036db16ab5e384e279425b098abb04cfac5f12c39b5680ddb140411c236531c3

Sharing

Copy URL Twitter E-mail

General

Target

036db16ab5e384e279425b098abb04cfac5f12c39b5680ddb140411c236531c3
Size

350KB
MD5

2bbadc442c7d3b7aa5d0e629ddaabc91
SHA1

9d143fe0e248cec3f431d1789189c8dc94170d81
SHA256

036db16ab5e384e279425b098abb04cfac5f12c39b5680ddb140411c236531c3
SHA512

be0146f08cf1b0c06670890016dd0a623c05f14320992bb65039e3535e0eb4dec86b540cab957acd98e5a2dd27687d79335cbbd5524fb2bdf9c5081738ae7ace
SSDEEP

6144:aQ6IHzBzKii+jEJAhMlvLVkSmCI9w154X2VjlMRRINviZes+ETCSb+xk8UIYMnnq:aQ6IHzBzKii+jEJAhMlvLVI9w1502Vj4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
036db16ab5e384e279425b098abb04cfac5f12c39b5680ddb140411c236531c3

Files

036db16ab5e384e279425b098abb04cfac5f12c39b5680ddb140411c236531c3
.exe windows:5 windows x86 arch:x86

bc3f916b32ef2c35b7c8c15d7cb4ad1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
LocalFree
DosDateTimeToFileTime
HeapFree
GetConsoleCP
GetStringTypeW
lstrcmpW
GlobalSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
FileTimeToSystemTime
lstrcpyA
GetTimeFormatW
GetFileType
FileTimeToLocalFileTime
GetUserDefaultLCID
EnterCriticalSection
GlobalUnlock
QueryPerformanceFrequency
HeapCreate
GetCommandLineW
GetFullPathNameA
IsValidCodePage
GetComputerNameA
GlobalFree
FatalAppExitA
GetCurrentDirectoryA
GetCPInfo
LCMapStringW
GetCurrentThread
Sleep
FindAtomA
DefineDosDeviceW
DecodeSystemPointer
GetCurrentProcessId
GetProcessId
IsDebuggerPresent
FindFirstFileW
SetLastError
CreateMutexW
GlobalDeleteAtom
GetLastError
FindResourceA
HeapSize
GetLocaleInfoA
RtlUnwind
HeapReAlloc
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
FreeLibrary
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualFree
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
SetUnhandledExceptionFilter
WideCharToMultiByte
DebugBreak
RaiseException
EnumSystemLocalesA
GetFileSize
GlobalAlloc
MultiByteToWideChar
LocalUnlock
FormatMessageW
GetFileInformationByHandle
lstrcpyW
GetStartupInfoA
GetCommandLineA
LoadResource
GlobalMemoryStatus
InitializeCriticalSection
LCMapStringA
IsValidLocale
LockResource
SizeofResource
VirtualAlloc
RtlMoveMemory
GetModuleHandleA
LoadLibraryA
GetStringTypeA
GetProcAddress

user32

LoadCursorA
FindWindowA
IsClipboardFormatAvailable
UpdateWindow
GetSysColor
GetClipboardFormatNameW
GetWindowWord
SetWinEventHook
DestroyWindow
CloseClipboard
UnpackDDElParam
GetClassLongA
DefWindowProcW
MessageBoxA
CheckMenuRadioItem
DialogBoxIndirectParamA
ReleaseDC
DeleteMenu
MapWindowPoints
GetSystemMenu
DispatchMessageW
IsZoomed
EndDialog
LoadIconW
CheckRadioButton
AttachThreadInput
OffsetRect
IsDialogMessageA
InflateRect
RegisterWindowMessageW
ChildWindowFromPoint
InvalidateRect
GetDesktopWindow
LoadCursorW
GetSubMenu
PeekMessageA
HideCaret
DefWindowProcA
DrawFocusRect
GetWindowThreadProcessId
RegisterWindowMessageA
RegisterClassA
OpenClipboard
AppendMenuA
LoadAcceleratorsA
GetDC
GetMessageW
GetKeyboardLayout
EndPaint
GetDlgItemTextW
GetClipboardData

gdi32

SetDIBits
ExtTextOutA
GetTextMetricsA
GetObjectA
CreateCompatibleBitmap
EndPage
GetDeviceCaps
SetBkColor

winspool.drv

OpenPrinterW
GetPrinterDriverW

comdlg32

ReplaceTextW
PageSetupDlgW
ChooseColorA

advapi32

PrivilegeCheck
QueryServiceStatus
CloseServiceHandle
RegDeleteValueA
RegCreateKeyA
OpenSCManagerA
RegDeleteKeyA
RegOpenKeyW

shell32

DragQueryFileW

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc3f916b32ef2c35b7c8c15d7cb4ad1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 28KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 237KB - Virtual size: 237KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 28KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 237KB - Virtual size: 237KB

.reloc
Size: 8KB - Virtual size: 8KB