2be6fdbe7397e17b7afcdf32c2a8c7f1

Sharing

Copy URL Twitter E-mail

General

Target

2be6fdbe7397e17b7afcdf32c2a8c7f1
Size

413KB
MD5

2be6fdbe7397e17b7afcdf32c2a8c7f1
SHA1

14eb00bd755ee7574daa90e90e32175484601357
SHA256

98293583669797286e3917d5d7c015bb65418636b538738a18ad53350335002d
SHA512

6215a09240afb8e0f9713e1593830a881bcc0aba176cc95efb6855a6edc1bdc08de0f4b5b4c6d8f6625b986ce4d97ea73b7a099428e5a0b4144c1ab36becc18c
SSDEEP

12288:IHx/OexIk521NpbVS4hSKhP0UEq2dekcuM1:WTxetVnhSm6Lvt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2be6fdbe7397e17b7afcdf32c2a8c7f1

Files

2be6fdbe7397e17b7afcdf32c2a8c7f1
.exe windows:4 windows x86 arch:x86

32d65d52fa7e59968c6773de46b1ec9b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetOpenFileNameW
PrintDlgW
PageSetupDlgA
PageSetupDlgW

shell32

SHGetInstanceExplorer
ShellExecuteEx
SHGetDiskFreeSpaceA

advapi32

RegSetValueExA
RegCreateKeyA
CryptDuplicateHash
RegSetKeySecurity
LookupPrivilegeValueA
CryptSetHashParam
RegSetValueExW
CryptDecrypt
LookupAccountSidW
RegDeleteValueA
CryptEnumProvidersW
RegQueryMultipleValuesW
RegSaveKeyW
CryptSetProvParam
ReportEventW
RegQueryValueW
LookupPrivilegeValueW

kernel32

GetStartupInfoW
GetSystemTimeAsFileTime
LCMapStringW
GetEnvironmentStrings
IsBadWritePtr
InitializeCriticalSection
GetStdHandle
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapAlloc
SetEnvironmentVariableA
GetCPInfo
MultiByteToWideChar
EnterCriticalSection
GetDateFormatA
HeapReAlloc
GetCurrentProcessId
GetModuleHandleA
InterlockedExchange
GetCommandLineA
GetSystemInfo
GetOEMCP
FreeEnvironmentStringsW
HeapFree
GetStringTypeA
SetHandleCount
GetModuleFileNameW
GetCurrentProcess
GetCurrentThreadId
FindFirstFileA
VirtualAlloc
LCMapStringA
LoadLibraryA
GetCurrentThread
AllocConsole
RtlUnwind
VirtualQuery
LeaveCriticalSection
GetStartupInfoA
QueryPerformanceCounter
GetProcAddress
GetTimeZoneInformation
VirtualProtect
CommConfigDialogW
GetLocaleInfoW
GetCommandLineW
GetTickCount
GetLocaleInfoA
GetACP
FindFirstFileW
ExitProcess
GetVolumeInformationW
GetLastError
TerminateProcess
WideCharToMultiByte
EnumSystemLocalesA
GetStringTypeW
IsValidCodePage
VirtualFree
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStringsA
SetLastError
HeapDestroy
CreateSemaphoreW
GetModuleFileNameA
GetVersionExA
GetTimeFormatA
CompareStringA
GetProcessAffinityMask
GetFileType
IsValidLocale
DeleteCriticalSection
HeapCreate
WriteFile
GetUserDefaultLCID
GetDriveTypeW
TlsSetValue
HeapSize
TlsGetValue
CompareStringW

user32

GetWindowRgn
DdeDisconnectList
EnableScrollBar
DdeUnaccessData
RealChildWindowFromPoint
IsCharAlphaNumericA
GetKeyboardLayout
WINNLSGetEnableStatus
ShowCursor
GetUpdateRgn
DdeAbandonTransaction
SetLastErrorEx
DdeQueryStringW
SetScrollRange
DialogBoxParamW
GetDlgCtrlID
EnumWindows
SetUserObjectInformationA
MonitorFromPoint
GetClassLongA
ModifyMenuA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32d65d52fa7e59968c6773de46b1ec9b

Headers

File Characteristics

Imports

comdlg32

shell32

advapi32

kernel32

user32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 8KB - Virtual size: 24KB

.data Size: 277KB - Virtual size: 277KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 8KB - Virtual size: 24KB

.data
Size: 277KB - Virtual size: 277KB

.rsrc
Size: 6KB - Virtual size: 6KB