e3b72c65063222c41495730fb229eeb370a4f3f24b643b62b6485f69f12ea4b9

Sharing

Copy URL

Twitter E-mail

General

Target

e3b72c65063222c41495730fb229eeb370a4f3f24b643b62b6485f69f12ea4b9
Size

296KB
MD5

e2131104063ecf32879deb8ff42b6005
SHA1

dcc5beb134965750d4692b52192daafbcd4d7225
SHA256

e3b72c65063222c41495730fb229eeb370a4f3f24b643b62b6485f69f12ea4b9
SHA512

b9254cee74b0f0cf1ac41b06a141dd14a3c08a00ab937fc422c04f3d60a9787933cc8a300b72f795e086e233fb80a28fcb304fad8fb1f77303507200009e4529
SSDEEP

6144:DdqBhbWCuFpyq5SXyajPg7r5gGJ5OljuCGqeU:QBhC1FcoajMGg1G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e3b72c65063222c41495730fb229eeb370a4f3f24b643b62b6485f69f12ea4b9

Files

e3b72c65063222c41495730fb229eeb370a4f3f24b643b62b6485f69f12ea4b9
.dll windows:4 windows x86 arch:x86

98bd347be99c6ea9d34c4596ddd7ed77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle

ws2_32

WSACleanup
inet_addr
WSAStartup

kernel32

FindResourceExW
GetLastError
MultiByteToWideChar
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
CloseHandle
CreateMutexW
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
SetLastError
GetThreadLocale
GlobalHandle
lstrlenA
LoadLibraryW
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
LCMapStringW
WideCharToMultiByte
LCMapStringA
FindResourceW
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
HeapCreate
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
RaiseException
lstrlenW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
TlsFree
GetConsoleCP
GetConsoleMode

user32

SetDlgItemTextW
EndDialog
SetWindowContextHelpId
EnableMenuItem
SendDlgItemMessageW
EnableWindow
LoadBitmapW
UnregisterClassA
GetSystemMenu
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DestroyAcceleratorTable
IsWindow
SetFocus
GetFocus
GetWindow
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
DefWindowProcW
LoadImageW
SetWindowTextW
SendMessageW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
CharNextW
GetWindowLongW
SetWindowLongW
MapDialogRect

gdi32

CreateBrushIndirect
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetDeviceCaps
CreateSolidBrush

advapi32

RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
SysAllocStringLen

shlwapi

SHGetValueW

Exports

Exports

AbortWarn
ActivateSetup
CheckBaiduIntranet
CheckRun
CleanUpPendingOperation
GetOriginalTn
GetTn
GetTnInfo
IsOldVersion
Report
SelectFordDialog
SetControlImage
SetLicense

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

98bd347be99c6ea9d34c4596ddd7ed77

Headers

File Characteristics

Imports

version

iphlpapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 16KB - Virtual size: 12KB

.text Size: 104KB - Virtual size: 104KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 104KB - Virtual size: 104KB