2f6796f28599d40ea6197db4ea1431d4

Sharing

Copy URL Twitter E-mail

General

Target

2f6796f28599d40ea6197db4ea1431d4
Size

3.1MB
MD5

2f6796f28599d40ea6197db4ea1431d4
SHA1

014a4c8c61cb5ec8865c5729e6fdf3079f362e17
SHA256

786d771b477fd8b4f1dac51d52bb44c6e9fadc555c4bd1c7e73589975f59ff66
SHA512

3a20bf351cdc5caf13427c68b02745cb724dfb66e3f67a55df74dbc0a99fe75e9d7aed589e0269581cc5ade8c7d86301cd8fb97d43c0b9db5ead55c01d764442
SSDEEP

49152:Ii8YFB8QijGeQzjiTOMRwgzeZR1NnBPupxG0Ewuo6WD5Tv/+bra+D2:Ii80KfjgzYwgzeZ7NnUWwzdZOs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f6796f28599d40ea6197db4ea1431d4

Files

2f6796f28599d40ea6197db4ea1431d4
.exe windows:4 windows x86 arch:x86

a0a18e5cf711477755537a7f87fe804e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
EnumDateFormatsExW
GetLastError
GetFileInformationByHandle
GetComputerNameA
LoadLibraryExW
CreateFileW
Heap32First
GlobalAddAtomW
CreateWaitableTimerA
GetEnvironmentStringsA
OutputDebugStringA
GetStartupInfoW
WriteProfileStringA
LoadLibraryExA
SetTimeZoneInformation
FindNextFileW
GetCurrentThread
GetTempPathA
WritePrivateProfileStringA
GetDateFormatW
lstrcpyn
GetQueuedCompletionStatus
OpenEventA
ReadConsoleOutputW
WriteConsoleInputA
CreateRemoteThread
WriteConsoleInputW
WriteFileEx
GlobalFree
FindFirstFileExA
VirtualProtectEx
GlobalDeleteAtom
UpdateResourceA
SetConsoleCtrlHandler
lstrcmpiA
GetPrivateProfileStringW
GetExitCodeThread
SetLocaleInfoA
PeekConsoleInputA
EnumResourceTypesW
SetFileTime
CopyFileExA
FillConsoleOutputAttribute
SetCurrentDirectoryA
GetThreadTimes
lstrcmpi
GetProcessPriorityBoost
FlushFileBuffers
Thread32First
OpenWaitableTimerW
WideCharToMultiByte
GetSystemTime
GetStringTypeW
ReleaseMutex
FlushConsoleInputBuffer
WaitForMultipleObjectsEx
WriteConsoleOutputCharacterW
FileTimeToLocalFileTime
GetPrivateProfileStringA
LocalFree
InterlockedDecrement
GetTempFileNameW
CreateSemaphoreW
PulseEvent
GetLargestConsoleWindowSize
GetNumberFormatA
ExpandEnvironmentStringsA
SetThreadContext
UnlockFile
VirtualQueryEx
GlobalAddAtomA
GlobalFlags
HeapUnlock
GetACP
GetTimeFormatA
InterlockedIncrement
HeapCompact
GetCommandLineW
Thread32Next
WritePrivateProfileStructW
OpenFile
LocalShrink
WriteConsoleA
RemoveDirectoryA
GetEnvironmentVariableA
DebugBreak
GetFileTime
EnumResourceTypesA
GetCurrencyFormatA
UnlockFileEx
GetPrivateProfileSectionA
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
HeapSize
lstrcatW
GetUserDefaultLangID
SetThreadPriority
OpenEventW
FreeEnvironmentStringsW
GetSystemDefaultLangID
EnumSystemLocalesA
ReadProcessMemory
lstrcmpA
GetCurrencyFormatW
WritePrivateProfileSectionW
GetPrivateProfileStructA
GetAtomNameA
CreateMailslotW
GetProcessHeaps
CompareFileTime
FoldStringW
RtlZeroMemory
GetPriorityClass
TransactNamedPipe
AddAtomW
GetConsoleCursorInfo
GetFullPathNameA
GlobalCompact
GetProcessAffinityMask
WaitForSingleObject
WinExec
ContinueDebugEvent
LocalReAlloc
GetConsoleTitleW
SetEndOfFile
SetComputerNameA
CreateDirectoryExA
lstrcpyA
VirtualFreeEx
