2482973dd9131100a57a398d8ca16fbec901ad4b89728a48bd6a941619d41648

Sharing

Copy URL Twitter E-mail

General

Target

2482973dd9131100a57a398d8ca16fbec901ad4b89728a48bd6a941619d41648
Size

48KB
MD5

5ceb29c54b80334a68eb306456b534b4
SHA1

65e639bf29a401f1b4f0a93c744976ba5eab82d9
SHA256

2482973dd9131100a57a398d8ca16fbec901ad4b89728a48bd6a941619d41648
SHA512

ded809849827b83e982e37139e7690c2451b09285480e94ddab26d2ce3e0a35172e59f51906c03bd21fc01e2e83aa3e02584eb00bf116feab2151118eeb9b57b
SSDEEP

768:1RYLnRGcFPfbAMQRD3MTGXunI/LW7aB57zj3bXejrE//q8U8TMOSY+g:PgaMQRDAGXuI/LWGB5zbOjrE//FU8TMc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2482973dd9131100a57a398d8ca16fbec901ad4b89728a48bd6a941619d41648

Files

2482973dd9131100a57a398d8ca16fbec901ad4b89728a48bd6a941619d41648
.exe windows x86

ada04bee7b2a0e8794aa5c615ef366cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord800
ord641
ord861
ord540
ord324
ord825
ord2281
ord2362
ord4229
ord4847
ord858
ord1172
ord6330
ord6195
ord925
ord2371
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord5276
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord4418
ord3733
ord561
ord815
ord3658
ord3621
ord616
ord2406
ord2613
ord1131
ord2403
ord2015
ord4213
ord2570
ord6051
ord1768
ord4392
ord5286
ord3397
ord3577
ord3614
ord1143
ord1165
ord567
ord2354
ord2294
ord2634
ord4219
ord3087
ord4155
ord2858
ord755
ord470
ord860
ord941
ord3084
ord4470
ord1634
ord2855
ord6871
ord4347
ord6370
ord5157
ord5237
ord2377
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4370
ord3917
ord5261
ord1569

msvcrt

_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__CxxFrameHandler
wcscmp
wcsrchr
free
malloc
_exit
__set_app_type
_XcptFilter
exit
_wcmdln

kernel32

GetStartupInfoW
GetModuleHandleW
GetLocalTime
GetModuleFileNameW
GetTimeZoneInformation

user32

InvalidateRect
LoadCursorW
GetSystemMetrics
DrawIcon
SetCursor
IsIconic
GetWindowRect
GetSystemMenu
AppendMenuW
SendMessageW
LoadIconW
EnableWindow
GetClientRect

gdi32

GetObjectW
CreateFontIndirectW
GetTextColor

shell32

ShellExecuteW

logger

_GPMSDEV_ReadMemory@12
_GPMSDEV_WriteMemory@12
_GPMSDEV_GetDeviceStatus@0
_GPMSDEV_InitDllv@8

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ada04bee7b2a0e8794aa5c615ef366cd

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

shell32

logger

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 14KB