b3448671b078cd6223384850e680451ab257f7a2bb1ffbfba4a760d79e868af6[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b3448671b078cd6223384850e680451ab257f7a2bb1ffbfba4a760d79e868af6.exe
Size

308KB
MD5

e4577c711455ccfd4ec4c0a02d23340f
SHA1

b0f4b0c36ec324246d3b815ee94f5e2e9f8102f4
SHA256

b3448671b078cd6223384850e680451ab257f7a2bb1ffbfba4a760d79e868af6
SHA512

8266f05cd3f261554a5fd70e5434279ed690454e4dd473ab7f8a02f058450f753cf6366db35bced2e263e2d5054fd820f7aff672add862d688b9ef0dd19cf5d3
SSDEEP

6144:e6QlFKuIXrznO2I0Xrp55ttpbYa06T/60nGAkPj2sK+C2pcZ70b/9p91H1nsm7Po:eVTAHvVe9P1od

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3448671b078cd6223384850e680451ab257f7a2bb1ffbfba4a760d79e868af6.exe

Files

b3448671b078cd6223384850e680451ab257f7a2bb1ffbfba4a760d79e868af6.exe
.dll regsvr32 windows:4 windows x86 arch:x86

56cbfc6e29311edd86a371dbb3cf8ffc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

PropertySheetA

kernel32

HeapDestroy
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
lstrcpyA
FreeEnvironmentStringsA
IsDBCSLeadByte
lstrcmpiA
TerminateProcess
SetEndOfFile
GetStartupInfoA
GetStdHandle
SetHandleCount
SetStdHandle
GetProcAddress
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
IsBadWritePtr
VirtualAlloc
ExitProcess
VirtualFree
HeapCreate
GetVersion
GetCommandLineA
HeapReAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
CreateFileA
GetFileType
SetFilePointer
CloseHandle
ReadFile
RtlUnwind
HeapAlloc
HeapFree
FindFirstFileA
FindNextFileA
GetLastError
FindClose
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
WideCharToMultiByte
lstrlenW
lstrlenA
lstrcpynA
lstrcmpA
MultiByteToWideChar
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
GetCurrentProcess
FlushInstructionCache
LoadLibraryA
FreeEnvironmentStringsW

shell32

SHGetMalloc
SHGetFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA

gdiplus

GdipDeleteBrush
GdipCreateBitmapFromFileICM
GdipGetImageWidth
GdipGetImageHeight
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDrawImageI
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipCloneBrush
GdiplusStartup
GdipAlloc
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipFillRectangleI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipFree

ddraw

DirectDrawCreate

winmm

timeGetTime

user32

IsDlgButtonChecked
EndDialog
LoadStringA
wsprintfW
CharNextA
GetWindowRect
DialogBoxParamA
GetForegroundWindow
GetDesktopWindow
CallWindowProcA
UnhookWindowsHookEx
DestroyWindow
PostMessageA
SetCursor
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
IsWindowUnicode
SetWindowsHookExA
UpdateWindow
DefWindowProcA
GetAsyncKeyState
CallNextHookEx
GetFocus
GetWindowLongA
wsprintfA
GetDlgItem
RegisterWindowMessageA
GetClientRect
GetDC
ReleaseDC
SetWindowLongA
SendMessageA
ShowWindow
CheckDlgButton

gdi32

SetTextColor
SetTextAlign
TextOutA
StretchDIBits
GetDeviceCaps
SetBkColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateDIBitmap

comdlg32

ChooseColorA

advapi32

RegCreateKeyExA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysAllocString
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

56cbfc6e29311edd86a371dbb3cf8ffc

Headers

File Characteristics

Imports

comctl32

kernel32

shell32

gdiplus

ddraw

winmm

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 194KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 10KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 196KB - Virtual size: 194KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 10KB

.rmnet
Size: 60KB - Virtual size: 60KB