2a5db350ef1ee06356397b4e8427b83e

Sharing

Copy URL Twitter E-mail

General

Target

2a5db350ef1ee06356397b4e8427b83e
Size

1.3MB
MD5

2a5db350ef1ee06356397b4e8427b83e
SHA1

7cf10f9a64480463e83f1eb8031948ae0a93c575
SHA256

e56dc2e9a56976989ca025a99c50a89004840efe61097a98152838e9bf84ebba
SHA512

7f493f3221ba9275e902ad3763f99f9dedad520c6911f450bddc6a53f3c1d87bbb551802596bbafad3ddc30e930a7c00712b2de0ce520c8e583766a013d0194d
SSDEEP

24576:772Ogvo+QHZUhC5z7wdlOgvo+QHZUhC5zRwGOzYA+4n:7qCVKA1sdlCVKA1OGAE4n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a5db350ef1ee06356397b4e8427b83e

Files

2a5db350ef1ee06356397b4e8427b83e
.exe windows:4 windows x86 arch:x86

8b1cdc1014a69f998a62d14ae76c6c08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetSystemDirectoryW
SizeofResource
GetModuleFileNameW
CreateFileW
lstrcmpW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
FindClose
GetLocalTime
CreateFileMappingW
LockResource
CreateEventW
SetCurrentDirectoryW
FindNextFileW
CloseHandle
lstrcpyA
GetPrivateProfileStringW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalFree
GetModuleHandleW
InterlockedDecrement
LoadResource
FindResourceW
UnmapViewOfFile
MapViewOfFile
GetSystemTimeAsFileTime
FindFirstFileW

user32

GetMessageW
DispatchMessageW
IsWindow
CreateDialogParamW
GetDesktopWindow
SetWindowLongW
GetWindowLongW
MessageBoxA
IsDialogMessageW
GetForegroundWindow
TranslateMessage
wsprintfW
FindWindowW
wsprintfA
KillTimer
PostMessageW
PostQuitMessage
SetTimer
DestroyWindow

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
GetUserNameW
RegSetValueExW

shell32

ShellExecuteW

ole32

CoInitialize
OleRun
CoUninitialize
CoCreateInstance

oleaut32

GetErrorInfo
SysAllocString
VariantClear
VariantCopy
VariantInit
VariantChangeType
SysFreeString

msvcp80

?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
??Bios_base@std@@QBEPAXXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?width@ios_base@std@@QAEHH@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?uncaught_exception@std@@YA_NXZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

ws2_32

WSAGetLastError
htons
WSACleanup
WSAIoctl
WSAStartup
accept
listen
WSAAsyncSelect
closesocket
socket
bind
recv
htonl

showdlg

ord1

msvcr80

_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
_CxxThrowException
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_vsnprintf_s
strlen
strstr
wcslen
_beginthreadex
_invalid_parameter_noinfo
wcsrchr
fopen
memset
??_V@YAXPAX@Z
rand
srand
??3@YAXPAX@Z
memcpy_s
fwrite
wcscat_s
fclose
_time64
??2@YAPAXI@Z
_amsg_exit

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b1cdc1014a69f998a62d14ae76c6c08

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

ws2_32

showdlg

msvcr80

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB