2adf2be41f1bca80198a518ca664d6f2

Sharing

Copy URL Twitter E-mail

General

Target

2adf2be41f1bca80198a518ca664d6f2
Size

7.6MB
MD5

2adf2be41f1bca80198a518ca664d6f2
SHA1

329f9a0e60c7c901bb1f29a31f7483ba108d1c04
SHA256

21b3361ba66313bf6e675204df98a40988f7650da0c38e3662c90de92c4741e2
SHA512

b57b13ddc5b82ab2c2f63bb25ec3b34073e5a3d9b7410ba856a68a71bad921ff7caab55de198676a34d6cdd3f11cbfdbbc1e2826579db0afb18e6a90e496ce03
SSDEEP

196608:rnxTdsnag+AlGa/fIcJ1TeGAHLPbrUTdRWSVm:rnxyV+g3IcJpeGAH7+dNm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2adf2be41f1bca80198a518ca664d6f2

Files

2adf2be41f1bca80198a518ca664d6f2
.exe windows:4 windows x86 arch:x86

6c35182ab392f49d110bb6b2af3ffe80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
lstrcatW
FindFirstFileA
LCMapStringA
GetComputerNameW
FreeLibrary
WriteFile
GetProcessTimes
GetCPInfo
MoveFileW
GetEnvironmentVariableW
lstrcmpiA
GetCurrentDirectoryW
GlobalFree
ConnectNamedPipe
SetThreadAffinityMask
GetModuleFileNameW
GetLongPathNameA
SetConsoleTitleA
GetFileAttributesExA
CreateProcessA
GetStartupInfoA
GetTickCount
GetConsoleMode
FindCloseChangeNotification
GetTapeParameters
WriteProcessMemory
FormatMessageA
QueryDosDeviceW
ExitProcess
RaiseException
GetCommModemStatus
_lopen
LocalLock
ReadFileScatter
CloseHandle
LocalReAlloc
Beep
SetProcessAffinityMask
VirtualFree
ReadFile
TlsGetValue
RemoveDirectoryA

user32

IsDialogMessageW
SetWindowsHookW
SetCursor
SetScrollRange
GetUpdateRect
TileWindows
DestroyAcceleratorTable
ScreenToClient
InsertMenuItemA
SetScrollInfo
GetMonitorInfoA
GetMenuItemRect

gdi32

SetTextAlign
SetPolyFillMode
PolyPolyline
CopyMetaFileW
SetPixelFormat
GdiComment
EnumFontsA
PatBlt
SetBkColor
Arc
SetPaletteEntries
SetSystemPaletteUse
CreateFontIndirectA
CombineRgn
EnumFontFamiliesA

comdlg32

GetFileTitleA
ReplaceTextW
GetFileTitleW
FindTextW

advapi32

LookupAccountNameW
DestroyPrivateObjectSecurity
RegEnumKeyW
CryptGetProvParam
InitializeSid
SetSecurityDescriptorDacl
DeregisterEventSource
SetPrivateObjectSecurity
RegRestoreKeyW
RegDeleteValueA
RegOpenKeyExW
GetSecurityDescriptorSacl
RegisterServiceCtrlHandlerA

shell32

Shell_NotifyIconW
SHGetDesktopFolder
DragFinish
ExtractIconA
SHChangeNotify

ole32

WriteClassStg
OleQueryLinkFromData
ProgIDFromCLSID

oleaut32

SysFreeString
SafeArrayGetElement

shlwapi

PathQuoteSpacesW
StrToIntExW
AssocQueryKeyW
UrlGetPartW
PathRelativePathToW
StrCmpIW
PathStripToRootW
SHSetValueA
PathRemoveFileSpecA
PathAppendA
PathFindExtensionA
PathIsDirectoryA
StrFormatByteSize64A
UrlCreateFromPathW

Sections

.text
Size: 8KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c35182ab392f49d110bb6b2af3ffe80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 8KB - Virtual size: 7.3MB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 7.3MB - Virtual size: 7.3MB

.rsrc Size: 68KB - Virtual size: 66KB

.text
Size: 8KB - Virtual size: 7.3MB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 7.3MB - Virtual size: 7.3MB

.rsrc
Size: 68KB - Virtual size: 66KB