data64_2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

data64_2.exe
Size

329KB
MD5

f2ec365cbc201a548fab42ebc936a1bf
SHA1

48fbec0f0c4bb6f72d5330a4988bfe16bcdb098d
SHA256

73ed245b62ff5523e307cb67175b1be3fad7cfe365d61c1cfdf44f20ab7e20a9
SHA512

2635146c33c414f84094260af1eaf39e3d20f2ca15fee48f725d536d5ef93f38fd2a0b35f2b0d25b0a977b29af45d19308f13b44ee9e4acc88a17330d78dc06a
SSDEEP

6144:9W8z8kgiFfQAOYsrmXiL4B7vDCCBpvczz/eQS:RnFfQAOdr9kTZmn/m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
data64_2.exe

Files

data64_2.exe
.exe windows x86

0eab09b98c18d699716845418f92678c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetConsoleAliasesLengthA
OpenEventA
InterlockedExchange
GetLocaleInfoA
GetLongPathNameW
InterlockedDecrement
_lwrite
WriteConsoleInputA
GetSystemDirectoryW
MoveFileExA
CreateEventA
VerifyVersionInfoW
WaitNamedPipeA
ReadConsoleInputA
GlobalFree
GetCPInfoExW
BeginUpdateResourceA
EnumCalendarInfoExW
MoveFileA
ReadConsoleOutputCharacterA
GetConsoleAliasesLengthW
GetProcAddress
GetModuleHandleW
EnumResourceNamesW
RemoveDirectoryA
GetCalendarInfoA
CommConfigDialogA
SetFileAttributesA
GetCommTimeouts
OpenJobObjectA
GetAtomNameA
GetFileAttributesW
SetConsoleTitleA
ReplaceFileA
CreateJobObjectA
GetProcessWorkingSetSize
GetBinaryTypeW
GetSystemDefaultLangID
GetUserDefaultLangID
GetConsoleAliasA
SetLastError
GetLastError
GetCurrentProcess
GetPrivateProfileIntW
FreeLibrary
GetEnvironmentStringsW
GetFileTime
FindResourceExW
GetConsoleMode
GetDiskFreeSpaceA
GetConsoleAliasExesW
WaitForMultipleObjects
SetDefaultCommConfigA
LoadLibraryA
GlobalAlloc
LoadLibraryW
GetStringTypeW
HeapReAlloc
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
Sleep
LCMapStringW
MultiByteToWideChar
HeapSize

user32

ClientToScreen

gdi32

GetTextExtentPoint32A

winhttp

WinHttpCloseHandle

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wacewaz
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gobog
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wifaw
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.noxa
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dosohez
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0eab09b98c18d699716845418f92678c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 239KB - Virtual size: 239KB

.data Size: 66KB - Virtual size: 4.8MB

.wacewaz Size: 512B - Virtual size: 1B

.gobog Size: 3KB - Virtual size: 2KB

.wifaw Size: 1024B - Virtual size: 624B

.noxa Size: 512B - Virtual size: 23B

.dosohez Size: 1024B - Virtual size: 963B

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 239KB - Virtual size: 239KB

.data
Size: 66KB - Virtual size: 4.8MB

.wacewaz
Size: 512B - Virtual size: 1B

.gobog
Size: 3KB - Virtual size: 2KB

.wifaw
Size: 1024B - Virtual size: 624B

.noxa
Size: 512B - Virtual size: 23B

.dosohez
Size: 1024B - Virtual size: 963B

.rsrc
Size: 16KB - Virtual size: 16KB