2f253fed0eca76dab226199c4dd4072a

Sharing

Copy URL Twitter E-mail

General

Target

2f253fed0eca76dab226199c4dd4072a
Size

2.3MB
MD5

2f253fed0eca76dab226199c4dd4072a
SHA1

68cd0f9303d8fc06cc3a36eda3f56050ca88801a
SHA256

db88d08a1aacf758dfb79ccbf814f54f9febbf57abd9ce6e285a607775ffd90c
SHA512

f59d7ea53ae3a824526d1d364aaa59ba16debd2073e2d4a8f20362d57b893a9349a13c34e6c86b2134727fa589fbdc5aef81627118150e0f8758c09814ee8af9
SSDEEP

49152:ewZ1eUM0zmR3GGN5bjoGDONL2scrTsaEfmCSwZN1Cxk9cLuef09KEM2g8Rsp:l2nXscrTsaEf/8xkyuef+KEDdRs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f253fed0eca76dab226199c4dd4072a

Files

2f253fed0eca76dab226199c4dd4072a
.exe windows:4 windows x86 arch:x86

73780d9aa4380d65abfb6426525c27d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
gethostbyname
WSACleanup
gethostname
inet_ntoa

user32

GetMessageA
RegisterClassA
ShowWindow
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
EnumWindows
UpdateWindow
GetWindowLongA
GetParent
GetDlgItem
GetKeyState
GetNextDlgTabItem
SetFocus
CallWindowProcA
GetWindowThreadProcessId
SendMessageA
SetCursor
KillTimer
PostQuitMessage
SetWindowLongA
SetTimer
PostMessageA
EnableWindow
SetWindowTextA
GetFocus
GetDlgCtrlID
GetWindowTextA
DefWindowProcA
LoadIconA
LoadCursorA
CreateWindowExA
OemToCharA

gdi32

CreateFontA
DeleteObject
CreateSolidBrush
SetBkColor
GetStockObject

ole32

CoUninitialize
CoInitialize

wsock32

recv
send
inet_ntoa
WSACancelAsyncRequest
WSAAsyncGetHostByName
__WSAFDIsSet
select
connect
recvfrom
ntohl
WSAGetLastError
socket
htonl
htons
bind
getsockname
ntohs
setsockopt
WSAAsyncSelect
closesocket
ioctlsocket
getsockopt
sendto

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

kernel32

InitializeCriticalSection
GetDiskFreeSpaceExA
GetProcAddress
GetModuleFileNameA
FileTimeToSystemTime
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
HeapSize
TlsGetValue
SetLastError
TlsAlloc
GetFullPathNameA
GetCurrentDirectoryA
HeapReAlloc
DeleteFileA
InterlockedDecrement
ExitThread
TlsSetValue
CreateThread
GetSystemTime
GetTimeZoneInformation
GetVersion
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
HeapAlloc
SetFileAttributesA
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
RaiseException
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetFileType
GetStdHandle
EnterCriticalSection
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetTickCount
CloseHandle
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
CreateMutexA
FindClose
FindNextFileA
FindFirstFileA
SetProcessAffinityMask
GetProcessAffinityMask
GetCurrentProcess
GetVersionExA
GetLastError
TerminateProcess
HeapFree
FileTimeToLocalFileTime
GetDriveTypeA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
SuspendThread
ResumeThread
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
UnhandledExceptionFilter
DeleteCriticalSection
GlobalFree
LeaveCriticalSection
GlobalMemoryStatus
Sleep
GetDiskFreeSpaceA
GetFileSize
GetModuleHandleA
RemoveDirectoryA
IsDBCSLeadByte
CopyFileA
CreateEventA
FatalAppExitA
SetEvent
InterlockedIncrement
GetLocalTime
GlobalLock
GlobalAlloc
GetFileAttributesA
GlobalUnlock
WriteFile
SetEndOfFile
SetFilePointer
ReadFile
CreateFileA
RtlUnwind
ExitProcess
FlushFileBuffers
LockFile
UnlockFile
WideCharToMultiByte

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 92KB - Virtual size: 88.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73780d9aa4380d65abfb6426525c27d5

Headers

File Characteristics

Imports

ws2_32

user32

gdi32

ole32

wsock32

advapi32

kernel32

version

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 92KB - Virtual size: 88.6MB

.tls Size: 4KB - Virtual size: 12B

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 92KB - Virtual size: 88.6MB

.tls
Size: 4KB - Virtual size: 12B

.rsrc
Size: 8KB - Virtual size: 4KB