3a65db7529b01c1447d2b31e62e2bcf537215845dc06a994f6d66df471f822a5

Sharing

Copy URL Twitter E-mail

General

Target

3a65db7529b01c1447d2b31e62e2bcf537215845dc06a994f6d66df471f822a5
Size

1.3MB
MD5

165e23d9f854dc3479c9d0ffdb8709ab
SHA1

605e05032f730488b476cca18f239825971def25
SHA256

3a65db7529b01c1447d2b31e62e2bcf537215845dc06a994f6d66df471f822a5
SHA512

af6fb11775c07db872343207fd18759df93c6c6d0778f2d98e7d9bb70bebd2dd2caa05cbeb4a233c65ee8fbb23d30f0027cb91fcbd9caccc3ddf35b3914959fb
SSDEEP

24576:KKI+lRdjC4gd0l2oxwoiVEcGnDAS+WA6t:P/djC4gd+wEcpG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a65db7529b01c1447d2b31e62e2bcf537215845dc06a994f6d66df471f822a5

Files

3a65db7529b01c1447d2b31e62e2bcf537215845dc06a994f6d66df471f822a5
.exe windows:4 windows x86 arch:x86

a12d1c82746e9f8a8b895bb83b232b74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GlobalAlloc
IsBadWritePtr
ExitProcess
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
CloseHandle
TerminateThread
ResumeThread
SuspendThread
Sleep
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
CreateFileA
QueryDosDeviceA
SetThreadPriority
SetPriorityClass
GetThreadPriority
CreateFileW
GetFileInformationByHandle
GetFileSize
LockFile
LockFileEx
OpenFile
ReadFile
ReadFileEx
SetEndOfFile
SetFilePointer
UnlockFile
UnlockFileEx
WriteFile
WriteFileEx
_hread
_hwrite
_lclose
_lcreat
_llseek
lstrcmpiA
_lread
_lwrite
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
FreeLibrary
CreateFileMappingA
CreateFileMappingW
OpenFileMappingA
OpenFileMappingW
MapViewOfFile
MapViewOfFileEx
UnmapViewOfFile
FlushViewOfFile
GetLastError
SetLastError
IsBadReadPtr
CreateEventA
WaitForSingleObject
SetEvent
GetOverlappedResult
VirtualAlloc
VirtualFree
WideCharToMultiByte
GetFileType
DeleteFileA
DeleteFileW
GetFullPathNameA
DeviceIoControl
GetTempPathA
GetWindowsDirectoryA
GetCommandLineA
GetPriorityClass
lstrcpyA
LoadLibraryA
GlobalFree
GetVersion
GetCurrentProcess
GetCurrentThread
DuplicateHandle
CreateThread
GetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
GetLocalTime
_lopen
GetPrivateProfileIntA
GetPrivateProfileStringA
DefineDosDeviceA
GetSystemDirectoryA
LocalAlloc
lstrcmpA
lstrlenA
LocalFree
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
SetThreadAffinityMask
WaitForMultipleObjects
OpenEventA
ReleaseMutex
CreateMutexA
GetVersionExA
InterlockedExchange
MultiByteToWideChar

user32

GetActiveWindow
wsprintfA
KillTimer
MessageBoxA
GetSystemMetrics

wsock32

getpeername
WSAGetLastError
connect
getsockname
send
closesocket
gethostname
bind
WSAStartup
recv

msvcrt

strncpy
_mbsupr
getenv
atoi
_beginthreadex
atol
sscanf
gmtime
fprintf
_iob
_getpid
toupper
vfprintf
ctime
strncat
strrchr
strchr
strtol
mbtowc
wcslen
_pctype
_isctype
__mb_cur_max
memmove
fread
fgetpos
fseek
realloc
sprintf
mktime
free
strstr
fopen
fclose
_except_handler3
time
srand
rand
exit
malloc
_stricmp

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor
RegOpenKeyA
RegEnumKeyExA
GetUserNameA

Exports

Exports

??0CGradientRender@@QAE@ABV0@@Z
??4CGradientRender@@QAEAAV0@ABV0@@Z
??_7CGradientRender@@6B@

Sections

0000001
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000002
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000003
Size: 96KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

0000005
Size: 68KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000006
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

0000007
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

0000008
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a12d1c82746e9f8a8b895bb83b232b74

Headers

File Characteristics

Imports

kernel32

user32

wsock32

msvcrt

advapi32

Exports

Exports

Sections

0000001 Size: 200KB - Virtual size: 196KB

0000002 Size: 20KB - Virtual size: 18KB

0000003 Size: 96KB - Virtual size: 117KB

.rsrc Size: 752KB - Virtual size: 751KB

0000005 Size: 68KB - Virtual size: 74KB

0000006 Size: 12KB - Virtual size: 11KB

0000007 Size: 180KB - Virtual size: 176KB

0000008 Size: 12KB - Virtual size: 9KB

0000001
Size: 200KB - Virtual size: 196KB

0000002
Size: 20KB - Virtual size: 18KB

0000003
Size: 96KB - Virtual size: 117KB

.rsrc
Size: 752KB - Virtual size: 751KB

0000005
Size: 68KB - Virtual size: 74KB

0000006
Size: 12KB - Virtual size: 11KB

0000007
Size: 180KB - Virtual size: 176KB

0000008
Size: 12KB - Virtual size: 9KB