2899a684480501295a2734ce161633e4

General

Target

2899a684480501295a2734ce161633e4
Size

220KB
MD5

2899a684480501295a2734ce161633e4
SHA1

c92f7b2c91f248c70d02081768931bbee2a6da64
SHA256

43006983d98b97dc05b525caaf00acb305ad1cb0a0ca89f23b64910f947729af
SHA512

8e30529314b321b817b2e0bb98726ef6c8b547765f036b0f35fee9f198a6966f099a8f05838012ffeb4ec7a75dbb019708c4199dd055279c5145fb3691f676dd
SSDEEP

3072:5riQHKQHliJuVokBWH7PWazJhkQ7kwwckg9nYzCwoBr2wmYc6JWRIog/:5pzSnJhDkw5nY+bBXkQ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2899a684480501295a2734ce161633e4

Files

2899a684480501295a2734ce161633e4
.exe windows:4 windows x86 arch:x86

2733f3cfa134ebd11c2ac3ca824960f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
VirtualFree
GetLastError
VirtualUnlock
Sleep
VirtualAlloc
VirtualProtect
OpenMutexA
LocalReAlloc
VirtualQuery
GetSystemDirectoryA
LoadLibraryA
GetCurrentProcess
GetProcAddress
ResetEvent
GetModuleHandleA
ExitProcess
VirtualAllocEx
VirtualLock
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapSize
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetCurrentThreadId
GetACP
HeapFree
GetSystemInfo
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetStartupInfoA
GetCommandLineA
GetVersionExA
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

user32

GetWindow
FindWindowA
IsWindowVisible
DestroyWindow
LoadCursorA
GetSysColorBrush
GetDC
GetCursorPos
ShowWindow
ReleaseDC
CreateIcon
IsIconic
SetCursorPos
GetWindowRect
SetCursor
SetTimer
GetDesktopWindow

gdi32

CreateDIBPatternBrushPt

shell32

ord256
ord165

psapi

GetWsChanges

msvfw32

ICInstall

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2733f3cfa134ebd11c2ac3ca824960f4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

psapi

msvfw32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 32KB - Virtual size: 32KB

.rsrc Size: 156KB - Virtual size: 153KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 156KB - Virtual size: 153KB