2faedcfefd0a4c03a03c761d1e5336cf

Sharing

Copy URL Twitter E-mail

General

Target

2faedcfefd0a4c03a03c761d1e5336cf
Size

1.3MB
MD5

2faedcfefd0a4c03a03c761d1e5336cf
SHA1

fb7d0620dacff17ea6e705d7fc3b38e23e032b2f
SHA256

786a475b47aaf589afc931c15096b53d6a4a47855af88a491510bb4355ae3c6c
SHA512

4c50c46c5209feea31165ce27982aa5d4adc107b4adb7c63a9ff34c5272cddbe5309e501d13ae6333c913b3bf4601adfbe5ac88ccc342b73c4c537168f522a7f
SSDEEP

24576:AqAPLSYYbLOCZv8XgEWO/0HPuBgotdmHMSLIima/bP9:A1ju6kuaotRib9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2faedcfefd0a4c03a03c761d1e5336cf

Files

2faedcfefd0a4c03a03c761d1e5336cf
.exe windows:4 windows x86 arch:x86

f5cabff5d5269c3c2a8a395abc92ffb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

version

GetFileVersionInfoA
VerInstallFileA

msvcrt

_acmdln
wcschr
sprintf
mbstowcs
calloc
malloc
swprintf
atol
sqrt
clock

kernel32

FormatMessageA
GetFileAttributesA
LoadLibraryA
HeapAlloc
Sleep
LocalAlloc
GetFullPathNameA
ReadFile
MulDiv
GetCommandLineA
GetCurrentThread
GetLastError
GetCurrentThreadId
CreateFileA
lstrlenA
SetLastError
SetEndOfFile
LoadLibraryExA
GetTickCount
GetVersionExA
GetACP
GlobalAlloc
VirtualAlloc
GetThreadLocale
GetCurrentProcessId
HeapDestroy
MoveFileA
GetOEMCP
RtlMoveMemory
SizeofResource
GetProcessHeap

shell32

SHFileOperationA
SHGetSpecialFolderLocation
DragQueryFileA
Shell_NotifyIconA
SHGetDesktopFolder

comctl32

ImageList_DrawEx
ImageList_Draw
ImageList_Add
ImageList_Remove
ImageList_DragShowNolock
ImageList_Destroy
ImageList_Write

ole32

OleCreateStaticFromData
CreateBindCtx
StgCreateDocfileOnILockBytes

gdi32

SelectObject
CreateCompatibleBitmap
SetPixel
CreateFontIndirectA
GetObjectA
SetBkMode
CreatePenIndirect

shlwapi

PathIsDirectoryA
SHDeleteValueA

Sections

CODE
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 1024B - Virtual size: 631B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5cabff5d5269c3c2a8a395abc92ffb3

Headers

File Characteristics

Imports

version

msvcrt

kernel32

shell32

comctl32

ole32

gdi32

shlwapi

Sections

CODE Size: 44KB - Virtual size: 44KB

.rdata Size: 129KB - Virtual size: 129KB

.text Size: 635KB - Virtual size: 634KB

.data Size: 388KB - Virtual size: 2.6MB

BSS Size: 1024B - Virtual size: 631B

.tls Size: 512B - Virtual size: 108B

INIT Size: 512B - Virtual size: 24B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 82KB - Virtual size: 82KB

CODE
Size: 44KB - Virtual size: 44KB

.rdata
Size: 129KB - Virtual size: 129KB

.text
Size: 635KB - Virtual size: 634KB

.data
Size: 388KB - Virtual size: 2.6MB

BSS
Size: 1024B - Virtual size: 631B

.tls
Size: 512B - Virtual size: 108B

INIT
Size: 512B - Virtual size: 24B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 82KB - Virtual size: 82KB