202e9058f772c2a6be281a603c87b680

Sharing

Copy URL Twitter E-mail

General

Target

202e9058f772c2a6be281a603c87b680
Size

2.0MB
MD5

202e9058f772c2a6be281a603c87b680
SHA1

524209a9d2fc9015f734eb6b71f1abaa66ea5a87
SHA256

b9c702d2e993a5481d8c1816fb29bf148363d8074e3d17980dcfc90e309e8c29
SHA512

77bbecd5fc1d48438d579409989ad28e3a6cc8073167fd00cc2c033dd33a27681c9df59891cc234bacbdc32fe1fc6183e56f9cfeaa4178fd4f51155ff86e9467
SSDEEP

3072:kf529f529f529f529f529f529f529f529f529f529f529f529f529f529f529f5T:v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
202e9058f772c2a6be281a603c87b680

Files

202e9058f772c2a6be281a603c87b680
.dll windows:4 windows x86 arch:x86

a14f6ce313e5f3d3af76a948b83b771b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
free
_beginthreadex
fseek
strncpy
fread
fclose
strchr
strcpy
atoi
strtok
strrchr
malloc
wcscmp
_stricmp
__CxxFrameHandler
abs
sprintf
strncmp
strcat
fopen
fgets
memcpy
strstr
strlen
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
_strrev

kernel32

GetCurrentProcessId
CreateMutexA
GetLastError
GetPrivateProfileStringA
GetLogicalDriveStringsA
GetDriveTypeA
lstrlenA
CopyFileA
DeleteFileA
GetFileAttributesA
GetTempFileNameA
MoveFileExA
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
CloseHandle
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetTempPathA
GetCommandLineA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
WriteFile
CreateFileA
GlobalLock
GlobalAlloc
VirtualProtect
GetModuleHandleA
ExitProcess
GetFileSize
Sleep
WaitForSingleObject
Process32Next
GetModuleFileNameA

user32

wsprintfA
GetDC
GetClientRect
GetClassNameA
GetWindowTextA
ReleaseDC
GetWindowRect
GetDesktopWindow
EnumWindows

ws2_32

socket
inet_addr
recv
connect
gethostbyname
send
closesocket
WSAStartup
htons
inet_ntoa
WSACleanup

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

gdiplus

GdipDisposeImage
GdipAlloc
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromFile
GdipSaveImageToFile
GdipCloneImage
GdipFree

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile

dbghelp

SearchTreeForFile

Exports

Exports

FHard
Install
igwCheckUpdate
igwEndUpdate
igwGetModule
igwInit
igwInitExA
igwInitExW
igwInitialize
igwSupportA
igwSupportExA
igwSupportExW
igwSupportW
igwTerminal

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a14f6ce313e5f3d3af76a948b83b771b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

gdi32

gdiplus

urlmon

wininet

dbghelp

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB