2dc909ce5fcf8f12421695414e43f5f18a0df52cd69da1ea4ec971ff3b93d413

General

Target

2dc909ce5fcf8f12421695414e43f5f18a0df52cd69da1ea4ec971ff3b93d413
Size

397KB
MD5

240a33f337c91da6e23fe75bc69b96e1
SHA1

169268b24f9dc63683d22418ab87ed5100794043
SHA256

2dc909ce5fcf8f12421695414e43f5f18a0df52cd69da1ea4ec971ff3b93d413
SHA512

44a60e0d276a8851108bec3b010c17dd99a94c763f111bd3e71d89faf17dc4c7c175bff05e3835b101913cca4bc140b5836d66dec5ff7c83e6a002350b8a4851
SSDEEP

6144:yIOv+zs3KlkZFKJuNlD/GV8agfvVZ9DwO892PRlfCr:yI9+8XqagVZ9DwVcPPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dc909ce5fcf8f12421695414e43f5f18a0df52cd69da1ea4ec971ff3b93d413

Files

2dc909ce5fcf8f12421695414e43f5f18a0df52cd69da1ea4ec971ff3b93d413
.exe windows:5 windows x86 arch:x86

fc9cc01cf478a61caa8ec04b5a363615

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
Sleep
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
GetModuleHandleA
FreeConsole
GetCommandLineA
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

btwuuiwiiiqizqqw

Sections

.bss
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 346KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.frAQB
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc9cc01cf478a61caa8ec04b5a363615

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.bss Size: 9KB - Virtual size: 9KB

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 346KB - Virtual size: 348KB

.frAQB Size: 9KB - Virtual size: 12KB

.bss
Size: 9KB - Virtual size: 9KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 346KB - Virtual size: 348KB

.frAQB
Size: 9KB - Virtual size: 12KB