2633af26ad426b7a4c207e4c4807f412

Sharing

Copy URL Twitter E-mail

General

Target

2633af26ad426b7a4c207e4c4807f412
Size

20KB
MD5

2633af26ad426b7a4c207e4c4807f412
SHA1

af5f57ef992d4c57eea922267a7345e7a4331074
SHA256

16a741e3f6ad6e789b42e2a5f0f58ec2c3928de5086fe32ff9c50f98fa850179
SHA512

c282c80bcf25a03d8ea44ce0c2b8cca3910120654156faf76931a79edc495377bad21ea30e2e204dba1ad73647a916832b84131b06d36824c7bbbad9219704c1
SSDEEP

192:c3swhwI75vUa8hY9fMtjPPKmJ6G5e5t867ZgHKLhG3zkYP1oyns:mswhx7VUzh8fMZdpe5IHKL0kO1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2633af26ad426b7a4c207e4c4807f412

Files

2633af26ad426b7a4c207e4c4807f412
.exe windows:4 windows x86 arch:x86

51a71f99f018a0661e1df67d91dbc503

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpynA
WaitForSingleObject
GetDriveTypeA
GetLastError
CreateMutexA
lstrcmpA
GetModuleFileNameA
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
CreateProcessA
CreateFileA
WritePrivateProfileStringA
CreateDirectoryA
TerminateProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
lstrcmpiA
ReadProcessMemory
GetThreadContext
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
Sleep
CloseHandle
lstrlenA
lstrcpyA
CopyFileA
GetStartupInfoA

user32

wsprintfA
DefWindowProcA
PostQuitMessage
SendMessageA
CreateWindowExA
DispatchMessageA
TranslateMessage
GetMessageA
KillTimer
MessageBoxA
RegisterClassA
SetTimer
UnregisterDeviceNotification
RegisterDeviceNotificationA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

msvcirt

?openprot@filebuf@@2HB
?open@ofstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
?endl@@YAAAVostream@@AAV1@@Z
?close@ofstream@@QAEXXZ
??0ofstream@@QAE@XZ
??1ofstream@@UAE@XZ
??1ios@@UAE@XZ
??_Dofstream@@QAEXXZ

rpcrt4

UuidFromStringA

shlwapi

PathFileExistsA

ntdll

ZwUnmapViewOfSection
RtlUnwind
_alloca_probe
atoi

msvcrt

_initterm
__getmainargs
__setusermatherr
exit
_XcptFilter
_exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
__argc
__CxxFrameHandler
_stat
__argv

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

51a71f99f018a0661e1df67d91dbc503

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcirt

rpcrt4

shlwapi

ntdll

msvcrt

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB