2b351db374f989e9d6d4086fedfd7c50

Sharing

Copy URL Twitter E-mail

General

Target

2b351db374f989e9d6d4086fedfd7c50
Size

5.4MB
MD5

2b351db374f989e9d6d4086fedfd7c50
SHA1

073152b5f772331123b5f2f0b0af8f650f00889f
SHA256

fb04e57d3b5cc9bed5c49df59abfb859af5895c01866076af4e8e6521d12b59e
SHA512

8cdf2d60329bfa6653711d4556d9aa56e2cb0323eaae63b57d8db6de76d763808856fae9f2d0576f7a51bd4ce56041d95251ad59499547f2a0e2901a6a90718a
SSDEEP

98304:1bbW4FUAWNHix3okw4asD/ZHZHniXmAad41GIhj9qhK+L+4gJRSzVTlRUBpoqj0q:VW0UA+iQ8Z5W/BjC9DZTjtqj0h2hT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b351db374f989e9d6d4086fedfd7c50

Files

2b351db374f989e9d6d4086fedfd7c50
.exe windows:5 windows x64 arch:x64

fba7d44efae602564b2168cebca83039

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
LockFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowContextHelpId

gdi32

SaveDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegCreateKeyA

shell32

ShellExecuteA

shlwapi

PathFindExtensionA

oledlg

ord8

ole32

OleCreateFromFile

oleaut32

VariantInit

urlmon

URLDownloadToFileA

pskernel

PK_BODY_imprint_body

iphlpapi

GetAdaptersInfo

wininet

FtpRenameFileA

version

GetFileVersionInfoA

libufun

UF_MODL_ask_adjac_faces

libugopenint

UF_UI_select_with_single_dialog

hid

HidP_GetCaps

setupapi

SetupDiGetDeviceInterfaceDetailA

ws2_32

WSAAsyncSelect

netapi32

Netbios

Exports

Exports

?NXSigningResource@@YAXXZ

Sections

.text
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: - Virtual size: 923B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fba7d44efae602564b2168cebca83039

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

urlmon

pskernel

iphlpapi

wininet

version

libufun

libugopenint

hid

setupapi

ws2_32

netapi32

Exports

Exports

Sections

.text Size: - Virtual size: 6.8MB

.rdata Size: - Virtual size: 3.4MB

.data Size: - Virtual size: 183KB

.pdata Size: - Virtual size: 350KB

.idata Size: - Virtual size: 90KB

.didat Size: - Virtual size: 923B

.vmp0 Size: - Virtual size: 3.7MB

.vmp1 Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: - Virtual size: 6.8MB

.rdata
Size: - Virtual size: 3.4MB

.data
Size: - Virtual size: 183KB

.pdata
Size: - Virtual size: 350KB

.idata
Size: - Virtual size: 90KB

.didat
Size: - Virtual size: 923B

.vmp0
Size: - Virtual size: 3.7MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 4KB - Virtual size: 3KB