2c57094ba8434a2f6a2275dbbcc1a4ed

Sharing

Copy URL Twitter E-mail

General

Target

2c57094ba8434a2f6a2275dbbcc1a4ed
Size

180KB
MD5

2c57094ba8434a2f6a2275dbbcc1a4ed
SHA1

8300070c307c247afab0dfc485e57d3fabed8947
SHA256

eb07c9649a29fd58ff8f63905e19172be64dfee02ae666cabebac541c540d1a4
SHA512

e9fb5b216a8324445508bce8acf634ba6e5365d619b355ce43b9b6d66e88752a6a9fe10c2758a8f99fe939b9fe688975fa0a6f88bfeaa3cf39df3bc24009541d
SSDEEP

3072:AoDWCKy7OmJzHsl4BYkzfgtal0hA8tchW7v2+RrwLm7dDhqQIUyT0gm:FWC/7OmRHRBYcfgtal0A8tch+vjRMqTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c57094ba8434a2f6a2275dbbcc1a4ed

Files

2c57094ba8434a2f6a2275dbbcc1a4ed
.exe windows:5 windows x86 arch:x86

7616ac230dab5ef1a07e03b5a3f222ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsFree
DnsQuery_A

kernel32

Sleep
GetModuleFileNameA
GetCurrentProcessId
FormatMessageA
InterlockedCompareExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InterlockedExchange
IsDebuggerPresent

rv01

ord44288
ord44289
ord44209
ord44290
ord44276
ord44285
ord44286
ord44275
ord44274
ord44216
ord44329
ord44314
ord44265
ord44319
ord44335
ord44322
ord44325
ord3
ord44212
ord44266
ord20
ord44284
ord44313
ord44267
ord5
ord44268
ord44316
ord44203
ord4
ord27
ord44311
ord44324
ord44323
ord44270
ord44287
ord44327
ord44211
ord44213
ord2
ord44210
ord44326
ord44321
ord44214
ord44332
ord6
ord44331
ord44278
ord44279
ord44280
ord44277

msvcr90

_read
_access
_chdir
_unlink
_umask
_spawnlp
_close
_strdup
_lseek
_strnicmp
_write
_getcwd
_mkdir
_dup
memcpy
_open
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_vsnprintf
_localtime64
isspace
strnlen
fgets
malloc
sscanf
system
exit
__iob_func
signal
_errno
printf
fopen
fprintf
_fileno
_setmode
_splitpath
fclose
rename
sprintf
_mktime64
_ctime64
_gmtime64
free
_fstat64i32
strstr
strchr
fflush
atoi
isprint
strncpy
isalpha
strftime
strrchr
_time64
realloc
perror
fputc
strncmp
calloc
fputs
isalnum
memset

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7616ac230dab5ef1a07e03b5a3f222ef

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

kernel32

rv01

msvcr90

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 5KB - Virtual size: 5KB