2f45c1b5162fc17f25e1e92addf8f051

Sharing

Copy URL

Twitter E-mail

General

Target

2f45c1b5162fc17f25e1e92addf8f051
Size

938KB
MD5

2f45c1b5162fc17f25e1e92addf8f051
SHA1

64148c07bb6e0614eaf46641e0f2df04bb7c0a49
SHA256

4947a2f97927a60c361e0e63bcaf622c29060f4d5f432662efad100d37ba70d4
SHA512

84ba07ddfdb3877d364fa4f72b3e4d55f3540ebba44679d7c894c9cff9ff4cf3349c3fc92239729fe627786ade05c815283293326e7a602d318bb42810f2f6d1
SSDEEP

12288:pVGNuiZP5Y6c0M2OMOxkalM/wTTi1eE5H6dROtpKAhrTckiA4rcShYM8DRETykbI:PUAJssgDH6ap5cF4Shl4qTKnT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f45c1b5162fc17f25e1e92addf8f051

Files

2f45c1b5162fc17f25e1e92addf8f051
.exe windows:4 windows x86 arch:x86

785b0a97d9438fab5bc3a615540f681d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateWaitableTimerA
GetACP
TryEnterCriticalSection
GetFileInformationByHandle
Beep
GetTempPathW
ReadConsoleInputW
AllocConsole
WaitNamedPipeA
SetVolumeLabelA
SearchPathW
SystemTimeToFileTime
GetEnvironmentStringsW
SetFileTime
GlobalFlags
_llseek
SuspendThread
FindNextChangeNotification
GenerateConsoleCtrlEvent
ReadFile
GetFileAttributesA
SetHandleCount
ReadConsoleA
FormatMessageW
GlobalFindAtomA
GetLargestConsoleWindowSize
SetProcessShutdownParameters
FatalAppExitA
SetProcessAffinityMask
IsProcessorFeaturePresent
GetSystemInfo
lstrcmpiA
GlobalAddAtomA
SetEndOfFile
CloseHandle
UnmapViewOfFile
WriteProcessMemory
DeleteFiber
GetTempFileNameA
VirtualAllocEx
AreFileApisANSI
GetTapeParameters
FindResourceExW
ExitProcess

user32

GetWindowRgn
DefWindowProcA
wvsprintfA
SendMessageW
SetWindowLongW
SwitchToThisWindow
DefMDIChildProcA
SendDlgItemMessageA
RemoveMenu
IntersectRect
ActivateKeyboardLayout
SetRect
IsZoomed
ChangeDisplaySettingsA
SetPropW
GetDialogBaseUnits
GetMessageTime
EnumDisplayDevicesW
PostMessageW
GetTabbedTextExtentW
CreateCursor
SetParent

gdi32

StretchBlt
GetTextExtentPoint32W
Arc
GetCurrentPositionEx
CreateSolidBrush
GetStretchBltMode
DescribePixelFormat

comdlg32

ChooseFontW
ChooseColorW
CommDlgExtendedError
ReplaceTextW

advapi32

RegEnumKeyA
GetTokenInformation

shell32

FindExecutableA
SHFileOperationA
Shell_NotifyIconW
ExtractIconA
SHFileOperationW
SHChangeNotify

ole32

IIDFromString
OleInitialize
OleSetMenuDescriptor

oleaut32

QueryPathOfRegTypeLi
SafeArrayGetLBound
SysAllocStringLen
VariantCopy
SafeArrayUnaccessData
SysStringLen

comctl32

ImageList_LoadImageW
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_Destroy

shlwapi

StrDupA
PathIsDirectoryEmptyW
PathStripPathW
StrCmpIW
StrTrimA
UrlApplySchemeW
PathQuoteSpacesW
PathRelativePathToW
PathRemoveArgsW
SHCreateStreamOnFileW
SHRegGetBoolUSValueA
PathIsSameRootW
StrCmpNA
PathIsUNCServerW
PathUndecorateW

Sections

.text
Size: 7KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 611KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

785b0a97d9438fab5bc3a615540f681d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 7KB - Virtual size: 224KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 611KB - Virtual size: 610KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 224KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 611KB - Virtual size: 610KB

.rsrc
Size: 17KB - Virtual size: 16KB