3de5fee0ac1030db9971b1c1d3d0297e685bff27c613ac9a73e1d9ed6aa4cebb

Sharing

Copy URL

Twitter E-mail

General

Target

3de5fee0ac1030db9971b1c1d3d0297e685bff27c613ac9a73e1d9ed6aa4cebb
Size

713KB
MD5

1eec5c895dd3b19a907902c7fe6aedcb
SHA1

80d126be78b084ccdc020d4ecba5ce10b75a939e
SHA256

3de5fee0ac1030db9971b1c1d3d0297e685bff27c613ac9a73e1d9ed6aa4cebb
SHA512

6acce48f4cde0d50459c6c51b8f2f81fbd3c31691455478a7abc77ab3b07f644fbda302ded75e81cf58f277ec440ba953c9e9a4daafd628b60add8c8b0abbca9
SSDEEP

12288:rgw5ulv1AtcY8vwmCDA1viqRnQC36VslnyBD4wxoKAxdK:rghlv1AtcYDmEA1viAgVewx3AxU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3de5fee0ac1030db9971b1c1d3d0297e685bff27c613ac9a73e1d9ed6aa4cebb

Files

3de5fee0ac1030db9971b1c1d3d0297e685bff27c613ac9a73e1d9ed6aa4cebb
.exe windows:6 windows x86 arch:x86

2b99bd8ba4e250bc88271c196822ace9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsA
GetDiskFreeSpaceExA
lstrcmpA
VirtualFree
RtlZeroMemory
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
lstrlenW
lstrcmpW
lstrcmpiW
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateTimerQueue
GetSystemTimeAsFileTime
GetLocalTime
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
HeapReAlloc
ExitProcess
GetModuleHandleA
IsBadReadPtr
GetModuleFileNameA
CreateDirectoryA
DeleteFileA
CreateProcessA
GetStartupInfoA
GetUserDefaultLCID
Sleep
WriteFile
SetFilePointer
GetFileSize
GetPrivateProfileStringA
GetTickCount
WritePrivateProfileStringA
FindClose
FindFirstFileA
FindNextFileA
CopyFileA
SetFileAttributesA
RemoveDirectoryA
FreeLibrary
GetProcAddress
Process32First
LCMapStringA
CreateFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
SetFilePointerEx
lstrcpynA
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileType
DecodePointer
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
RaiseException
CreateToolhelp32Snapshot
WideCharToMultiByte
lstrlenA
GetCurrentThreadId
LocalSize
GetModuleHandleW
MultiByteToWideChar
HeapAlloc
GetLastError
ReadFile
CloseHandle
GetFileSizeEx
CreateFileA
CreateThread
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetTimeFormatA
GetDateFormatA
HeapFree
GetProcessHeap
RtlUnwind
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
OpenProcess
Module32First
LCMapStringW
Process32Next
RtlMoveMemory
VirtualAlloc
LoadLibraryA
WriteConsoleW

user32

ShowWindow
RegisterClassExW
LoadCursorW
DefWindowProcW
SystemParametersInfoW
LoadIconW
CreateWindowExW
UpdateLayeredWindow
SetWindowsHookExW
TranslateMessage
DispatchMessageW
CallNextHookEx
MapVirtualKeyA
GetMessageW
CallWindowProcW
BeginPaint
GetClientRect
IntersectRect
EndPaint
GetFocus
SetFocus
SetCapture
ReleaseCapture
ScreenToClient
IsRectEmpty
IsZoomed
PtInRect
MessageBeep
MessageBoxA
wsprintfA
wvsprintfA
RemovePropA
InvalidateRect
ReleaseDC
GetDC
OffsetRect
GetWindowRect
DefWindowProcA
GetPropA
SetPropA
SetWindowLongW
GetWindowLongW
IsWindow

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
GetCurrentObject
BitBlt

advapi32

CryptHashData
CryptDestroyHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptCreateHash

ole32

CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize

oleaut32

SafeArrayAllocDescriptor
SafeArrayAllocData
RegisterTypeLi
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
SafeArrayGetDim
VariantTimeToSystemTime
SysAllocString
SysFreeString
SafeArrayCreate
SafeArrayDestroy
VariantClear
VariantCopy
VariantChangeType
VarR8FromCy
VarR8FromBool
LHashValOfNameSys
LoadTypeLi

ws2_32

WSAStartup
WSAGetLastError
WSACleanup

gdiplus

GdipCreateFromHDC
GdiplusStartup
GdipLoadImageFromStream
GdipDrawImageRect
GdipDisposeImage
GdiplusShutdown
GdipGetImageDimension
GdipDeleteGraphics

ntdll

RtlComputeCrc32
NtQueryInformationProcess
NtQuerySystemInformation
RtlGetCompressionWorkSpaceSize
RtlCompressBuffer
RtlDecompressBuffer

shlwapi

PathRemoveBackslashA
PathFileExistsA
StrToIntW
StrToIntExW
PathFindFileNameA
PathRemoveFileSpecA

shell32

ShellExecuteA

comdlg32

GetOpenFileNameW
GetSaveFileNameA

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow

Sections

.text
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b99bd8ba4e250bc88271c196822ace9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

gdiplus

ntdll

shlwapi

shell32

comdlg32

imm32

Sections

.text Size: 571KB - Virtual size: 571KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 53KB - Virtual size: 104KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 571KB - Virtual size: 571KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 53KB - Virtual size: 104KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 21KB - Virtual size: 21KB