2af79936ff33829d9398054209650aff

Sharing

Copy URL Twitter E-mail

General

Target

2af79936ff33829d9398054209650aff
Size

7.7MB
MD5

2af79936ff33829d9398054209650aff
SHA1

610f3ffcf6d98fc21af6352d1a759350ad760751
SHA256

c140133d9eafaf55fc27479b7fffd6fdcaac83d004359019bb4b005a9539b48f
SHA512

32c725284d0e97b7f2d13dbd78625d35a550af9ce0260e923c97a363468d09db0771ef3ff29d141c384e8a6892f020efd0373934593ecc802e74ce9842d9a1cc
SSDEEP

98304:QXjoecXKQzcpazjdtBcQnnVnSkP7W1Gau2Iksj48pW+azO89fF3rBTGbPXDeL:AoeaKH0zacYkPy1lsc8wzt9fFxWXD2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2af79936ff33829d9398054209650aff

Files

2af79936ff33829d9398054209650aff
.exe windows:6 windows x64 arch:x64

9ee4f7d9e901988fe2788da57b84865f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

ShellExecuteW

ntdll

RtlLookupFunctionEntry

winmm

timeGetTime

ws2_32

WSAStartup

advapi32

GetSidIdentifierAuthority

wtsapi32

WTSSendMessageW

Exports

Exports

3�~�ֆ� u�1��S�|�h��ڈkD��x��j�/.�u�*%�9q"��Q��{-�|�ޜ�B�gSf�|��+�\V�7WGJ�^X��V��o�~�E U�+��u�yz�HS]S=�0VG �e"�H�}*8��w�^_�i��;�|��>L �0�iP��3-��Att�Z��k��Wd82�FU��^P�Y��Pۄ��$Dg�'ʙ�=U�k£f��Xo��K��$Kf�;��/qx�)�ZJ�YĢ�촫0�nN#�qۙ�tyu:��~Ƭk��m�;L;zux��;��~Un��يg��Z�F@��`n��p��J��z��\��7�͇�ֶ.�6�b[�{%��&,��ܗ6 op��-��XQ'Jy��6��C��iW)�"��N��=(�(��jX6�}�/0&%�8�'��j�, z��I�nԖ_HцO�!POE��!��4�Y��6TlbՅil��S��!~�ba#�An�3Y� �Jf�h��~F�s�̑z��ϴ�}m�ୄД�pA�)#+5��ZN�nW�@qݮ��3r��?��B�6��'!�#v��F�,��F׫K�io��*��*��@%�5�U;�˧z��іP��nZ��ͻ.��8��c�XwA��`?�Z՛]c@��y��y�n>Kf�_]kO��8��Vko�1YHU僟��mc��Ʉ�*mͿ��`c��#�ÿ-�d+�0{�Z0�Szƴ�'AU��y3y�K�U�+�O�A��ǂʷz#[b9��'<�.i�[��v�Rط�C�5kK�͜��yU�һh�P�ZP�#b&�Oa��cC��v<��,�v=�;c}��J@]�ك��лL�` 9��Y� ��B�.k4s�X8�*^�gQ�s?:��%Qf��>߃roҷL�@ ��f��R{�z ��;��8�� _~��Fo��r��ܯ� >�A�.qdsr��{'��ʾZ/�o��!"��%��r�҃��f�fR ��ԨQ�Iu~� ��5�enA��2�i X��9b��9�F��PnG��8��R��|J�^�)'��GMpcU:KBZ��7�G��74�k�`�K��Ѐ��a�hP4�!L�<��1��tZ�� =��+��#k��'�C{ӿ��,e| �C9�T�� r�n�䲪E1��a�29F�n��Ҕt;�ti�ԖY+��y:6/��*��z�(Qڇ�=�t��1��E��Շ|L�"�73Lw��ˠ)m�|Z��E��I<��\(e��B��2��>�y��'eq+�h�)��]�� re�17I_� ��XW$4gⵄ40Q�6߇,�ïkB#��}C��'��7��V�=��c �2c��?�`B&Fz}��J��2{o��dK�r�R�<P��ە愃��4 X�zۛz׉5�o�&'�q'��i��A��>�G/�� NrQʇR�D�h�۩��B+5��ϣ�+{�j̇_��M�� /Bl��x��W₾�+?��M= *-ڡ4��Jzw��1�ŉ:m��z|��3c ��n��3�eHќ֛��YH�y��Y��p��X��ɠ��y{�?rE_XZϝ�©YvәsVBWHt��{��"j�(�1|�m��^eu�`��)�//�ј��:܋��R�-�뇮�o�!qs��{��,��ߍv(*[^��"�?IY1q2�x�˿��Al��&�G�h9$pļǕ��$��D��,V̺8=��"ȹy�[H]7�^5Ì�V�d�Q�caM ��Xq��+}��'mr��@��Us��蕻��X�ٻ��!͟�&I�M~+�%�ѷ3��f��Hc�n�T�7qv��/{Ff��9�Ŧ�Va(�TxH��\kK ��i[�Q�Ǆ��ur�j#� q�[�j!R&y�Ɂ�;�n,ܔ�y��HV;:c�YJ �:6U�"-��[��s6�S�,(*�#��t��O��[�%�_��)��HN�lm}�{�gL��:�o㫙r��XX�9�H��z� h0��&g�'0t��߱k�nH��A/4J� 7D2Dp��qȊ�T0q��X��^��(��i��bp�L c��Z��<�� FOT=�T<��-��Opa�ڠ��0E��];axz.�Ob�9$��^éy��D��?�M`T��j�Gi�ѓ��r��r�RlJ��\�� s�5��LpO,��l�0��?xS��#ޡ��2H�5z/Uh��6\�9!��peA��s�I.�5��b�ݪ)��2��[Ԕ),�t;c�[`��2�~Bm�� 3��"��N�Գ��1�oUV%�%%^��[n�x�m��Y¶הx��J��E��!gM{��ގf�+��KD6ۉ/]Ɓ-��tc}Л�7?�(��'t˹7�]z9 :�O9/i��^Z (R�ܡ��5�� 5��3D� t��&��d��,Ei��9�DӦ�� qX�|��Nt ��2�p��|D��J��mR?��-�tqD��v9�MS��`#�v��T��w�=/�%%�{ڮ��`�5�Rd�pK�#��do:��k�JP]��:0�KRe@x*Ё<2 ��V��X�s5̜� #K<F�� +�d�3 e�]�T��n}��y��0�B�b�c�$��[��x��d%O��5F��aR'v ��l@L!R� /�� .J��N}siCчv��ĭ�]i�T��!�I �1��m(2>N1t1SYa��/U��"��פ��?��{}x�]�`m��B��7�D ��q�A�w�,V?k�t��D{[P� ��PqT��Jl��\Qm

