3c4265979e718a831c9bde31205f4a28d367d59d36343dd1287986984f58eaf8

Sharing

Copy URL

Twitter E-mail

General

Target

3c4265979e718a831c9bde31205f4a28d367d59d36343dd1287986984f58eaf8
Size

1.7MB
MD5

554a16654c397ae3bb69b47dc635dd0e
SHA1

6b30a8ada99b5403c73e72fd6ec82e3a75d11b26
SHA256

3c4265979e718a831c9bde31205f4a28d367d59d36343dd1287986984f58eaf8
SHA512

e502cd3c231359d4c9bf47aa3a870bb8e64033a626178a5da918384364b6f5a64be02aaa0fe8c2299eae0e33424ff2bcd059dce29c6c98da6f865f084c62ab67
SSDEEP

49152:66Qrla1KL6ST1cuf06IochANikxBQKDmg27RnWGj:66QrF6M3f0TochAMqBDD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3c4265979e718a831c9bde31205f4a28d367d59d36343dd1287986984f58eaf8

Files

3c4265979e718a831c9bde31205f4a28d367d59d36343dd1287986984f58eaf8
.exe windows:5 windows x86 arch:x86

1de052b6f5f61e92a7bbc02c28a8de08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

ReadFile
SetFilePointerEx
CloseHandle
CreateDirectoryW
SizeofResource
lstrlenW
RemoveDirectoryW
GetTempPathW
FormatMessageW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
LocalFree
VerSetConditionMask
CopyFileW
VerifyVersionInfoW
GetTempFileNameW
lstrcmpiW
UnmapViewOfFile
MapViewOfFile
VirtualQuery
SetFilePointer
WaitForSingleObject
CreateProcessW
GetExitCodeProcess
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetConsoleMode
WriteConsoleW
GlobalUnlock
GlobalLock
CreateFileMappingW
CreateFileW
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
lstrcpynW
GetNativeSystemInfo
GetThreadLocale
lstrcmpA
GetStringTypeExA
GlobalAlloc
GlobalFree
GetFileSize
GetSystemInfo
VirtualAlloc
VirtualProtect
DecodePointer
GetVersionExW
GetSystemDirectoryW
MoveFileExW
GetFileAttributesExW
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
OutputDebugStringW
GetCurrentThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentVariableW
ReleaseMutex
GetTickCount
TryEnterCriticalSection
InitializeCriticalSection
CreateMutexW
Sleep
GetPrivateProfileIntW
OutputDebugStringA
GetFileInformationByHandle
GetLocalTime
lstrcmpW

shlwapi

PathCanonicalizeW
UrlIsW
PathStripPathW
PathRemoveExtensionW
PathCreateFromUrlW
PathAppendW
PathQuoteSpacesW
PathFindFileNameW
SHQueryValueExW
PathRemoveFileSpecW

advapi32

TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
SystemFunction036
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetAce
EqualSid
GetSecurityDescriptorGroup
GetSidSubAuthority
GetSidLengthRequired
SetNamedSecurityInfoW
GetSecurityDescriptorControl
InitializeSid
GetSecurityDescriptorOwner
AddAce
OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
CopySid
IsValidSid
ConvertSidToStringSidW
GetLengthSid
GetTokenInformation
OpenThreadToken
RegOpenCurrentUser
RegCloseKey
RegCreateKeyExW
RegSetValueExW

ole32

CoInitializeEx
CoUninitialize
IIDFromString
StringFromGUID2
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringByteLen

shell32

CommandLineToArgvW
ord680
SHGetFolderPathW

user32

CharLowerBuffA
CharUpperBuffW
CharLowerBuffW
MessageBoxW
CharNextA
OpenClipboard
wvsprintfW
CloseClipboard
wsprintfW
CharUpperW
CharLowerW
SetClipboardData
EmptyClipboard

iphlpapi

GetIfTable

userenv

UnloadUserProfile

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetApiBufferFree
NetGetJoinInformation

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 941KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1de052b6f5f61e92a7bbc02c28a8de08

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

advapi32

ole32

oleaut32

shell32

user32

iphlpapi

userenv

crypt32

netapi32

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 941KB - Virtual size: 940KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 941KB - Virtual size: 940KB

.reloc
Size: 576KB - Virtual size: 580KB