2baffe4df8b9761d7d458cbac3f3a7dedc0dd7c858f95090365a6ced05f5b047

Sharing

Copy URL

Twitter E-mail

General

Target

2baffe4df8b9761d7d458cbac3f3a7dedc0dd7c858f95090365a6ced05f5b047
Size

2.0MB
MD5

4e1dcf0bd50c791625ea445a69d5dd54
SHA1

ce71b049675bebf917824d13caec0e8f833f40a7
SHA256

2baffe4df8b9761d7d458cbac3f3a7dedc0dd7c858f95090365a6ced05f5b047
SHA512

a1d995793730ec9f32799c5aa0fdfdb6f7c140b87417d919afe596c5c51245e0bd21196283b8a48cc0683686c5da1562f409559fbe49a678938287ad2f931c9f
SSDEEP

49152:+AxLKn8USbEX9L1KHV9jI/ubPbW3Ms2ZV2:XLKn8fbEmaSW3MTV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2baffe4df8b9761d7d458cbac3f3a7dedc0dd7c858f95090365a6ced05f5b047

Files

2baffe4df8b9761d7d458cbac3f3a7dedc0dd7c858f95090365a6ced05f5b047
.dll windows:5 windows x86

35d45abf0babfc5f3dd0b981811ba88a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

BuildImpersonateTrusteeW
RegisterServiceCtrlHandlerExW
SetNamedSecurityInfoA
CreatePrivateObjectSecurity

kernel32

EnterCriticalSection
GetProcessHeap
InterlockedPushEntrySList
WaitForSingleObject
DeleteCriticalSection
GetModuleFileNameA
GetModuleFileNameW
OutputDebugStringA
GetSystemTimeAsFileTime
GetExitCodeProcess
LeaveCriticalSection
SetEvent
VirtualAlloc

lz32

LZCopy
LZClose

gdi32

EndPath
EnumFontFamiliesW

setupapi

SetupDiDestroyDeviceInfoList

ws2_32

select

oleaut32

LoadTypeLibEx
GetErrorInfo
VarI4FromStr

user32

OpenInputDesktop
RegisterDeviceNotificationA
ShowWindow
InsertMenuW
UpdateWindow
IsCharAlphaNumericW
PostQuitMessage
GetMessageA
MoveWindow
GetUpdateRgn
CheckMenuRadioItem

version

GetFileVersionInfoA

msvcrt

wcslen
iswxdigit

Exports

Exports

TzetselemwOt

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35d45abf0babfc5f3dd0b981811ba88a

Headers

File Characteristics

Imports

advapi32

kernel32

lz32

gdi32

setupapi

ws2_32

oleaut32

user32

version

msvcrt

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 80KB - Virtual size: 77KB

.qdata Size: 100KB - Virtual size: 98KB

.crt0 Size: 148KB - Virtual size: 144KB

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 80KB - Virtual size: 77KB

.qdata
Size: 100KB - Virtual size: 98KB

.crt0
Size: 148KB - Virtual size: 144KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 32KB - Virtual size: 28KB