2a1428d6e4295446d1677d34e1d61068

Sharing

Copy URL Twitter E-mail

General

Target

2a1428d6e4295446d1677d34e1d61068
Size

116KB
MD5

2a1428d6e4295446d1677d34e1d61068
SHA1

0f49e823ae3d31a90744a86bdd5ea10f65164f2c
SHA256

e92c67206fd11600ceff37bd26f94c8c8dd39446f45b84354d8d97c25f4057c8
SHA512

708b9baa6611d8ca2b18bf5dcae60e64f2108b9c89cb724109cc5c4b5999a45b24dae378645e0fa05814b573e7b0ba0f062f092b14521c3e77d67180c052299b
SSDEEP

1536:+Q5yUFyG5936ATHVO9CdYRT8IU0/AD+GaBEKytZ3vz/QojOW:+QkI/jXyT1UkAy+JtZ3vz/QojO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a1428d6e4295446d1677d34e1d61068

Files

2a1428d6e4295446d1677d34e1d61068
.exe windows:4 windows x86 arch:x86

195c73155f95f9063625c5f5230a2ca2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
GetTempPathA
WinExec
DeleteFileA
ReleaseMutex
WaitForSingleObject
CreateThread
Sleep
ReadFile
CloseHandle
GlobalAlloc
GlobalLock
GlobalUnlock
CreateMutexA
GetTickCount
GetCurrentDirectoryA
WriteFile
lstrcpyA
lstrlenA
LocalAlloc
LocalFree
CreateFileA
SetFilePointer
GetModuleFileNameA
GetModuleHandleA
GetExitCodeThread
TerminateThread
GlobalFree
SetEnvironmentVariableA
CompareStringW
LoadLibraryA
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
HeapFree
HeapAlloc
GetLastError
WideCharToMultiByte
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetStringTypeA
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetStringTypeW
GetProcAddress
GetOEMCP
GetACP
GetCPInfo

user32

GetDC
SetTimer
KillTimer
GetWindowRect
GetClientRect
IntersectRect
IsRectEmpty
UnionRect
IsWindow
EnableWindow
PostQuitMessage
ReleaseDC
FillRect
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
DialogBoxParamA
MessageBoxA
FindWindowA
MessageBoxIndirectA
GetDlgItem
DestroyWindow
PostMessageA
DrawTextA
InvalidateRect
UpdateWindow
SetWindowTextA
MoveWindow
SetDlgItemTextA
BeginPaint
EndPaint
ScreenToClient
ShowWindow

gdi32

CreateBitmap
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
SetMapMode
SetTextColor
SetBkMode
GetBkColor
BitBlt
CreateDIBitmap

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

wsock32

select
WSAGetLastError
getsockopt
inet_ntoa
setsockopt
send
shutdown
closesocket
htons
ioctlsocket
socket
connect
WSACleanup
gethostname
gethostbyname
inet_addr
WSAStartup
recv

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

195c73155f95f9063625c5f5230a2ca2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wsock32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 95KB

.rsrc Size: 8KB - Virtual size: 24KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 95KB

.rsrc
Size: 8KB - Virtual size: 24KB