2ec11976eca9bb20ca8ab1920193a823

General

Target

2ec11976eca9bb20ca8ab1920193a823
Size

21KB
MD5

2ec11976eca9bb20ca8ab1920193a823
SHA1

3c34c851505a4ece86bb8b0973eacd2be09ab10d
SHA256

7dea62ea060b2455797d2d0204b96c7f91cb52b22dcdb6023014491e37040b36
SHA512

3a48c67c9d79267db621b045fcb1dc1bcb405ab3be385d2054132063a6edef1243aa983e63e048b34b6b46b66dff86840a42739f0d5dc5bc4185d732b7def693
SSDEEP

384:MmF6NqSd5IJI5S7RMi+cvKIxWTRZnUWJIxGPFyRGGuw8pCE2MaK:UNqi1iti4WPvJSGPMu7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ec11976eca9bb20ca8ab1920193a823

Files

2ec11976eca9bb20ca8ab1920193a823
.dll windows:4 windows x86 arch:x86

fdff3260eb249fac6f9b06706fca2789

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetFileSize
CreateFileA
DeleteFileA
GetTempPathA
GetProcAddress
SetFilePointer
OutputDebugStringA
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GetModuleHandleA
VirtualQueryEx
ReadProcessMemory
GetFileAttributesW
CloseHandle
OpenProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetPrivateProfileStringA
Sleep
LoadLibraryA
FreeLibrary

user32

GetDC
GetWindowRect
wsprintfA
GetWindow
GetClassNameW

wininet

InternetCloseHandle

msvcrt

_strupr
_strcmpi
strcat
memset
sprintf
strlen
strcpy
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
fclose
ftell
fseek
fopen
mbstowcs
strrchr
wcslen
strstr
wcsncat
wcscpy
wcsstr
strncpy
exit
free
printf
malloc
rand
_stricmp
memcpy
_except_handler3
_local_unwind2
strcmp
_vsnprintf

gdiplus

GdiplusStartup
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToFile

gdi32

BitBlt
CreateCompatibleDC
GetDeviceCaps
CreateDCA
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdff3260eb249fac6f9b06706fca2789

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

gdiplus

gdi32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB