCP
GetLocaleInfoW
FindAtomW
VirtualAlloc
WriteConsoleW
ReadConsoleOutputA
TlsGetValue
EnumResourceLanguagesA
SetEnvironmentVariableA
FoldStringW
GetFullPathNameW
GetStartupInfoA
FileTimeToLocalFileTime
IsValidCodePage
MultiByteToWideChar
CreateNamedPipeW
EnumCalendarInfoExW
GetExitCodeThread
EnumSystemCodePagesW
TlsAlloc
FreeLibrary
SetConsoleCP
GetFileType
InterlockedDecrement
GetNumberFormatW
HeapAlloc
GetExitCodeProcess
InitializeCriticalSection
LCMapStringW
FindFirstFileW
GetTimeFormatA
EnumTimeFormatsW
TerminateProcess
GetModuleFileNameW
GetTempFileNameW
GetLocaleInfoA
lstrcpyW
LoadLibraryExW
SetLastError
SetHandleCount
TlsFree
GetStartupInfoW
GetVolumeInformationW
SetFilePointer
GetStringTypeA
FindResourceA
LocalFree
ExitProcess
ExpandEnvironmentStringsA
InterlockedExchange
SetUnhandledExceptionFilter
CreateRemoteThread
GetACP
GetProfileStringW
SetConsoleCursorPosition
HeapCreate
DeleteCriticalSection
ReadConsoleOutputCharacterA
GetTickCount
VirtualFree
ReadFile
VirtualLock
FlushConsoleInputBuffer
GetAtomNameW
EnumSystemLocalesA
CloseHandle
GetFileAttributesA
HeapReAlloc
WriteConsoleInputA
GetModuleFileNameA
TlsSetValue
CreateToolhelp32Snapshot
UnlockFile
GetThreadPriorityBoost
GetStringTypeW
FlushFileBuffers
GetModuleHandleA
GlobalReAlloc
ResetEvent
IsDebuggerPresent
HeapDestroy
EnumSystemCodePagesA
GetCurrentThreadId
GetLongPathNameA
GetCommandLineA
GetSystemTimeAsFileTime
SetConsoleTextAttribute
EnumCalendarInfoExA
SetConsoleCtrlHandler
ExpandEnvironmentStringsW
OpenMutexA
GetLogicalDrives
IsValidLocale
AllocConsole
SetStdHandle
WaitNamedPipeA
GlobalFix
FindResourceExW
MoveFileExW
GetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
HeapSize
LeaveCriticalSection
FillConsoleOutputCharacterA
GetLastError
GetNumberFormatA
WritePrivateProfileSectionA
GetModuleHandleW
GetUserDefaultLCID
Sleep
CreateMutexA
CompareStringW
GetTimeZoneInformation
GetCurrentProcess
GetOEMCP
LoadLibraryA
GetConsoleMode
InterlockedIncrement
LCMapStringA
GetFileAttributesExA
GetShortPathNameW
DeleteFiber
GetCommandLineW
GetCurrentThread
WideCharToMultiByte
CompareStringA
CopyFileA
GetCPInfo
VirtualQuery
SetConsoleScreenBufferSize

comctl32

ImageList_Add
ImageList_Duplicate
ImageList_GetIconSize
ImageList_Write
ImageList_SetFlags
CreateStatusWindowA
InitCommonControlsEx
ImageList_GetImageRect
ImageList_SetFilter
InitMUILanguage
CreatePropertySheetPageA

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e022b14ace62edbdca240aa36f0cb0b5

Headers

File Characteristics

PDB Paths

Imports

gdi32

comdlg32

user32

shell32

kernel32

comctl32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 100KB - Virtual size: 127KB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 100KB - Virtual size: 127KB

.rsrc
Size: 24KB - Virtual size: 22KB