2787da5b067f7ea95a371759cd197f32

Sharing

Copy URL

Twitter E-mail

General

Target

2787da5b067f7ea95a371759cd197f32
Size

104KB
MD5

2787da5b067f7ea95a371759cd197f32
SHA1

3c6bc6b49aa34afbae62fd4e3c6d9e17dcc39b31
SHA256

09d8a3969d7d7ea093564f8f2aa3c0a8083c07174ed838b7f57fb26e20c6a8ac
SHA512

30c832a551cd669ee1baf91e52508c95fe9b76abe81ac9c3fd0d0f1cbc670f3a592de7080e9b2aea52a0efbf4e19a0d284a702443be61039896cefb90cb48d27
SSDEEP

1536:+/W0NjhAcBkD3RNE0fRQCM/rckfOc+ZtfCiq+g75izPSXPxd:+/W0NjNkD3nE+dYOBZVCiq9IzP4Pv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2787da5b067f7ea95a371759cd197f32

Files

2787da5b067f7ea95a371759cd197f32
.exe windows:4 windows x86 arch:x86

0b0dbeb7850d3b826330ec54831f381e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteFile
lstrcpyA
HeapAlloc
IsBadReadPtr
HeapFree
GlobalFree
GlobalAlloc
GlobalUnlock
lstrcmpiA
GetCurrentThreadId
OutputDebugStringA
lstrcatA
GetSystemInfo
ReadFile
GetVersionExA
GetCurrentProcess
CreateThread
OpenEventA
SetErrorMode
GetModuleFileNameA
FindClose
FindFirstFileA
WritePrivateProfileStringA
LocalAlloc
GetCurrentProcessId
GetLocalTime
FreeLibrary
RaiseException
GetStartupInfoA
GetModuleHandleA
GetTickCount
InterlockedExchange
SetEvent
ResetEvent
GetLastError
WaitForSingleObject
CloseHandle
VirtualAlloc
LeaveCriticalSection
Sleep
VirtualFree
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetComputerNameA

user32

OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
GetCursorPos
DestroyCursor
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MapVirtualKeyA
SetCursorPos
WindowFromPoint
SetCapture
SendMessageA
SystemParametersInfoA
LoadCursorA
MessageBoxA
ExitWindowsEx
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
wsprintfA
PostMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
CloseServiceHandle
DeleteService
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

msvcrt

??1type_info@@UAE@XZ
calloc
strncat
_except_handler3
_beginthreadex
realloc
_errno
_strrev
strchr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strnicmp
_stricmp
_strcmpi
_strnset
free
strncmp
atoi
putchar
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
memmove
ceil
_ftol
puts
strstr
??2@YAPAXI@Z
rand
sprintf
strncpy
malloc
strrchr

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b0dbeb7850d3b826330ec54831f381e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 16B