dc3cfc295917a29b83ed2bfacec49b7a3f25388971ffd3e4634ece8359176b66

Sharing

Copy URL Twitter E-mail

General

Target

dc3cfc295917a29b83ed2bfacec49b7a3f25388971ffd3e4634ece8359176b66
Size

4.0MB
MD5

90dfa9c8a64cf00c90ffdaf549e33e85
SHA1

101ba0f550c20cc5300417afe84ec798a269956e
SHA256

dc3cfc295917a29b83ed2bfacec49b7a3f25388971ffd3e4634ece8359176b66
SHA512

becdd498e7c8174600d6f0401ce14141089f154b1d4d18a32b80eaa6702e1484a20c1f92c94a95f43738f2978aead1cf1d1271cfc84edaaa4966a19a501ed8e5
SSDEEP

768:4tbCIcrQQrLi1iBVClqz4l+3OPYtAAmLfdf9ewIJdf5Oz3zOVQO2TH7CxDTQrAyr:uCLrNY2gPTLfNpIfSLCxnQrAy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc3cfc295917a29b83ed2bfacec49b7a3f25388971ffd3e4634ece8359176b66

Files

dc3cfc295917a29b83ed2bfacec49b7a3f25388971ffd3e4634ece8359176b66
.exe windows:6 windows x64 arch:x64

51bce1494ac7bfd096d9b4ad01ebcc9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReleaseSRWLockShared
AcquireSRWLockShared
Sleep
GetCurrentProcessId
GetCurrentThreadId
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
VirtualAlloc
VirtualQuery
QueryPerformanceCounter
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
ReadFile
GetFileSizeEx
GetModuleHandleA
GetFileAttributesA
CreateFileA
GetModuleHandleExW
ExitProcess
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
SetLastError
AreFileApisANSI
GetFileAttributesW

user32

SetWindowTextA
GetWindowTextA
LoadCursorA
DispatchMessageA
GetMessageA
TranslateMessage
LoadIconA
MessageBoxA
UpdateWindow
DefWindowProcA
RegisterClassExA
PostQuitMessage
DestroyWindow
CreateWindowExA

msvcrt

_callnewh
_set_fmode
free
strcpy_s
__pctype_func
tolower
_errno
wcsnlen
strnlen
strtol
wctomb_s
__getmainargs
_msize
_XcptFilter
__set_app_type
_ismbblead
_acmdln
_initterm
?_set_new_mode@@YAHH@Z
_commode
?terminate@@YAXXZ
___lc_codepage_func
ceil
log10
realloc
_clearfp
__C_specific_handler
_CxxThrowException
__CxxFrameHandler3
memset
memmove
memcpy
_initterm_e
malloc
_amsg_exit
atof
strrchr

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51bce1494ac7bfd096d9b4ad01ebcc9c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.gehcont Size: 512B - Virtual size: 4B

.reloc Size: 512B - Virtual size: 320B

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.gehcont
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 320B

.rsrc
Size: 1KB - Virtual size: 4KB