f3025c0aaeb6325e1ded42ae5f79a3616768140f5ee326e16cc9bfe18026bb48[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f3025c0aaeb6325e1ded42ae5f79a3616768140f5ee326e16cc9bfe18026bb48.exe
Size

256KB
MD5

4c7f3bb479587b22bbd2e964aca1ab50
SHA1

6424044d237688b9e9de516de06f605ed9dfd21c
SHA256

f3025c0aaeb6325e1ded42ae5f79a3616768140f5ee326e16cc9bfe18026bb48
SHA512

32de69bb746589077434f346c04865256fe1a15599e3ed9964f928ebc0853268092417bea2b5d7236240ed5b4d34dd7087e0659cff46400c8c93cea6f1b03339
SSDEEP

6144:+pSkwLJrufeODAS72qOisSZRmICxHK6kNdvllcCH:HkWJrufop6lCHkNH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3025c0aaeb6325e1ded42ae5f79a3616768140f5ee326e16cc9bfe18026bb48.exe

Files

f3025c0aaeb6325e1ded42ae5f79a3616768140f5ee326e16cc9bfe18026bb48.exe
.exe windows:4 windows x86 arch:x86

020ad0bc1d8aa3e902a81fa07ae43381

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString

crypt32

CryptMsgOpenToDecode
CertAddCertificateContextToStore
CryptMsgClose
CertNameToStrA
CertCreateCertificateContext
CryptMemRealloc
CertCloseStore
CertVerifyValidityNesting
CertFreeCertificateContext
CertCompareCertificate
CryptMemFree
CryptMsgGetParam
CertDuplicateCertificateContext
CryptMemAlloc
CryptDecodeObjectEx
CryptMsgControl
CertGetIssuerCertificateFromStore
CertOpenStore
CertFindExtension
CertCompareIntegerBlob
CryptMsgUpdate
CertGetIntendedKeyUsage
CertFreeCertificateChain

kernel32

lstrlenW
GetWindowsDirectoryA
RemoveDirectoryA
HeapSize
MoveFileW
LoadResource
FreeLibrary
GetFileSize
LocalFree
GetSystemTimeAsFileTime
FileTimeToSystemTime
ReadFile
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
FindResourceA
CompareFileTime
LeaveCriticalSection
DeleteCriticalSection
CreateFileW
OpenEventA
LocalAlloc
DeleteFileA
CloseHandle
PulseEvent
HeapDestroy
GetFileAttributesExA
lstrlenA
MoveFileExA
HeapFree
LoadLibraryExA
RaiseException
FindFirstFileA
CreateHardLinkA
WriteFile
DeviceIoControl
SetFilePointer
FindResourceExA
HeapReAlloc
EnterCriticalSection
WideCharToMultiByte
SetEndOfFile
SetFileAttributesW
GetCurrentThreadId
CreateEventA
CopyFileW
FindNextFileA
DeleteFileW
IsDebuggerPresent
CreateDirectoryA
CreateFileA
UnhandledExceptionFilter
DuplicateHandle
FindClose
HeapAlloc
LockResource
CopyFileExA
SetFileAttributesA
SizeofResource
WaitForSingleObject
OpenProcess
GetProcessHeap
GetModuleHandleA
VirtualAllocEx

shell32

SHGetSpecialFolderPathA

user32

CharNextA
wsprintfA
CharPrevA

shlwapi

PathFileExistsW
PathAppendA

advapi32

RegQueryValueExA
RegDeleteValueA
CryptAcquireContextA
TraceEvent
GetTraceLoggerHandle
RegCreateKeyExA
RegEnumValueA
CryptCreateHash
RegSetValueExA
GetTraceEnableFlags
CryptReleaseContext
CryptDestroyHash
RegOpenKeyExA
GetTraceEnableLevel
RegisterTraceGuidsA
CryptHashData
RegDeleteKeyA
CryptGetHashParam
RegCloseKey
UnregisterTraceGuids

certcli

CAOIDCreateNew
CAGetCAFlags
CAFindByName
CAGetCertTypeFlags
CAUpdateCA
CADeleteCA
CACreateNewCA
DllGetClassObject
CAEnumCertTypesForCA
CAAccessCheck

kbdhu

KbdLayerDescriptor

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zVPJ
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iNOYI
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QNimp
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BBZWp
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LcOnp
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aelHe
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WlnYWfY
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ssqsSfY
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

020ad0bc1d8aa3e902a81fa07ae43381

Headers

DLL Characteristics

File Characteristics

Imports

ole32

crypt32

kernel32

shell32

user32

shlwapi

advapi32

certcli

kbdhu

Sections

.text Size: 222KB - Virtual size: 221KB

.zVPJ Size: 2KB - Virtual size: 1KB

.iNOYI Size: 3KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 22KB

.QNimp Size: 3KB - Virtual size: 2KB

.BBZWp Size: 3KB - Virtual size: 3KB

.LcOnp Size: 3KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 145KB

.rsrc Size: 2KB - Virtual size: 2KB

.aelHe Size: 512B - Virtual size: 283B

.WlnYWfY Size: 2KB - Virtual size: 1KB

.ssqsSfY Size: 512B - Virtual size: 303B

.text
Size: 222KB - Virtual size: 221KB

.zVPJ
Size: 2KB - Virtual size: 1KB

.iNOYI
Size: 3KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 22KB

.QNimp
Size: 3KB - Virtual size: 2KB

.BBZWp
Size: 3KB - Virtual size: 3KB

.LcOnp
Size: 3KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 145KB

.rsrc
Size: 2KB - Virtual size: 2KB

.aelHe
Size: 512B - Virtual size: 283B

.WlnYWfY
Size: 2KB - Virtual size: 1KB

.ssqsSfY
Size: 512B - Virtual size: 303B