2b3597c6f6ff59cbe63e996d77c86d76

Sharing

Copy URL Twitter E-mail

General

Target

2b3597c6f6ff59cbe63e996d77c86d76
Size

599KB
MD5

2b3597c6f6ff59cbe63e996d77c86d76
SHA1

d95b860ce7fe9c078b6c0988379939c767b07472
SHA256

09399c1e10bca6e9e7425cd01b99e27ff6d09d2cca68e7f541577fd5fec1d486
SHA512

e37ee76359661439eb98f8230849f677edf44248670062b7dff4b31dd66321e789f6ef47d6643134443eb713b86e52d55d44396ef50e4caf1f981926c37214ec
SSDEEP

12288:STRvaZVV1FLDIXHgWNtZvYDPv4fjn07AF+uY:uFaZVL9EPL4PgfjnMAFvY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b3597c6f6ff59cbe63e996d77c86d76

Files

2b3597c6f6ff59cbe63e996d77c86d76
.exe windows:4 windows x86 arch:x86

b5eec9d2a1c04794c9689bda6304d14e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetTextJustification
DrawEscape
EqualRgn
PatBlt
CreateEnhMetaFileW
EnumFontFamiliesExW
OffsetViewportOrgEx
GetMetaRgn
GetViewportOrgEx
PtInRegion
GetBitmapBits
EndPath
TextOutA
SetBitmapDimensionEx
GetEnhMetaFileDescriptionA
GetBoundsRect
GetTextFaceW
CreatePatternBrush
AngleArc
CloseEnhMetaFile
CreateEllipticRgn
OffsetClipRgn
EnableEUDC
PolyPolyline
CreateRectRgn

user32

SendDlgItemMessageA
SetCaretPos
DispatchMessageA
SetTimer
OffsetRect
GetMenuContextHelpId
ReuseDDElParam
InsertMenuA
GetMenuStringW
DdeAccessData
DdeUninitialize
BeginPaint
RealChildWindowFromPoint
MapVirtualKeyW
CreateMDIWindowA
DrawTextExA
BroadcastSystemMessage
GetAncestor
GetKeyboardLayoutNameA
GetMenuItemCount
EnumPropsW
CharLowerBuffW
SetForegroundWindow
IsDialogMessageA
SetShellWindow
DdeCreateStringHandleA
WindowFromPoint
MsgWaitForMultipleObjectsEx
CharNextExA
GetMessageW
EnableWindow
LoadCursorW
CopyAcceleratorTableA
MapVirtualKeyA
LoadStringW
OpenInputDesktop
GetCapture
GetScrollInfo
ReleaseDC
SetWindowsHookA
InflateRect
OpenClipboard
DefDlgProcA
CharLowerBuffA

wsock32

connect
getprotobyname
WSAAsyncGetHostByName
select
ntohs
setsockopt
ord1116
ntohl
getprotobynumber
getpeername
ord1115
ord1118
htons
ord1110
ord1113
WSAStartup
WSAAsyncGetProtoByNumber
WSAAsyncGetProtoByName
gethostname
ord1114
gethostbyname
ord1000
ord1106
WSAIsBlocking
ord1111
htonl
ord1117
__WSAFDIsSet
WSAGetLastError
WSACleanup
inet_ntoa
ord1109
WSASetBlockingHook
shutdown
WSACancelAsyncRequest
socket
WSAAsyncSelect
WSASetLastError
WSAAsyncGetHostByAddr
WEP
ord1130
accept
getsockopt

shell32

InternalExtractIconListA
ShellHookProc
SHGetDesktopFolder
SHInvokePrinterCommandW
SHGetDataFromIDListW
SHQueryRecycleBinW
FindExecutableW
CommandLineToArgvW
CheckEscapesW
SHGetPathFromIDList
SHGetSettings
ShellAboutA
FreeIconList
SHQueryRecycleBinA
SHFileOperationW
SHGetSpecialFolderLocation
SHBrowseForFolder
DragFinish
SHGetFileInfo
ExtractAssociatedIconW
SHBrowseForFolderA
SHUpdateRecycleBinIcon
SHGetDiskFreeSpaceA
DragAcceptFiles
ShellExecuteA
DragQueryFileW
ExtractIconA
SHLoadInProc
ShellExecuteExW
DragQueryFileAorW
DragQueryFile
SHGetNewLinkInfo
SHAddToRecentDocs
RealShellExecuteExA
DoEnvironmentSubstW
SHInvokePrinterCommandA
SHGetPathFromIDListW
ExtractIconExW