GetLogicalDrives
DefineDosDeviceW
WaitNamedPipeW
GlobalFindAtomW
HeapValidate
GetNumberFormatW
CreateMutexW
WriteProfileSectionW
LocalCompact
GetHandleInformation
FreeLibrary
GetCurrentDirectoryW
FindAtomW
HeapDestroy
InterlockedExchangeAdd
SystemTimeToTzSpecificLocalTime
SetCurrentDirectoryW
SetConsoleCP
DuplicateHandle
lstrcatA
lstrcat
GlobalAlloc
WaitForMultipleObjects
ReadFileEx
CreateMailslotA
WriteFile
EnumCalendarInfoExA
MapViewOfFile
WriteConsoleOutputAttribute
SetLastError
IsValidLocale
ReadFileScatter
GetSystemDirectoryA
GetConsoleOutputCP
WriteProfileSectionA
GetWindowsDirectoryA
WaitNamedPipeA
TlsSetValue
GetSystemInfo
GetProfileIntA
SetLocaleInfoW
GetLogicalDriveStringsA
FindFirstChangeNotificationA
SetEvent
TryEnterCriticalSection
Heap32ListNext
Module32First
GetDriveTypeA
GlobalGetAtomNameA
UnhandledExceptionFilter
GlobalGetAtomNameW
RtlFillMemory
BeginUpdateResourceA
GetProcessShutdownParameters
FileTimeToSystemTime
ReadConsoleW
CreateMutexA
DisconnectNamedPipe
FreeConsole
GetStringTypeExW
SetVolumeLabelW
GlobalLock
GetComputerNameW
FindAtomA
SetThreadLocale
GetConsoleCP
TransmitCommChar
GetLongPathNameW
CreateNamedPipeW
GetProfileSectionW
GetLongPathNameA
DisableThreadLibraryCalls
SetEnvironmentVariableW
GetSystemDefaultLCID
ResetWriteWatch
lstrlen
LockFile
GlobalHandle
FreeResource
WriteFileGather
SystemTimeToFileTime
ReadConsoleOutputA
EraseTape
GetLocaleInfoW
GetFileAttributesExA
SetLocalTime
EnumTimeFormatsA
WaitCommEvent
GetStdHandle
SetConsoleActiveScreenBuffer
CreateTapePartition
GetSystemPowerStatus
GetEnvironmentStringsW
GlobalUnfix
GetTimeFormatW
GetLogicalDriveStringsW
SetConsoleMode
GlobalReAlloc
lstrcmp
MulDiv
CreateEventA
GetDiskFreeSpaceA
FindNextFileA
WriteConsoleW
CommConfigDialogA
WaitForSingleObjectEx
Toolhelp32ReadProcessMemory
SetThreadExecutionState
SetFileAttributesA
DeleteCriticalSection
WritePrivateProfileStructA
EnumSystemCodePagesA
GetMailslotInfo
ReadConsoleInputW
TlsAlloc
SetFilePointer
GetProcessTimes
GetPrivateProfileSectionW
GetTempFileNameA
CreateFileMappingA
lstrcmpiW
GetModuleFileNameW
GetThreadPriorityBoost
EnumResourceLanguagesW
MultiByteToWideChar
OpenProcess
SearchPathW
LoadResource
DeviceIoControl
ResumeThread
MoveFileExA
SetThreadPriorityBoost
InitAtomTable
GetThreadPriority
GetStringTypeExA
OpenMutexW
FreeLibraryAndExitThread
LockResource
Sleep
SleepEx
lstrcpy
LeaveCriticalSection
Module32Next
EnumResourceNamesA
LoadLibraryW
ExitThread
FillConsoleOutputCharacterA
FormatMessageA
DeleteFiber
CopyFileA
ReadConsoleInputA
SetConsoleCursorInfo
GetPrivateProfileSectionNamesW
GetUserDefaultLCID
SetVolumeLabelA
CreateDirectoryExW
GetProfileSectionA
CloseHandle
DeleteFileW
EnumDateFormatsExA
OpenFileMappingW
GetWriteWatch
FindResourceExW
GetProcessHeap
FlushViewOfFile
DefineDosDeviceA
SetSystemTimeAdjustment
LocalUnlock
ConnectNamedPipe
SetCriticalSectionSpinCount
RemoveDirectoryW
GetDiskFreeSpaceExW
CreateEventW
lstrlenW
FoldStringA
HeapLock
GlobalFindAtomA
CreateNamedPipeA

