3b8415f83bedf593ba5b3658b783d810N

Sharing

Copy URL Twitter E-mail

General

Target

3b8415f83bedf593ba5b3658b783d810N
Size

64KB
MD5

3b8415f83bedf593ba5b3658b783d810
SHA1

8a55ae996a78ca8985f245d3badee028b623413f
SHA256

2477c16e439977d342f9dcc877b16fd1a10ebaecd919f9df521c8d3f22083e24
SHA512

80e6a993940fb3a6e2145c7e8aae7d0ce105fb00ebc82a4f0c4bbe3ac053366d8c2c9789afd0e7cd5f1e0bfd6aff815db9dba3c89b998d35bb1c00c348d8203c
SSDEEP

768:NurGp/IoIYcB4EKUR04eOFXmh/ADjQjw9/hbpkhOEcTaQI4MXbLgvOeyJ:NnIoIk4DAh/Ah//HTNIpQT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b8415f83bedf593ba5b3658b783d810N

Files

3b8415f83bedf593ba5b3658b783d810N
.dll windows:5 windows x86 arch:x86

a2055f542f06d4ba210f13193d82c9ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ExitProcess
Sleep
GetVersion
CreateProcessA
CloseHandle
WriteFile
CreateFileA
lstrcpynA
CreateEventA
GetVersionExA
lstrcmpA
VirtualAlloc
VirtualFree
lstrcmpiA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetSystemTime
MoveFileA
GetCurrentThreadId
WritePrivateProfileStringA
GetWindowsDirectoryA
MoveFileExA
GetTempPathA
CreateMutexA
GetTickCount
GetLocaleInfoA
GetVolumeInformationA
SetEvent
GetFileSize
SystemTimeToFileTime
GetProcessHeap
HeapFree
ReadFile
HeapAlloc
GetTempFileNameA
DeleteFileA
GlobalAlloc
VirtualQueryEx
GetThreadContext
GlobalFree
TerminateProcess
ResumeThread
RtlUnwind
VirtualQuery
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
OpenProcess
lstrcpyA
lstrcatA
FindAtomA
GetModuleHandleA
lstrlenA
GetProcAddress
GetLastError
RaiseException
ReleaseMutex
GetModuleFileNameA

user32

CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DefWindowProcA
GetWindowTextA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
MessageBoxA
GetMessageA
SetWindowsHookExA
PostMessageA
InflateRect
FindWindowExA
GetWindowThreadProcessId
GetCursorPos
wsprintfA
GetFocus
EqualRect
IsWindowVisible
ClientToScreen
TranslateMessage
DispatchMessageA
CallNextHookEx
FindWindowA

advapi32

RegCloseKey
RegDeleteValueA
RegEnumValueA
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
OpenProcessToken
CreateProcessAsUserA
RegCreateKeyExA

shlwapi

SHDeleteValueA
SHGetValueA
SHSetValueA
SHDeleteKeyA

Exports

Exports

MQdivjUf
NthKcgvfXzN
eEgmVyOXfzh
lPHRdWaRkk
lSxGDMcpZeR

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2055f542f06d4ba210f13193d82c9ca

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 13KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 3KB