2c472a1ecdd06e7bde270562b1beb4b9

Sharing

Copy URL Twitter E-mail

General

Target

2c472a1ecdd06e7bde270562b1beb4b9
Size

915KB
MD5

2c472a1ecdd06e7bde270562b1beb4b9
SHA1

ebe4f0de0fb99a15b68da4eb3d6c82a4d186c24b
SHA256

a79f7b1a3373a8849aa94ca3f5d07fdb96380091bc2ef7eef0a73405e66e074d
SHA512

c5488c498d5ed9c6dcf563cc80394a93bd7232c05e646412669265138175b171794fbf01f00ba82eb3fedb67fc349995345916cd02d57f85eda309cf376cd170
SSDEEP

12288:5saDxRv9OjVrhWrTMHU9S/gbjD9jSg1cElgbo3GNkxkCyEAdMbsRMN/AEYuJ4AWb:5s+ErWMHU9DhtCWg2xAEdNUfJT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c472a1ecdd06e7bde270562b1beb4b9

Files

2c472a1ecdd06e7bde270562b1beb4b9
.dll windows:5 windows x86 arch:x86

245d68724fde03d53fac70f646e777ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSASetLastError
WSCGetProviderPath
WSAGetLastError
WSAStartup
WSCInstallProvider
htons
send
ioctlsocket
connect
gethostbyname
closesocket
getsockopt
recv
select
WSCEnumProtocols
WPUCompleteOverlappedRequest
WSCDeinstallProvider
WSCWriteProviderOrder

rpcrt4

UuidCreate

ole32

StringFromGUID2

msi

ord67
ord44
ord180

kernel32

SetEndOfFile
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
InterlockedExchange
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
GetConsoleMode
GetConsoleCP
VirtualQuery
GetProcessHeap
LCMapStringW
CloseHandle
GetLastError
GetExitCodeThread
WaitForSingleObject
LeaveCriticalSection
CreateThread
CreateEventA
EnterCriticalSection
ExitThread
SetEvent
GetCurrentProcessId
ResetEvent
InterlockedIncrement
DebugBreak
GetVersionExA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
GetSystemDirectoryA
CreateSemaphoreA
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjectsEx
PostQueuedCompletionStatus
ReleaseSemaphore
WaitForSingleObjectEx
GetQueuedCompletionStatus
lstrcpyW
OutputDebugStringA
HeapAlloc
HeapFree
CompareStringA
HeapDestroy
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
ExpandEnvironmentStringsW
InterlockedDecrement
DeleteCriticalSection
TlsFree
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
ReleaseMutex
GetModuleFileNameA
GetCurrentThreadId
WaitForMultipleObjects
CreateMutexA
GetModuleHandleA
ResumeThread
LocalFree
FormatMessageA
GlobalMemoryStatusEx
GetDriveTypeA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetUserGeoID
GetOEMCP
GetThreadLocale
GetLocaleInfoA
GetNativeSystemInfo
IsWow64Process
GetTempPathA
SetEnvironmentVariableA
GetCurrentDirectoryA
GetCurrentProcess
SetLastError
WriteFile
CreateFileA
LoadLibraryExA
SystemTimeToFileTime
GetSystemTime
LCMapStringA
SetFilePointer
ReadFile
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
VirtualFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentThread
IsValidCodePage
GetCPInfo
GetACP
FatalAppExitA
CompareStringW
HeapCreate
GetFullPathNameA
ExitProcess
GetModuleHandleW
IsBadReadPtr
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
GetModuleFileNameW
WriteConsoleW
GetFileType
GetStdHandle
IsDebuggerPresent
RaiseException
lstrlenA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetHandleCount
GetStartupInfoA
HeapValidate

user32

LoadStringA
IsWindow
wvsprintfA
wsprintfA
PostQuitMessage
DefWindowProcA
RegisterClassA
CreateWindowExA
GetSystemMetrics
TranslateMessage
DispatchMessageA
DestroyWindow
UnregisterClassA
PostMessageA
GetMessageA

advapi32

GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathA
ord680

Exports

Exports

GetLspGuid
WSPStartup

Sections

.textbss
Size: - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 734KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245d68724fde03d53fac70f646e777ca

Headers

File Characteristics

Imports

ws2_32

rpcrt4

ole32

msi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.textbss Size: - Virtual size: 353KB

.text Size: 734KB - Virtual size: 733KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 7KB - Virtual size: 17KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 29KB - Virtual size: 28KB

.textbss
Size: - Virtual size: 353KB

.text
Size: 734KB - Virtual size: 733KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 7KB - Virtual size: 17KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 29KB - Virtual size: 28KB