3d867a33c4127ca8cdcd73b30eefadd006ec26e50a0a7664d140131b773ca876

Sharing

Copy URL Twitter E-mail

General

Target

3d867a33c4127ca8cdcd73b30eefadd006ec26e50a0a7664d140131b773ca876
Size

1.8MB
MD5

e5551ff6dfa92f106322c805fa06b720
SHA1

16db2b13e8cc47e69584c47c8a39433743ad05c5
SHA256

3d867a33c4127ca8cdcd73b30eefadd006ec26e50a0a7664d140131b773ca876
SHA512

cb01370813d864a8019da77c5de2103be5a5d97a63b56ec955aafae04fddb03334c248b16e1132f9ac8115581e584dcd43a0d439231c2eb4895c548d3aa91b52
SSDEEP

49152:P719hrW3IlPREvJ3DMXaWUN0c7h9CfPt4:j19VMwyFDeaWUNp7h9CfPt4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d867a33c4127ca8cdcd73b30eefadd006ec26e50a0a7664d140131b773ca876

Files

3d867a33c4127ca8cdcd73b30eefadd006ec26e50a0a7664d140131b773ca876
.exe windows:5 windows x86 arch:x86

65bc5df95a7715d73c86434fb60f510f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setupldr_lzmaS.pdb

Imports

kernel32

CloseHandle
GetFileSize
CreateFileW
GetModuleFileNameW
GetModuleHandleA
GetUserDefaultLangID
OpenMutexW
ExitProcess
Sleep
SetFileTime
GetLastError
MultiByteToWideChar
LoadLibraryW
CreateDirectoryW
GetNativeSystemInfo
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
ExpandEnvironmentStringsW
DeleteFileW
MoveFileW
MoveFileExW
WriteFile
LocalAlloc
SetFilePointer
ReadFile
LocalFree
GetVersionExW
GetFileAttributesW

user32

TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
ShowWindow
wvsprintfW
DispatchMessageW
DialogBoxParamW
GetDlgCtrlID
EndDialog
InvalidateRect
LoadCursorW
SetCursor
SetTimer
KillTimer
FindWindowW
MessageBoxW
IsDlgButtonChecked
GetSystemMenu
EnableMenuItem
SetWindowTextW
GetWindowRect
InflateRect
ScreenToClient
CreateWindowExW
SetWindowTextA
GetDlgItemTextW
SendMessageW
SetFocus
GetDlgItem
wsprintfW
EnableWindow
CheckDlgButton
SetDlgItemTextW
LoadIconW

gdi32

SetBkMode
GetStockObject
CreateFontW

comctl32

ord17

advapi32

RegCreateKeyExA
RegSetValueExW
RegOpenKeyExA
RegQueryValueExW
RegCloseKey

shell32

SHChangeNotify
SHGetMalloc
ShellExecuteW
ord680
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHBrowseForFolderW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

shlwapi

wvnsprintfW
PathRemoveBlanksW
SHAutoComplete
ord176

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65bc5df95a7715d73c86434fb60f510f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comctl32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 540B

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 540B

.rsrc
Size: 6KB - Virtual size: 6KB