2848abd63e3f0018fccf6631cdb2915d

Sharing

Copy URL

Twitter E-mail

General

Target

2848abd63e3f0018fccf6631cdb2915d
Size

660KB
MD5

2848abd63e3f0018fccf6631cdb2915d
SHA1

2d9251551626afc46a66e0fa3e0479e3a397ee39
SHA256

46c4e3030e0b3c02c330de780dcfc9c42cbd1e434234d209b4f80157957ece4e
SHA512

80bf166accbd377acd9465f61eed611b7f876f5c039f2ad4c885ad7cf195bd9005f5b2d65f315ccbb5fdf319395a6f9112c77603ee29561ec73e4b18b5432bff
SSDEEP

12288:5XxZYqMFBuF0XNE39n3jFqVmPW9m8IJBeIvcF7aA:RcaFsWnSUtCIvcF7aA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2848abd63e3f0018fccf6631cdb2915d

Files

2848abd63e3f0018fccf6631cdb2915d
.exe windows:4 windows x86 arch:x86

8454a101414861b0e7669d888e0d02b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
GetTickCount
LocalFree
LocalAlloc
OpenFile
GetLocalTime
Beep
GetPrivateProfileStringA
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
GetExitCodeThread
QueryPerformanceCounter
DisconnectNamedPipe
SetStdHandle
SetConsoleCtrlHandler
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
CreateProcessA
ReadFile
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
RaiseException
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
InterlockedExchange
HeapSize
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
IsBadReadPtr
RtlUnwind
GetCurrentThread
SetThreadPriority
ExitThread
TerminateThread
GetCurrentProcess
GetSystemDirectoryA
SetUnhandledExceptionFilter
OpenProcess
WideCharToMultiByte
DeleteFileA
GetProcessHeap
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
GetCurrentProcessId
CreateSemaphoreA
InterlockedDecrement
InterlockedIncrement
PulseEvent
CreateMutexA
ReleaseSemaphore
DeviceIoControl
GetVersionExA
GetSystemPowerStatus
CreateThread
GetModuleFileNameA
GetExitCodeProcess
TerminateProcess
GetSystemTime
CreateFileA
SetFilePointer
WriteFile
ExitProcess
OpenMutexA
ReleaseMutex
OutputDebugStringA
CallNamedPipeA
GetProcAddress
FreeLibrary
LoadLibraryA
OpenEventA
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
ResetEvent
Sleep
GetCurrentThreadId
GetLastError
IsBadCodePtr
CloseHandle

user32

EnumDisplaySettingsA
KillTimer
UnregisterDeviceNotification
RegisterDeviceNotificationA
SetTimer
SetCursor
SendInput
EnumWindows
SendMessageA
GetPropA
RegisterWindowMessageA
RegisterHotKey
UnregisterHotKey
GetForegroundWindow
GetDesktopWindow
GetWindowThreadProcessId
BroadcastSystemMessageA
ExitWindowsEx
SystemParametersInfoA
OpenDesktopA
CloseDesktop
SendNotifyMessageA
MsgWaitForMultipleObjects
GetCursorPos
MonitorFromPoint
GetMonitorInfoA
GetMessageA
DispatchMessageA
TranslateMessage
IsWindow
DestroyWindow
DefWindowProcA
PostMessageA
FindWindowA
RegisterClassA
CreateWindowExA
ShowWindow
MessageBoxA
EnumDisplayDevicesA
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
EnumDisplaySettingsExA
GetSystemMetrics
SetWindowPos
GetCursor
LoadCursorA

gdi32

DeleteDC
CreateDCA
ExtEscape

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

userenv

LoadUserProfileA
UnloadUserProfile
GetUserProfileDirectoryW

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInfoListDetailA
SetupDiGetClassDevsA
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdA
CM_Reenumerate_DevNode
SetupDiGetHwProfileList
CM_Get_DevNode_Registry_PropertyA
CM_Get_Device_ID_ExA
CM_Get_Parent

advapi32

OpenSCManagerA
CloseServiceHandle
ControlService
RegDeleteValueA
RegOpenCurrentUser
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RevertToSelf
ImpersonateLoggedOnUser
QueryServiceStatus
RegSetValueExA
StartServiceA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
CreateProcessAsUserA
RegCreateKeyA
CreateServiceA
DeleteService
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorOwner
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
GetLengthSid
OpenProcessToken
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
SetThreadToken
OpenThreadToken
OpenServiceA

Sections

.text
Size: 420KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8454a101414861b0e7669d888e0d02b8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

userenv

psapi

setupapi

advapi32

Sections

.text Size: 420KB - Virtual size: 417KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 8KB - Virtual size: 31KB

.rsrc Size: 4KB - Virtual size: 2KB

.xrdata Size: 72KB - Virtual size: 72KB

.text
Size: 420KB - Virtual size: 417KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 8KB - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 2KB

.xrdata
Size: 72KB - Virtual size: 72KB