2fb736e87f314a10acd08787afaf0da3b341d1c1eac42028a249eba06701ac5f

Sharing

Copy URL Twitter E-mail

General

Target

2fb736e87f314a10acd08787afaf0da3b341d1c1eac42028a249eba06701ac5f
Size

124KB
MD5

fe0f920d153f942a7bf8dc597ca5bab3
SHA1

b82fafdd73f76e34e097e426ae34a8884d7c9866
SHA256

2fb736e87f314a10acd08787afaf0da3b341d1c1eac42028a249eba06701ac5f
SHA512

8f3e06187fe2b9d0254894d9866bacb75409f5b56222e8843e0e651cc15334424a392a0a9424fd5e28c827ab281abf53a9b4a97cd38c6d52dc526c858574cf72
SSDEEP

3072:+mUR4CfjiDGYpUzsRMX3QKtSwEvpzw5S:E4EMGz4anZSwxc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fb736e87f314a10acd08787afaf0da3b341d1c1eac42028a249eba06701ac5f

Files

2fb736e87f314a10acd08787afaf0da3b341d1c1eac42028a249eba06701ac5f
.exe windows x86

0b15b635ad2cc5e271488f08bef93b43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
OpenProcess
GetModuleHandleW
LoadResource
GetProcessHeap
SizeofResource
FindResourceW
CreateRemoteThread
VirtualProtect
VirtualAllocEx
WriteProcessMemory
HeapFree
GetLastError
LockResource
CloseHandle
FreeLibrary
VirtualQuery
HeapAlloc
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
GetProcAddress

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

vcruntime140d

strstr
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_type_info_destroy_list
memset
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
_except_handler4_common

ucrtbased

__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
__stdio_common_vsprintf_s
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_set_fmode
_crt_at_quick_exit
_controlfp_s
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_CrtDbgReportW
_CrtDbgReport
atoi
__stdio_common_vfprintf
__acrt_iob_func
strcmp
_exit
exit
_initterm_e
_initterm
_seh_filter_exe
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_crt_atexit
_set_app_type
_get_initial_narrow_environment

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b15b635ad2cc5e271488f08bef93b43

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

vcruntime140d

ucrtbased

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 2KB - Virtual size: 1KB