2af2e3e54e678ee362bbc8944fe14127

Sharing

Copy URL

Twitter E-mail

General

Target

2af2e3e54e678ee362bbc8944fe14127
Size

100KB
MD5

2af2e3e54e678ee362bbc8944fe14127
SHA1

3510360bae01edf8cebf8c4ec50bcc4cb2cf38f7
SHA256

88f58a611e8227485dbe46f414e1719f6dac37ed71a151888405d3e9e89f8c80
SHA512

c9f8959eacbc1201eb5cd26611559a95fc2b3f63139900e35ce542dad9de752f2b48030acda8b12c43dbd432fc77fe08f9f1608c24b135db002a5514b6561846
SSDEEP

3072:sGAHl1Cr3bSsHEIxLzkk3greqzSbXm8jbxDhh81:pAF1Cr3bSsHEIxL5g1eLmIdf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2af2e3e54e678ee362bbc8944fe14127

Files

2af2e3e54e678ee362bbc8944fe14127
.exe windows:5 windows x86 arch:x86

dbeea143f4240033f3f5daf3fd5ee125

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHBrowseForFolderA
DragQueryFileW
SHGetDesktopFolder
CommandLineToArgvW
SHGetSpecialFolderLocation
SHChangeNotify
DragQueryFileA

ole32

ReleaseStgMedium
CoSetProxyBlanket
CoRevokeClassObject
GetHGlobalFromStream
CoRevertToSelf
StgCreateDocfile
StgOpenStorage
GetRunningObjectTable
CLSIDFromString
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream
CoGetClassObject
CoInitialize
CreateStreamOnHGlobal
CoInitializeSecurity
CreateBindCtx
StringFromCLSID
OleUninitialize
CoCreateGuid
CoInitializeEx
CoImpersonateClient
StringFromGUID2
CoGetInterfaceAndReleaseStream
CreateOleAdviseHolder
CoFreeUnusedLibraries
CoGetContextToken
CreateDataAdviseHolder
CoTaskMemAlloc
CLSIDFromProgID
IIDFromString
CoGetObjectContext
StgCreateDocfileOnILockBytes

msvcrt

sprintf
_ftol
__setusermatherr
strncmp
__p__commode
iswctype
_itoa
memcpy
wcstoul
setlocale
time
wcsrchr
fread
_controlfp
strstr
??1type_info@@UAE@XZ
__wgetmainargs
printf
strchr
_CxxThrowException
wcscat
__p__fmode
??2@YAPAXI@Z
__set_app_type
__dllonexit
_wcsnicmp
_wcsupr
isxdigit
_initterm
wcstol

oleaut32

SysReAllocStringLen
SafeArrayGetLBound
OleLoadPicture
GetActiveObject
VariantCopyInd
SafeArrayCreate
SafeArrayAccessData
VariantChangeTypeEx
SysStringLen
SafeArrayPutElement
CreateErrorInfo
VariantClear
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetElement
VariantInit
SafeArrayPtrOfIndex
VariantCopy
LoadTypeLib
SafeArrayGetUBound
SysFreeString
GetErrorInfo
RegisterTypeLib
VariantChangeType

rpcrt4

NdrClientCall2
RpcBindingFree
CStdStubBuffer_Disconnect
NdrDllRegisterProxy
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
RpcEpResolveBinding
CStdStubBuffer_AddRef
UuidToStringA
RpcBindingSetAuthInfoW
CStdStubBuffer_Invoke
NdrServerCall2
RpcServerUseProtseqEpW
RpcStringFreeW
NdrStubForwardingFunction
UuidCreate
CStdStubBuffer_IsIIDSupported
RpcStringBindingComposeW
NdrStubCall2
RpcRaiseException
UuidFromStringW
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
RpcStringFreeA
NdrOleAllocate
NdrCStdStubBuffer_Release
RpcBindingToStringBindingW
RpcBindingFromStringBindingW
UuidToStringW

user32

GetActiveWindow
GetSysColor
LoadIconA
CharNextA
InvalidateRect
IsWindow
LoadImageW
ReleaseDC
GetMenu
GetSysColorBrush
ChangeMenuW
GetWindowPlacement
GetWindowDC
EnableWindow
GetSystemMenu
GetSystemMetrics
UnhookWindowsHookEx
GetWindow
RedrawWindow
ReleaseCapture
MsgWaitForMultipleObjects
BeginPaint
GetMessageA
IsChild
CheckMenuItem
CreateWindowExW
GetCursorPos
GetWindowTextA
GetSubMenu
GetDlgItemTextA
RegisterClassExA

kernel32

GetThreadLocale
GetLocaleInfoW
GetCPInfo
GetCommandLineW
VirtualAlloc
ExitProcess
CreateFileMappingA
GetProcessHeap
DeviceIoControl
ResetEvent
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
lstrcatA
IsBadReadPtr
GetFullPathNameW
GetCommandLineA
LoadLibraryA
GetSystemDirectoryW
SetEvent
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
LocalAlloc
GetConsoleMode
CloseHandle
GetACP
WriteConsoleW
lstrcpynW
OutputDebugStringW
GetCurrentThread
GetOEMCP
GetCurrentProcessId
GetModuleHandleW
GetUserDefaultLCID
TerminateProcess
FindNextFileA
GetStdHandle
CreateMutexW
SetStdHandle
Sleep
GetVersionExW
TlsAlloc

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbeea143f4240033f3f5daf3fd5ee125

Headers

File Characteristics

Imports

shell32

ole32

msvcrt

oleaut32

rpcrt4

user32

kernel32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 47KB - Virtual size: 106KB

.reloc Size: 512B - Virtual size: 483B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 47KB - Virtual size: 106KB

.reloc
Size: 512B - Virtual size: 483B