2d0ed169de035d25cc528e469c12de23

Sharing

Copy URL Twitter E-mail

General

Target

2d0ed169de035d25cc528e469c12de23
Size

1.7MB
MD5

2d0ed169de035d25cc528e469c12de23
SHA1

bd28949c75723a24821d2c18fced4a0c3fc658cb
SHA256

e80d4d3d8eb1b05daccb2c3d57af81137f3f72122add764e1ee4be88c28aa9a4
SHA512

375d814028f05f0f53d20d3208b34aaf2b299c4f883fb63cf4f810500c32f83268fdc01c0bcc81105e2ceeed4e612634c0cb09c2ec6eaeef25e157284c40b4fe
SSDEEP

49152:nTT3oG2KIWHAf6bjvvJWk+JmEF0ZRzKsg4OJk4Jn:n4G//AibjnJWbJLqrWR4Ik4Jn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d0ed169de035d25cc528e469c12de23

Files

2d0ed169de035d25cc528e469c12de23
.exe windows:4 windows x86 arch:x86

734104af4f5702e678eb34ea3646f5c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_strnicmp
strncmp
strncpy
_strdup
free
sprintf
_stricmp
strlen
strcmp
memmove
strcpy
strcat
memcmp
memcpy
_CIlog
floor
ceil
_CIpow
fclose
fopen
fseek
localtime
mktime
atoi
gmtime
time
srand
rand
malloc
fread
fwrite
ftell
ferror

kernel32

GetModuleHandleA
HeapCreate
CreateMutexA
GetLastError
HeapDestroy
ExitProcess
MultiByteToWideChar
WaitForSingleObject
GetStartupInfoA
CreateProcessA
GetDiskFreeSpaceExA
SetErrorMode
GetDriveTypeA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetVersionExA
GetCurrentProcess
SetFileAttributesA
RemoveDirectoryA
HeapFree
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
SuspendThread
ResumeThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
DuplicateHandle
CreatePipe
GetStdHandle
GetEnvironmentVariableA
SetEnvironmentVariableA
PeekNamedPipe
GetExitCodeProcess
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
ReadFile
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
Sleep
WideCharToMultiByte
GlobalAlloc
GlobalFree
SetLastError
MulDiv
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetFileAttributesA
CreateDirectoryA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
DeleteFileA
FindNextFileA
CopyFileA
SetCurrentDirectoryA
GetTempPathA
GetCurrentDirectoryA
GetLocalTime
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore

comctl32

InitCommonControls
InitCommonControlsEx
ImageList_Destroy
ImageList_Remove
ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon

user32

GetClassLongA
GetSysColor
GetWindowLongA
SetWindowLongA
SetWindowPos
GetDesktopWindow
GetWindow
GetWindowTextA
GetWindowTextLengthA
GetDC
SendMessageA
ReleaseDC
ExitWindowsEx
GetSystemMenu
EnableMenuItem
DrawMenuBar
GetDlgCtrlID
IsWindowVisible
SetForegroundWindow
ShowWindow
IsWindow
DestroyWindow
GetParent
SetPropA
MessageBoxA
GetWindowThreadProcessId
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
DestroyIcon
GetIconInfo
FillRect
CopyImage
LoadImageA
CreateIconFromResourceEx
CreateIconFromResource
GetSysColorBrush
CreateWindowExA
SetWindowTextA
GetWindowRect
ScreenToClient
RedrawWindow
InvalidateRect
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateA
EndPaint
SetCapture
CallWindowProcA
GetSystemMetrics
PostMessageA
GetClientRect
DefWindowProcA
LoadCursorA
RegisterClassExA
SetClassLongA
GetPropA
MapWindowPoints
MoveWindow
SetCursor
GetCapture
ValidateRect
RemovePropA
PeekMessageA
TranslateMessage
DispatchMessageA
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
RegisterClassA
AdjustWindowRect
GetActiveWindow
CreateAcceleratorTableA
IsZoomed
IsIconic
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
EnumChildWindows
DefFrameProcA
SetCursorPos
SystemParametersInfoA
GetKeyState
GetCursorPos
SetFocus
GetFocus
IsChild
GetClassNameA
EnumDisplaySettingsA

gdi32

CreateSolidBrush
GetStockObject
SelectObject
GetTextExtentPoint32A
AddFontResourceA
GetObjectType
DeleteObject
CreateCompatibleDC
SetDIBits
DeleteDC
GetObjectA
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateDCA
CreateCompatibleBitmap
CreateDIBSection
SetBkColor
SetTextColor
CreateRectRgnIndirect
SelectClipRgn
SetBkMode
TextOutA
CreatePen
MoveToEx
LineTo
GetDeviceCaps
CreateFontA
SetTextAlign
SetROP2

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegConnectRegistryA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegCreateKeyA
RegSetValueExA
RegEnumValueA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Sections

.code
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

734104af4f5702e678eb34ea3646f5c5

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

gdi32

advapi32

ole32

shell32

Sections

.code Size: 75KB - Virtual size: 74KB

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 62KB - Virtual size: 65KB

.rsrc Size: 11KB - Virtual size: 11KB

.code
Size: 75KB - Virtual size: 74KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 62KB - Virtual size: 65KB

.rsrc
Size: 11KB - Virtual size: 11KB