p2662123[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

p2662123.exe
Size

23KB
MD5

dda97a91f8f9fed242bd2ccb7e43dfa5
SHA1

c818d06d8512fa0c74ffe35567c85b370da8fff3
SHA256

2ded42d3e2d6f61011469897b8a9f4a7781b4625086f9491f49b73905a05daaa
SHA512

0d204e523427158d74b8094e4d99b0af1eb58dbce526a6651d3ed9473fac32f35fe4518c754d997173452cbb8982305961f0b1d566a757bee7ca2f2d28858c9b
SSDEEP

384:eCli1f2vdVdViTxC06n9RllSNnNgwFI7JWWarW:eCi1+vTdIc0YPeNnNgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
p2662123.exe

Files

p2662123.exe
.exe windows x64

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

Sleep
HeapSetInformation
LocalFree
GetFileType
WideCharToMultiByte
GetLastError
FormatMessageW
SetThreadUILanguage
GetEnvironmentVariableW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
GetConsoleMode

msvcrt

_fileno
_write
_setmode
vswprintf_s
_wcsicmp
memset
_get_osfhandle
__iob_func
fgetpos
wcschr
fwprintf
fflush
memmove
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
iswprint
_wtoi
_vsnwprintf
exit
_vscwprintf

ntdll

RtlVirtualUnwind
RtlCaptureContext
NtWaitForSingleObject
NtCreateFile
RtlUpcaseUnicodeStringToOemString
RtlIpv4StringToAddressW
RtlLookupFunctionEntry
NtDeviceIoControlFile
RtlInitUnicodeString
RtlIpv4AddressToStringW
RtlGUIDFromString
NtClose

ws2_32

ntohl

user32

OemToCharBuffW

mswsock

GetSocketErrorMessageW

iphlpapi

NhGetInterfaceNameFromDeviceGuid

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ws2_32

user32

mswsock

iphlpapi

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 86KB

.pdata Size: 512B - Virtual size: 492B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 86KB

.pdata
Size: 512B - Virtual size: 492B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 32B