2b5c8149e000ac081ba5ddb6dab02a0e

Sharing

Copy URL

Twitter E-mail

General

Target

2b5c8149e000ac081ba5ddb6dab02a0e
Size

44KB
MD5

2b5c8149e000ac081ba5ddb6dab02a0e
SHA1

b87b2cc2c7e0a0d6162773c6dcbb2a733ebe30e5
SHA256

e799f2ec520a00fb3d58550d30ae036e522cf2a1dc3acb24c27db272444703e0
SHA512

0da80f8819c15c6ad73e1e139465e22fbc134ea04e16f74498eedc8c431e8535706fd554e6b991db7ceb45d2c80d6502582681e4cacc7d6097546021a8ced1fb
SSDEEP

768:ch9o4zItym1+nSCPt4Wo946J2rP8qCSNmJZHuhArFUdRBGrvvPE:coKIo0soO6ErWJZHurqrE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b5c8149e000ac081ba5ddb6dab02a0e

Files

2b5c8149e000ac081ba5ddb6dab02a0e
.exe windows:4 windows x86 arch:x86

1d50e6a5e64bc93d38841973ac284eda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

avicap32

capGetDriverDescriptionA

msvcrt

_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
_beginthreadex
strchr
strncat
exit
strrchr
_CxxThrowException
memcmp
??2@YAPAXI@Z
_ftol
ceil
memmove
??3@YAXPAX@Z
_except_handler3
strcat
_access
_mkdir
rand
__CxxFrameHandler
memcpy
strcpy
strstr
memset
strlen
malloc
realloc
_stricmp
_strupr
_strnicmp
_strcmpi

kernel32

GetStartupInfoA
GetModuleHandleA
WriteFile
GetCurrentThreadId
OpenProcess
lstrcmpiA
MoveFileExA
CreateThread
GetCurrentProcess
CreateFileA
GetFileSize
ReadFile
TerminateThread
lstrlenA
GetLocalTime
GetProcAddress
LoadLibraryA
Process32Next
Process32First
FreeLibrary
GetVersionExA
GlobalMemoryStatusEx
GetSystemInfo
CloseHandle
WaitForSingleObject
Sleep
GetTickCount
lstrcpyA
GetLastError
WinExec
CopyFileA
lstrcatA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
ResetEvent
SetEvent
InterlockedExchange
CancelIo
HeapAlloc
HeapReAlloc
GetProcessHeap
VirtualProtect
IsBadReadPtr
CreateProcessA
MoveFileA
GetPrivateProfileStringA
GetTempPathA
HeapFree
CreateToolhelp32Snapshot
GetSystemDirectoryA
TerminateProcess

user32

OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetUserObjectInformationA
ExitWindowsEx
GetWindowTextA
MessageBoxA
wsprintfA
GetThreadDesktop
OpenDesktopA
PostMessageA
EnumWindows

advapi32

RegQueryValueA
OpenSCManagerA
CreateServiceA
LockServiceDatabase
LookupAccountSidA
RegCreateKeyExA
ChangeServiceConfig2A
UnlockServiceDatabase
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
GetTokenInformation

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

ws2_32

WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
send
WSAGetLastError
gethostname
getsockname
WSACleanup
WSAStartup

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d50e6a5e64bc93d38841973ac284eda

Headers

File Characteristics

Imports

wininet

avicap32

msvcrt

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

wtsapi32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB