2c2f37ba275d09f98857cc5933f58230

Sharing

Copy URL Twitter E-mail

General

Target

2c2f37ba275d09f98857cc5933f58230
Size

188KB
MD5

2c2f37ba275d09f98857cc5933f58230
SHA1

b1511d86b3c6b351c8864ba6c23ae354347f239e
SHA256

6fff11a5f17b92adba9ee87f792c255ce407cd647d50ab2532bea45f1799e13b
SHA512

b8470c171014b61a7570763f1c0e0f1c455036a85951e7cf0ba10c93914f426c3810a21bb9766ffdb3861c16a07c053d6c453a1218b4c63e538bdf405321ebd9
SSDEEP

3072:7HvbWa3mKRTjj9VUhlodej6/oNopHekAugmfFyqZwPtgrH/ONqHkPV1/rL:7PyG/hVcCdejmjgUaPtgb/ON0eV1/rL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c2f37ba275d09f98857cc5933f58230

Files

2c2f37ba275d09f98857cc5933f58230
.exe windows:4 windows x86 arch:x86

9a71613d5d5eddfceb143b4153956328

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cximageu

?SetJpegQuality@CxImage@@QAEXE@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?FreeMemory@CxImage@@QAEXPAX@Z
?DestroyFrames@CxImage@@QAE_NXZ
?Destroy@CxImage@@QAE_NXZ
??0CxImage@@QAE@K@Z

winmm

timeGetTime

wsock32

send
recv
gethostbyname
connect
closesocket
socket
htons
htonl
ntohl
WSACleanup
WSAStartup

user32

GetCursorPos
WindowFromPoint
GetWindowRect
GetForegroundWindow
SendMessageW
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
CloseClipboard
GetSystemMetrics
GetWindowDC
ReleaseDC

advapi32

GetUserNameW

gdi32

SelectObject
CreateCompatibleBitmap
StretchBlt
DeleteDC
GetDeviceCaps
SetStretchBltMode
CreateCompatibleDC
DeleteObject

shell32

ShellExecuteW
SHGetSpecialFolderPathW

kernel32

SetUnhandledExceptionFilter
MultiByteToWideChar
VirtualAlloc
GetLastError
HeapReAlloc
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
IsBadCodePtr
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameA
InterlockedIncrement
LoadLibraryA
OutputDebugStringA
InterlockedDecrement
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
LCMapStringA
LCMapStringW
FlushFileBuffers
GetEnvironmentStrings
DeleteFileW
IsBadWritePtr
ExitProcess
GetVersion
CreateThread
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTime
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetSystemInfo
CloseHandle
WaitForSingleObject
ReadFile
GetFileSize
SetFilePointer
CreateFileW
WriteFile
GetLogicalDrives
MoveFileW
FindClose
FindNextFileW
FindFirstFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalSize
CreateEventW
CopyFileW
GetDriveTypeW
SystemTimeToFileTime
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetComputerNameW
GetFileTime
SetFileTime
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a71613d5d5eddfceb143b4153956328

Headers

File Characteristics

Imports

cximageu

winmm

wsock32

user32

advapi32

gdi32

shell32

kernel32

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 104KB - Virtual size: 104KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 104KB - Virtual size: 104KB