Sections

o5uerai]
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

6j8aPRm1
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

iPn.I@vm
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

`wTF!$V>
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BZc!06=n
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Y@pG'e2Z
Size: - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Ve-+'5$>
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

&&*TXg.a
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

WfTNOzcL
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ee4f7d9e901988fe2788da57b84865f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ntdll

winmm

ws2_32

advapi32

wtsapi32

Exports

Exports

Sections

o5uerai] Size: - Virtual size: 480KB

6j8aPRm1 Size: - Virtual size: 84KB

iPn.I@vm Size: - Virtual size: 1.3MB

`wTF!$V> Size: - Virtual size: 11KB

BZc!06=n Size: - Virtual size: 244B

Y@pG'e2Z Size: - Virtual size: 5.4MB

Ve-+'5$> Size: 7.7MB - Virtual size: 7.7MB

&&*TXg.a Size: 512B - Virtual size: 196B

WfTNOzcL Size: 512B - Virtual size: 480B

o5uerai]
Size: - Virtual size: 480KB

6j8aPRm1
Size: - Virtual size: 84KB

iPn.I@vm
Size: - Virtual size: 1.3MB

`wTF!$V>
Size: - Virtual size: 11KB

BZc!06=n
Size: - Virtual size: 244B

Y@pG'e2Z
Size: - Virtual size: 5.4MB

Ve-+'5$>
Size: 7.7MB - Virtual size: 7.7MB

&&*TXg.a
Size: 512B - Virtual size: 196B

WfTNOzcL
Size: 512B - Virtual size: 480B