2ba00a59213d48e9fe61496998109ce1e0a41b0b63d5fee35d0e199bc0ae2055

General

Target

2ba00a59213d48e9fe61496998109ce1e0a41b0b63d5fee35d0e199bc0ae2055
Size

12.0MB
MD5

bac88761f61f84f62e26cc138f5a077d
SHA1

08865f3ca6a7306de2d15f4bbacca18df19b1985
SHA256

2ba00a59213d48e9fe61496998109ce1e0a41b0b63d5fee35d0e199bc0ae2055
SHA512

2d33ad9b9d3bcf6e2b3bc522ad47b56d83eacbb045aded2617ae9637bf071880d7c28e1240be9c989c161724e21b09db7764b5d7eed2979c9f1e56ed0d8d6275
SSDEEP

3072:96S2oAKtZZy2m4zRwhIuGi9Pf2AG/7999999999999999999999999999999999H:967KtDyv4lwh7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ba00a59213d48e9fe61496998109ce1e0a41b0b63d5fee35d0e199bc0ae2055

Files

2ba00a59213d48e9fe61496998109ce1e0a41b0b63d5fee35d0e199bc0ae2055
.exe windows:5 windows x86

cb4b60e344b456b876756611bf85d8b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLocalTime
EnterCriticalSection
GetTickCount
HeapReAlloc
OpenFileMappingA
lstrlenW
WaitNamedPipeA
OpenWaitableTimerA
CreateMutexA
TlsGetValue
lstrlenW
GetProcAddress
CreateFileMappingA
GetStartupInfoW
WriteFile
GetModuleHandleA
DeleteFileW
GetStringTypeW
LoadLibraryExW
LoadLibraryW
lstrlenW
GetVersionExW

user32

LoadMenuW
InsertMenuW
GetDlgItemTextW
IsDialogMessageW
GetPropA
DispatchMessageA
IsCharLowerA
PeekMessageA
LoadIconW
GetClassLongA

rsaenh

CPDeriveKey
CPCreateHash
CPEncrypt
CPDecrypt

crypt32

CryptFindOIDInfo
CryptMemAlloc
CertOIDToAlgId
CertFreeCRLContext
CertDuplicateCTLContext
CertSaveStore
CertDeleteCRLFromStore
CertControlStore
CertNameToStrW
CryptHashMessage
CertFindAttribute
CryptMemFree
CertCreateCTLContext
CertCreateContext
CertGetNameStringW
CertDuplicateStore
CryptMemRealloc

cmpbk32

PhoneBookFreeFilter
PhoneBookCopyFilter

modemui

InvokeControlPanel
drvSetDefaultCommConfigA

cfgmgr32

CM_Add_Empty_Log_Conf
CMP_Init_Detection

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ

.ydata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.9MB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb4b60e344b456b876756611bf85d8b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

rsaenh

crypt32

cmpbk32

modemui

cfgmgr32

Sections

.text Size: 96KB - Virtual size: 95KB

.jdata Size: 11KB - Virtual size: 11KB

.ydata Size: 1024B - Virtual size: 704B

.rsrc Size: 11.9MB - Virtual size: 1KB

.text
Size: 96KB - Virtual size: 95KB

.jdata
Size: 11KB - Virtual size: 11KB

.ydata
Size: 1024B - Virtual size: 704B

.rsrc
Size: 11.9MB - Virtual size: 1KB