2a6445fa7dd0763c979a6c01111eddb0fbf1126ce05a3d2acad57c70aae48c39[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2a6445fa7dd0763c979a6c01111eddb0fbf1126ce05a3d2acad57c70aae48c39.exe
Size

1.4MB
MD5

93720dd2305c81a9edb4bdae1f6d43ce
SHA1

34d78323261a44187c026a3a148b85cc8c95df58
SHA256

2a6445fa7dd0763c979a6c01111eddb0fbf1126ce05a3d2acad57c70aae48c39
SHA512

fdf395737693c59b1373163db69a7c94c9400aef24848be2d5b857b56462aa6556f95881324e4019e9bed6ae20c59a680ddc14ff51e9a679241464f23e460cf4
SSDEEP

24576:L8mB+Um5pCFkwHLYEIRfunH+As4eROiOey7KdmPT:L8mB+UqkawHXIRfujv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a6445fa7dd0763c979a6c01111eddb0fbf1126ce05a3d2acad57c70aae48c39.exe

Files

2a6445fa7dd0763c979a6c01111eddb0fbf1126ce05a3d2acad57c70aae48c39.exe
.exe windows:4 windows x86 arch:x86

7e92add36c82f5474f8384991f7bcc1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteConsoleW

advapi32

OpenBackupEventLogA

comctl32

EnumMRUListW
FlatSB_GetScrollPos
ImageList_GetImageRect
InitializeFlatSB

compstui

CommonPropertySheetUIA
GetCPSUIUserData
SetCPSUIUserData

crypt32

CertIsStrongHashToSign
CertRegisterSystemStore
CryptMsgGetAndVerifySigner

cryptui

AddChainToStore
CryptUIDlgPropertyPolicy
CryptUIWizImportInternal
DllRegisterServer
DllUnregisterServer

ddores

DllCanUnloadNow
DllGetClassObject

dwmapi

DwmpDxUpdateWindowSharedSurface

gdi32

EngCheckAbort
FONTOBJ_pQueryGlyphAttrs
GdiConvertRegion
GetStringBitmapA

imm32

ImmSetCompositionWindow

mshtml

ClearPhishingFilterData

netapi32

NetMessageNameEnum
NetProvisionComputerAccount

netshell

HrGetIconFromMediaTypeEx
HrLaunchConnectionEx
NcFreeNetconProperties

ntdll

ZwQueryDirectoryFile
ZwQueryWnfStateNameInformation
tolower
wcslen

ole32

CoGetApartmentType

oleaut32

SafeArrayPtrOfIndex

propsys

VariantToInt64ArrayAlloc

rasdlg

RasSrvIsICConfigured

riched20

IID_IRichEditOleCallback
IID_ITextHost
IID_ITextServices
RichEdit10ANSIWndProc

rpcrt4

I_RpcMgmtEnableDedicatedThreadPool

secur32

QuerySecurityPackageInfoW

setupapi

SetupDiInstallDeviceInterfaces
pSetupMakeSurePathExists

userenv

LoadUserProfileA
ProcessGroupPolicyCompleted
ProcessGroupPolicyCompletedEx
UnloadUserProfile

uxtheme

BufferedPaintClear
GetThemeAnimationTransform

version

GetFileVersionInfoW
VerLanguageNameA

winmm

WOWAppExit
mciDriverYield
mciSendCommandA
mmioRead

ws2_32

WSAInstallServiceClassW
WSARecv
WahOpenApcHelper

wtsapi32

WTSFreeMemory
WTSGetChildSessionId
WTSOpenServerExA
WTSQueryListenerConfigW
WTSRegisterSessionNotificationEx
WTSVirtualChannelRead

Sections

.text
Size: 908KB - Virtual size: 907KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e92add36c82f5474f8384991f7bcc1c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

comctl32

compstui

crypt32

cryptui

ddores

dwmapi

gdi32

imm32

mshtml

netapi32

netshell

ntdll

ole32

oleaut32

propsys

rasdlg

riched20

rpcrt4

secur32

setupapi

userenv

uxtheme

version

winmm

ws2_32

wtsapi32

Sections

.text Size: 908KB - Virtual size: 907KB

.data Size: 500KB - Virtual size: 499KB

.eh_fram Size: 512B - Virtual size: 348B

.bss Size: - Virtual size: 4B

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 40B

.text
Size: 908KB - Virtual size: 907KB

.data
Size: 500KB - Virtual size: 499KB

.eh_fram
Size: 512B - Virtual size: 348B

.bss
Size: - Virtual size: 4B

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 40B