d2d2f38195b7fa100bf43890683baf5b87a3a4b63985113394fc1579c5ecab8d

Sharing

Copy URL Twitter E-mail

General

Target

d2d2f38195b7fa100bf43890683baf5b87a3a4b63985113394fc1579c5ecab8d
Size

787KB
MD5

2bcf3a707da9d6a56b25d486492b1dea
SHA1

af56bffcaec06140df7baa748d9398390a422ba6
SHA256

d2d2f38195b7fa100bf43890683baf5b87a3a4b63985113394fc1579c5ecab8d
SHA512

235d0b42579bd75a900660c5cd558ef9c9fefb7ff17952f6458756769f71f6c3607a745d77297a9f5e2dcc3c70eb6cf6cc827ba6017408d5326ee433f28b4c96
SSDEEP

12288:31c78BmkcX/nb+OsTD0NTr0s0PMyRtVnCf/g4yXcAENnu:31GKmkcQTYN0LUy/sXg3XcAcu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2d2f38195b7fa100bf43890683baf5b87a3a4b63985113394fc1579c5ecab8d

Files

d2d2f38195b7fa100bf43890683baf5b87a3a4b63985113394fc1579c5ecab8d
.exe windows x64

0a68f24bc0165599964b541c082122ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AccessCheck
BuildExplicitAccessWithNameW
GetFileSecurityW
GetNamedSecurityInfoW
GetUserNameW
ImpersonateSelf
MapGenericMask
OpenThreadToken
RegEnumValueA
RegOpenKeyExA
RevertToSelf
SetEntriesInAclW
SetNamedSecurityInfoW

kernel32

CloseHandle
CreateEventW
CreateFileMappingW
CreateFileW
CreateProcessW
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
EnumSystemLocalesA
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GenerateConsoleCtrlEvent
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDriveTypeW
GetExitCodeProcess
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileTime
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExA
GetPriorityClass
GetProcessHeap
GetStartupInfoA
GetSystemInfo
GetTimeZoneInformation
GetVersionExW
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadCodePtr
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
RaiseException
ReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SearchPathW
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsGetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WideCharToMultiByte
WriteFile

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_environ
_errno
_filelengthi64
_fileno
_findclose
_fmode
_fstat64
_fullpath
_get_osfhandle
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_setmode
_stat64
_tempnam
_time64
_unlock
_waccess
_wchdir
_wfindfirst64
_wfindnext64
_wfopen
_wfreopen
_wfullpath
_wgetcwd
_wgetenv
_wopen
_wrename
_wrmdir
_wsplitpath
_wunlink
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fprintf
fputc
fputwc
fread
free
fseek
fsetpos
fwrite
getc
getchar
getenv
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putchar
rand
realloc
rewind
setvbuf
signal
srand
strcat
strcpy
strerror
strftime
strlen
strncmp
strncpy
strstr
strtol
strtoul
tolower
ungetc
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcsrchr
wcsstr
_time64
_write
_spawnvp
_read
_putenv
_open
_mktemp
_kbhit
_isatty
_getpid
_getch
_fileno
_dup2
_dup
_close

wininet

HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

Exports

Exports

my_func

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a68f24bc0165599964b541c082122ca

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

wininet

Exports

Exports

Sections

.text Size: 286KB - Virtual size: 285KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 33KB - Virtual size: 33KB

.pdata Size: 18KB - Virtual size: 17KB

.xdata Size: 18KB - Virtual size: 17KB

.bss Size: - Virtual size: 18KB

.edata Size: 512B - Virtual size: 74B

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 1016B

/4 Size: 512B - Virtual size: 512B

/19 Size: 97KB - Virtual size: 96KB

/31 Size: 7KB - Virtual size: 6KB

/45 Size: 15KB - Virtual size: 15KB

/57 Size: 10KB - Virtual size: 10KB

/70 Size: 4KB - Virtual size: 4KB

/81 Size: 63KB - Virtual size: 63KB

/92 Size: 3KB - Virtual size: 3KB

.text
Size: 286KB - Virtual size: 285KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 33KB - Virtual size: 33KB

.pdata
Size: 18KB - Virtual size: 17KB

.xdata
Size: 18KB - Virtual size: 17KB

.bss
Size: - Virtual size: 18KB

.edata
Size: 512B - Virtual size: 74B

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 1016B

/4
Size: 512B - Virtual size: 512B

/19
Size: 97KB - Virtual size: 96KB

/31
Size: 7KB - Virtual size: 6KB

/45
Size: 15KB - Virtual size: 15KB

/57
Size: 10KB - Virtual size: 10KB

/70
Size: 4KB - Virtual size: 4KB

/81
Size: 63KB - Virtual size: 63KB

/92
Size: 3KB - Virtual size: 3KB