c3ee0589eb3d630f126eb54ce57bf5fa507b500d5d8919028c4d5b8912e3f58d

Sharing

Copy URL

Twitter E-mail

General

Target

c3ee0589eb3d630f126eb54ce57bf5fa507b500d5d8919028c4d5b8912e3f58d
Size

202KB
MD5

aae9860717df859693998dd04ae7fb9c
SHA1

71600fb9ae2cbe0c668965088e31897a5f93cb97
SHA256

c3ee0589eb3d630f126eb54ce57bf5fa507b500d5d8919028c4d5b8912e3f58d
SHA512

bff9cb3f0e238f4b470a3edc3ad0fe53cac5d8357aedbfbfc4edbf8253c6f8dd5aede48d2b834786af6916c0c4fc0638c1516f522cb2ad4354c4d1ea0d1b5c1f
SSDEEP

3072:08nh2Hrp3Tlp+soN3BY2ZBHetwcyf1w5DYRZPQaQrhu8ihDNugrBVgc8gbmT2Pcs:lnw9lEs3hhyaubQTkhbrBVL8gbmT2Pcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3ee0589eb3d630f126eb54ce57bf5fa507b500d5d8919028c4d5b8912e3f58d

Files

c3ee0589eb3d630f126eb54ce57bf5fa507b500d5d8919028c4d5b8912e3f58d
.exe windows:3 windows x86 arch:x86

19369dbaf9a929d28a39d7c43e1ec6f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreA
CloseHandle
GetModuleHandleA
GetTempFileNameA
lstrcmpW
GetComputerNameA
EnumDateFormatsA
GetWindowsDirectoryW
lstrcmp
EnumDateFormatsW
OpenEventA
TlsAlloc
GetVolumeInformationA
GetDateFormatA
DeleteAtom
CreateThread
GetSystemDirectoryA
GetNumberFormatW
GetCurrentDirectoryA
CompareStringW
CreateDirectoryW
SetLocaleInfoA
RemoveDirectoryW
CreateMutexA
GetFileType
FileTimeToDosDateTime
CreateEventW
GetLogicalDriveStringsW
GetLocaleInfoA
LoadLibraryA
GetDateFormatW
GetCalendarInfoW
GetProcAddress
CreatePipe
FindResourceW
lstrcmpi
ExitProcess
EnumTimeFormatsW
GetSystemDefaultLCID
IsBadStringPtrA
CreateMutexW
CompareFileTime
EndUpdateResourceA
lstrcpyA

user32

CopyImage
EnumDesktopsA
MessageBoxIndirectA
CharUpperA
RegisterClassExA
GetParent
UpdateLayeredWindow
MonitorFromPoint
MessageBoxIndirectW
DefFrameProcA
GetWindowTextLengthA
GetWindowTextW
DefFrameProcW
DestroyIcon
CreateDesktopA
AnimateWindow
FillRect
EnableMenuItem
GetClassNameA
SetCursor
GetClassInfoExW
DialogBoxIndirectParamW
IsWindow
MoveWindow
InvalidateRect
IsDlgButtonChecked
CascadeWindows
PostQuitMessage
GetCapture
LoadBitmapA
mouse_event
SetWindowTextA
GetCursorPos
GetDC
GetMenuStringA
GetScrollPos
ChildWindowFromPoint
CloseWindow
GetMenu
EnumClipboardFormats
GetSystemMetrics
DialogBoxParamA
CharPrevA

gdi32

CreateDCW
GetWorldTransform
GetEnhMetaFilePixelFormat
GetKerningPairsA
GetMetaFileA
BeginPath
DeleteObject
PlayEnhMetaFile
Polygon
SetTextColor
EnumObjects
RoundRect
GetOutlineTextMetricsW
TextOutA
CreateBitmap
SetPixelV
GetDCBrushColor
GetPaletteEntries
GetDeviceGammaRamp
StartDocW
GetRandomRgn
SetICMProfileA
PatBlt
AbortPath
GetSystemPaletteUse
SetPaletteEntries
AddFontResourceW
GetCharABCWidthsW
SetWindowExtEx

advapi32

RegCreateKeyExA
RegQueryValueW
CryptSetProviderA
RegEnumValueW
RegCreateKeyW
RegCreateKeyA
RegCloseKey
RegSetValueA
RegOpenKeyW
RegQueryValueExW
RegFlushKey
RegEnumKeyExW
RegRestoreKeyA
RegCreateKeyExW

shell32

ExtractIconExW

ws2_32

WSARecvDisconnect
WSAAccept
getprotobyname
getpeername
WSAEnumProtocolsW
send
gethostname

wininet

FtpSetCurrentDirectoryW
CreateUrlCacheEntryA
CreateUrlCacheGroup
FindFirstUrlCacheEntryExW
LoadUrlCacheContent
RetrieveUrlCacheEntryFileW
HttpQueryInfoA
InternetSetOptionExW
PrivacySetZonePreferenceW
InternetFindNextFileA
InternetConfirmZoneCrossingA

urlmon

HlinkNavigateMoniker

winmm

midiOutGetID
mciSetYieldProc
waveOutPrepareHeader
waveOutReset
mmTaskYield
waveOutUnprepareHeader
waveOutBreakLoop

winspool.drv

AddPrinterDriverExW
EnumPrintProcessorDatatypesW
PrinterProperties
DeletePrintProvidorA
AddPortExW
DeletePrinterConnectionW
EnumPrintProcessorsA

wsock32

ntohs
gethostbyname
GetNameByTypeW
socket
getsockname
connect
GetAddressByNameA

Sections

.i
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZeqOPv
Size: 125KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TIXjL
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19369dbaf9a929d28a39d7c43e1ec6f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

wininet

urlmon

winmm

winspool.drv

wsock32

Sections

.i Size: 17KB - Virtual size: 17KB

.rdata Size: 5KB - Virtual size: 4KB

.ZeqOPv Size: 125KB - Virtual size: 249KB

.data Size: 4KB - Virtual size: 9KB

.TIXjL Size: 3KB - Virtual size: 28KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 512B - Virtual size: 4KB

.i
Size: 17KB - Virtual size: 17KB

.rdata
Size: 5KB - Virtual size: 4KB

.ZeqOPv
Size: 125KB - Virtual size: 249KB

.data
Size: 4KB - Virtual size: 9KB

.TIXjL
Size: 3KB - Virtual size: 28KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 512B - Virtual size: 4KB