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
GetCalendarInfoW
SuspendThread
ReadConsoleA
CreateFileA
OpenEventA
TerminateThread
GlobalUnfix
VirtualFreeEx
FindNextFileA
GetThreadLocale
GetDiskFreeSpaceExA
Module32Next
LoadModule
CreateNamedPipeA
EraseTape
GetTempPathW
ContinueDebugEvent
GetShortPathNameW
GetSystemTime
GetConsoleMode
GlobalFindAtomW
DebugBreak
SetCurrentDirectoryW
TlsFree
GetTempFileNameW
CreateFileMappingW
WaitForSingleObject
lstrcatA
EnumTimeFormatsW
SetPriorityClass
GetWriteWatch
lstrcmpA
GetCurrencyFormatW
FindAtomA
GetVersion
EnumResourceTypesA
FreeEnvironmentStringsA
ReleaseSemaphore
LockResource
UnmapViewOfFile
ConvertDefaultLocale
GetNumberFormatW
SleepEx
EnumDateFormatsA
CreateMailslotA
SetConsoleCP
GetVersionExW
CreateRemoteThread
lstrcmp
GetThreadTimes
CreateFileMappingA
EnumResourceLanguagesW
CreateProcessA
LoadLibraryExA
FormatMessageW
lstrlen
GetTimeFormatW
OpenWaitableTimerW
GetThreadContext
IsValidCodePage
CreateThread
WriteProfileStringA
InitializeCriticalSection
VirtualProtect
CreateToolhelp32Snapshot
GetStartupInfoA
GetConsoleCursorInfo
GetPrivateProfileStringW
GetDiskFreeSpaceW
GetQueuedCompletionStatus
ReadConsoleOutputCharacterW
GetStringTypeW
GetPrivateProfileStringA
LocalUnlock
WriteConsoleOutputCharacterW
Thread32First
WriteProfileSectionA
CreateWaitableTimerW
VirtualAllocEx
WritePrivateProfileStringA
GetCurrentDirectoryA
ResetEvent
CompareStringA
UpdateResourceA
GetProfileStringW
CreateEventW
EnumDateFormatsExA
UnhandledExceptionFilter
ReadFile
FreeLibraryAndExitThread
FileTimeToDosDateTime
GetLongPathNameW
GetNumberFormatA
SetConsoleCursorPosition
GetSystemTimeAdjustment
SetThreadPriorityBoost
CreateProcessW
InitAtomTable
GetDriveTypeW
GetFullPathNameW
MapViewOfFile
GlobalFix
GetThreadPriorityBoost
FreeLibrary
CreateMailslotW
GetAtomNameA
GetConsoleScreenBufferInfo
GetLocaleInfoW
ConnectNamedPipe
GetPrivateProfileStructA
HeapSize
WriteConsoleInputW
HeapWalk
GetExitCodeProcess
GetStringTypeA
SetConsoleActiveScreenBuffer
SearchPathW
FoldStringA
GetProcessTimes
FindFirstFileExA
GetTempFileNameA
GetPrivateProfileSectionA
OpenFileMappingW
RemoveDirectoryW
GlobalSize
PeekConsoleInputA
EnumSystemCodePagesA
FindFirstChangeNotificationW
DeviceIoControl
SetWaitableTimer
Module32First
DebugActiveProcess
ReadConsoleInputW
SetComputerNameA
GetLocaleInfoA
GetLogicalDrives
GetTimeZoneInformation
TlsGetValue
CommConfigDialogA
lstrcmpiW
SetLastError
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsA
EnumCalendarInfoA
Heap32Next
GetCurrencyFormatA
LeaveCriticalSection
SetFileAttributesA
LocalCompact
GetThreadPriority
FindFirstFileA
ReadConsoleInputA
SetFileAttributesW
FindNextChangeNotification
PulseEvent
GetProcAddress
GetProfileStringA
SetThreadContext
GetCalendarInfoA
GetShortPathNameA
SearchPathA
GetProcessVersion
lstrcatW
WriteConsoleOutputCharacterA
GetCompressedFileSizeA
DefineDosDeviceA
GetProcessAffinityMask
HeapUnlock
GetModuleFileNameW
WriteConsoleOutputA
SetThreadExecutionState
lstrcpyA
FindFirstChangeNotificationA
SignalObjectAndWait
Heap32First
lstrcmpiA
EnumSystemCodePagesW
CompareFileTime
GetPriorityClass
WriteConsoleOutputAttribute
UnlockFileEx
GetFileType
LoadLibraryW
GetStringTypeExW
GlobalMemoryStatus
GetPrivateProfileStructW
DefineDosDeviceW
CreateFileW
FillConsoleOutputCharacterA
CloseHandle
GetStdHandle
CreatePipe
OpenFileMappingA
LocalSize
LockFile
HeapCompact
ReadConsoleOutputW
BeginUpdateResourceA
LocalReAlloc
VirtualFree
DeleteAtom
GetFileAttributesExA
GetLongPathNameA
GetUserDefaultLangID
GetProfileSectionA
LocalHandle
WritePrivateProfileSectionW
EnumResourceLanguagesA
EnterCriticalSection
Toolhelp32ReadProcessMemory
GetLastError
FileTimeToLocalFileTime
DisableThreadLibraryCalls
CreateDirectoryA
CreateMutexA
SetEnvironmentVariableA
lstrcpynA
GetFileAttributesW

comdlg32

PageSetupDlgW
ChooseColorA
FindTextA
GetFileTitleW
ChooseFontW
PrintDlgA
ReplaceTextW
PageSetupDlgA
GetOpenFileNameA
PrintDlgW

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b5eec9d2a1c04794c9689bda6304d14e

Headers

File Characteristics

Imports

gdi32

user32

wsock32

shell32

kernel32

comdlg32

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 322KB - Virtual size: 321KB

.bss Size: 126KB - Virtual size: 125KB

.idata Size: 21KB - Virtual size: 24KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 322KB - Virtual size: 321KB

.bss
Size: 126KB - Virtual size: 125KB

.idata
Size: 21KB - Virtual size: 24KB