2a83f2f612b688ed6ba5204302d04c45

Sharing

Copy URL Twitter E-mail

General

Target

2a83f2f612b688ed6ba5204302d04c45
Size

178KB
MD5

2a83f2f612b688ed6ba5204302d04c45
SHA1

2707b8ec2f79d53e654541804615d60fbb436325
SHA256

dd49770009347102622695a18a5e09868ca3643b10f2a02daef8d5f8a45ac663
SHA512

17883d5962be6d482f1df4eaa9a74796ce0fcd349c7e9be1be2e75298b59b0f4f1b4277b5788a5e80f97ad72bd96cd0456b7fd356b9ca03230fe8f2204a89353
SSDEEP

3072:gwCORyuyVayyS5Y1Zfu8BMh0XV9PQtYj59DGz98ZISmRoN7Xz8q9KkndUdi9hPTP:gwsk3S56u8eh0DPwY+z98bmeN7D8q9Ku

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a83f2f612b688ed6ba5204302d04c45

Files

2a83f2f612b688ed6ba5204302d04c45
.exe windows:4 windows x86 arch:x86

5ba1f4b68bd8d670edeb3d5f77fa6202

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

wsprintfA
DispatchMessageA
PostThreadMessageA
MsgWaitForMultipleObjects
CopyRect
MonitorFromWindow
LoadStringA
PeekMessageA
wvsprintfA
GetQueueStatus
GetMessageA
CreateWindowExA
RegisterClassA
RegisterWindowMessageA
DestroyWindow

kernel32

GetThreadPriority
GetSystemTimeAsFileTime
LoadLibraryA
GetTapeParameters
GetModuleFileNameW
GetLastError
VirtualAlloc
InterlockedIncrement
IsBadReadPtr
WideCharToMultiByte
InterlockedDecrement
GetProcAddress
ClearCommError
ResumeThread
FreeLibrary
InitializeCriticalSection
FindResourceA
GetSystemTime
GetCurrentThreadId
GetTickCount
CreateFileW
LoadResource
EnterCriticalSection
GetVersionExA
WaitForSingleObject
CreateSemaphoreA
GetProcessHeap
EnumResourceNamesA
HeapFree
VirtualFree
LockResource
ReleaseSemaphore
ResetEvent
MultiByteToWideChar
Sleep
QueryPerformanceCounter
TerminateThread
CloseHandle
GlobalAlloc
GetModuleFileNameA
GetExitCodeThread
LoadLibraryW
IsBadWritePtr
GetSystemInfo
GetACP
GetCurrentProcessId
lstrlenA
CreateEventA
DeleteCriticalSection
FatalExit
WaitForMultipleObjects
CreateMutexA
SetThreadPriority
LocalFree
GetCurrentThread
ReleaseMutex
LeaveCriticalSection
CreateThread
DisableThreadLibraryCalls
SetEvent
ExitProcess

oleacc

LresultFromObject
CreateStdAccessibleObject

winmm

timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

shell32

SHGetSpecialFolderPathA

advapi32

RegCreateKeyExA
RegSetValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA

ole32

StringFromGUID2
StringFromCLSID
GetRunningObjectTable
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoInitializeEx
CreateItemMoniker
CoRevokeClassObject
CLSIDFromString
CoRegisterClassObject
CoTaskMemAlloc

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ba1f4b68bd8d670edeb3d5f77fa6202

Headers

File Characteristics

Imports

user32

kernel32

oleacc

winmm

shell32

advapi32

ole32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 47KB - Virtual size: 46KB

.lib Size: 512B - Virtual size: 236KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 47KB - Virtual size: 46KB

.lib
Size: 512B - Virtual size: 236KB