2a2c0c9b37bc02ec5f21eb7fd7953cdf8d572049e50af4b854405345c5c9c5f9

Sharing

Copy URL

Twitter E-mail

General

Target

2a2c0c9b37bc02ec5f21eb7fd7953cdf8d572049e50af4b854405345c5c9c5f9
Size

460KB
MD5

edaebd9d78f1f095f4f2d608d8899392
SHA1

f3bab7e482ed8575348a3ffba5a219c09526b974
SHA256

2a2c0c9b37bc02ec5f21eb7fd7953cdf8d572049e50af4b854405345c5c9c5f9
SHA512

b08af39640e52ce6f96b53487929c8f40846e99369fccae8998d3927a1096e0575b26e2b6870e95d778529a8f01bcc9cd93e4f8c9df8cc4f9853f17c27be24a5
SSDEEP

6144:Obq0OjR42m7JVTOLzLhz+LMLLLLLLLLLPLLLLALLLLLLLLLLLFQ63t2mHHclT9oZ:UT2m7JVTOrJ9oWNf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a2c0c9b37bc02ec5f21eb7fd7953cdf8d572049e50af4b854405345c5c9c5f9

Files

2a2c0c9b37bc02ec5f21eb7fd7953cdf8d572049e50af4b854405345c5c9c5f9
.exe windows:5 windows x86

6c6723f3fae981249f2bf8bfb689ea36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

updatecore

ShowProgress
SetRootWebURL
CloseDownload
Download3

kernel32

EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetProcAddress
GetModuleHandleA
InterlockedIncrement
lstrcmpiA
IsDBCSLeadByte
SetLastError
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
CreateMutexA
GetFileAttributesA
FindClose
FindFirstFileA
RemoveDirectoryA
FindNextFileA
DeleteFileA
OutputDebugStringW
CreateMutexW
GetFileAttributesW
RaiseException
DeleteFileW
FindFirstFileW
GetModuleFileNameW
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetCurrentProcessId
TerminateProcess
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
InterlockedExchange
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
DecodePointer
QueryPerformanceCounter
IsDebuggerPresent
InterlockedDecrement
lstrlenA
CloseHandle
DebugBreak
GetModuleFileNameA
CopyFileA
MoveFileExA
Sleep
lstrcpyA
lstrcatA
FindNextFileW
OutputDebugStringA

user32

EndPaint
CallWindowProcA
GetWindowLongA
DefWindowProcA
BeginPaint
CharNextA
wsprintfA
MoveWindow
GetWindowRect
SetWindowPos
MapWindowPoints
SystemParametersInfoA
GetWindow
GetParent
GetClassInfoExA
LoadCursorA
OffsetRect
LoadStringA
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
PostMessageW
IsWindow
CreateWindowExA
RegisterClassExA
PeekMessageA
SetWindowLongA
DrawTextA
FrameRect
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetClientRect
PostMessageA
wvsprintfA
UnregisterClassA

gdi32

SetBkMode
Rectangle
DeleteObject
GetStockObject
SelectObject
CreateSolidBrush

advapi32

RegQueryInfoKeyW
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteExW
ShellExecuteA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
_crt_debugger_hook
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_wcsicmp
_swprintf
_waccess
_wrename
wcsncpy
_wchmod
_vswprintf
wcsrchr
_invoke_watson
__getmainargs
malloc
??3@YAXPAX@Z
_mbsrchr
_CxxThrowException
memcpy
??_V@YAXPAX@Z
_ismbcdigit
atoi
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memmove
_purecall
__CxxFrameHandler3
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_recalloc
memset
_access
memmove_s
sprintf_s
memchr
free
_mbsnbcpy_s
_mbsstr
_stricmp
memcpy_s
_resetstkoflw
strlen
_ftime64
_localtime64
sprintf
fclose
fwrite
fopen
strcpy
strftime
_controlfp_s

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c6723f3fae981249f2bf8bfb689ea36

Headers

DLL Characteristics

File Characteristics

Imports

updatecore

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp100

msvcr100

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 386KB - Virtual size: 386KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 386KB - Virtual size: 386KB

.reloc
Size: 6KB - Virtual size: 5KB