wininet

SetUrlCacheHeaderData
FreeUrlCacheSpaceA
SetUrlCacheEntryGroup
CreateUrlCacheEntryW
InternetTimeFromSystemTimeW
InternetSecurityProtocolToStringW
IncrementUrlCacheHeaderData
GetUrlCacheHeaderData
InternetCanonicalizeUrlA
HttpOpenRequestW
InternetShowSecurityInfoByURLA
InternetInitializeAutoProxyDll
InternetGetCertByURLA
InternetGetConnectedStateExW
InternetCrackUrlA
FtpRenameFileW
InternetAutodial
InternetSetDialStateA
UnlockUrlCacheEntryStream
InternetShowSecurityInfoByURL
InternetGoOnline
SetUrlCacheEntryInfoW
InternetShowSecurityInfoByURLW
InternetReadFile
InternetQueryOptionW
FtpGetFileA

user32

LoadMenuIndirectA
LookupIconIdFromDirectoryEx
CloseWindowStation
GetDlgItemTextW
GetComboBoxInfo
SetDlgItemTextW
DestroyCursor
GetAsyncKeyState
MessageBoxA
EnumDisplayDevicesW
SetForegroundWindow
IsCharUpperW
IsCharAlphaA
GetWindowDC
BroadcastSystemMessage
SwapMouseButton
wsprintfW
DlgDirListComboBoxA
SetMenuContextHelpId
LoadCursorFromFileA
GetUserObjectSecurity
CloseDesktop
DrawCaption
GetScrollRange
GetKBCodePage
GetUpdateRgn
LockWindowUpdate
EnumDisplaySettingsExA
PackDDElParam
DrawIcon
DdeAbandonTransaction
GetScrollInfo
LoadStringA
EnumWindows
GetDlgItem
SetMenuItemBitmaps
ReleaseDC
FindWindowA
TabbedTextOutW
GetMenuContextHelpId
CopyImage
CloseClipboard
SetPropA
LoadImageA
TileChildWindows
CharUpperBuffW
GetPropA
EnumPropsW
LoadMenuIndirectW
IsWindowVisible
SetTimer
GetMessageA

shell32

SHGetDataFromIDListW
SHGetSpecialFolderLocation
CheckEscapesW
RealShellExecuteExA
DragQueryFileW
SHFileOperationA

comdlg32

PrintDlgW
FindTextW
ChooseFontW
GetOpenFileNameA
GetOpenFileNameW
ChooseColorW
LoadAlterBitmap
GetFileTitleW
ReplaceTextA

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0a18e5cf711477755537a7f87fe804e

Headers

File Characteristics

Imports

kernel32

wininet

user32

shell32

comdlg32

Sections

.text Size: 114KB - Virtual size: 114KB

.data Size: 283KB - Virtual size: 283KB

.reloc Size: 15KB - Virtual size: 15KB

.bss Size: 2.7MB - Virtual size: 2.7MB

.text
Size: 114KB - Virtual size: 114KB

.data
Size: 283KB - Virtual size: 283KB

.reloc
Size: 15KB - Virtual size: 15KB

.bss
Size: 2.7MB - Virtual size: 2.7MB