c2bf191b692f614dfd0e546c66c2dee893f682e8c88490ed57719f8cea5e33f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2bf191b692f614dfd0e546c66c2dee893f682e8c88490ed57719f8cea5e33f6
Size

10.4MB
MD5

c091f02ca1b05f30b4748fbff5566c21
SHA1

bea65c9a938fd7b3683b68bd1d1c41bb74f345c8
SHA256

c2bf191b692f614dfd0e546c66c2dee893f682e8c88490ed57719f8cea5e33f6
SHA512

e28940d3057c0c45f9a3bbfc87a5d48486240e86f80abbbfbf4cb44abde50021f4c4a1279a0adacdf3ae1e9adfc3b9b306109ed91aa1b28a37cb68b660de65c8
SSDEEP

196608:tV/QPSO8PQOz7tAV2QsyH3zEWdQmRJ8dA6lAIkaqdVT5NuqPyDF:XQEl7tOnzDdQuslAIwdMqUF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2bf191b692f614dfd0e546c66c2dee893f682e8c88490ed57719f8cea5e33f6

Files

c2bf191b692f614dfd0e546c66c2dee893f682e8c88490ed57719f8cea5e33f6
.exe windows:5 windows x64

66c3b0658aee8083a055771d8886e0ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW

comctl32

ord380

kernel32

GetStringTypeW

advapi32

OpenProcessToken

gdi32

SelectObject

iphlpapi

GetInterfaceInfo

msvcrt

_wcsnicmp

psapi

GetMappedFileNameW

shell32

SHGetFolderPathW

Sections

.text
Size: 142KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
moon_kill.pyc