3bb785d1e64d26d6711313d034e3b241097a361e7cf2d7516bb92511b5f4fc8e

Sharing

Copy URL Twitter E-mail

General

Target

3bb785d1e64d26d6711313d034e3b241097a361e7cf2d7516bb92511b5f4fc8e
Size

15.7MB
MD5

e6125a461dded659dd60673737af698e
SHA1

1b43d41ede17fa52fd435fada1d78920672db4c6
SHA256

3bb785d1e64d26d6711313d034e3b241097a361e7cf2d7516bb92511b5f4fc8e
SHA512

cec376b854598b8887e5e073afa4af4c3eb59919f7f708bf4573ed8487b07a7ab4bf07f016f0771ab40a4be335ab1e403bd6d657dd0e8a4570f1cc3262458c6a
SSDEEP

393216:0zg5Rp6OQEQEoojyowtAEiPQbq0+nGrQG:3jMEQHPxcS0kQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bb785d1e64d26d6711313d034e3b241097a361e7cf2d7516bb92511b5f4fc8e

Files

3bb785d1e64d26d6711313d034e3b241097a361e7cf2d7516bb92511b5f4fc8e
.exe windows:6 windows x64 arch:x64

e384a5febcd30761f1ab5b55df8e191b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

ws2_32

getsockopt

crypt32

CertFindExtension

wldap32

ord217

normaliz

IdnToUnicode

kernel32

SetStdHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostQuitMessage

gdi32

GetDeviceCaps

advapi32

CryptEncrypt

winhttp

WinHttpReceiveResponse

bcrypt

BCryptGenRandom

imm32

ImmSetCompositionWindow

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.;<7
Size: - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.];<
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1!e
Size: 15.6MB - Virtual size: 15.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e384a5febcd30761f1ab5b55df8e191b

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

advapi32

winhttp

bcrypt

imm32

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 299KB

.data Size: - Virtual size: 285KB

.pdata Size: - Virtual size: 50KB

_RDATA Size: - Virtual size: 244B

.;<7 Size: - Virtual size: 5.6MB

.];< Size: 4KB - Virtual size: 4KB

.1!e Size: 15.6MB - Virtual size: 15.6MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 31KB - Virtual size: 7.8MB

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 299KB

.data
Size: - Virtual size: 285KB

.pdata
Size: - Virtual size: 50KB

_RDATA
Size: - Virtual size: 244B

.;<7
Size: - Virtual size: 5.6MB

.];<
Size: 4KB - Virtual size: 4KB

.1!e
Size: 15.6MB - Virtual size: 15.6MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 31KB - Virtual size: 7.8MB