e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7

Sharing

Copy URL

Twitter E-mail

General

Target

e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7
Size

208KB
MD5

0db48efce48f55d7337612906b419908
SHA1

437373019e49d916a132d53a85e9aee9fc42992e
SHA256

e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7
SHA512

6a3b8bd1bf097a064197000acd6308756d9131b3424e824565dacecaebcb350acf64f3d757c051442d25f28c61f956e7d68f5dadb87b05f13037e68cae541c6e
SSDEEP

6144:0ccNqCU8GLVlTJQZ2nrxLOEjIMiSN0PhoJ94B5tYR:nlTJQmrNOEjI1SN0Pi34LtI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7

Files

e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7
.exe windows:5 windows x86

7419992356aada50dadefbe8966a9b5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GlobalAlloc
CreateDirectoryA
CopyFileA
SetFileAttributesA
Process32FirstW
LocalAlloc
GetModuleFileNameA
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetCurrentProcessId
GetThreadContext
CreateFileA
SetThreadContext
SetFilePointer
ReadProcessMemory
CreateProcessA
ReadFile
VirtualAlloc
VirtualAllocEx
ExitProcess
ResumeThread
GetCurrentProcess
IsWow64Process
GetTickCount
OpenProcess
Thread32First
WideCharToMultiByte
TerminateProcess
Thread32Next
GetProcAddress
OpenThread
SuspendThread
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
IsValidLocale
CloseHandle
GetLastError
MultiByteToWideChar
CreateFileW
WriteFile
CreateThread
WriteProcessMemory
Sleep
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
GetStringTypeW
LCMapStringW
GetLocaleInfoW
InterlockedExchange
HeapReAlloc
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
LoadLibraryW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapCreate
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetTimeZoneInformation
EncodePointer
DecodePointer
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapFree
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
HeapSize
GetModuleHandleW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId

user32

CharToOemW
GetForegroundWindow
GetWindowTextA
MessageBoxA
EnumDisplayDevicesW

advapi32

SetKernelObjectSecurity
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
ShellExecuteExA
ShellExecuteA

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

winhttp

WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest

ws2_32

gethostbyname
closesocket
socket
htons
WSAStartup
connect
send

urlmon

URLOpenBlockingStreamA

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7419992356aada50dadefbe8966a9b5e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

psapi

winhttp

ws2_32

urlmon

Sections

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 7KB - Virtual size: 15KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 7KB - Virtual size: 15KB

.reloc
Size: 11KB - Virtual size: 11KB