2c89091fcfafe847ce7ffc605c037114

General

Target

2c89091fcfafe847ce7ffc605c037114
Size

22KB
MD5

2c89091fcfafe847ce7ffc605c037114
SHA1

ae72834622eb549af975d2161d7e49621998339d
SHA256

d36abc2c41893779e4f3cc47a8ed61fa0ba9e33ab024d8aef76b962c86cd7f24
SHA512

6c9c9805c898d79e5abe7c9f044d6d8964af6234ba2ae61afcf3c52141eaf0caf86cbb0ef60f8594bc5f5a66d8a7309d28c2badf84ec6bffb14fb58f79edb07e
SSDEEP

192:3xbp8JBoT2lPe/nlwqyCo8d3iz33Cnbwt73Pr74iwlcE9T9hXscrIGnZy8kZRNv:EYT1vlZyCo9z3R7PVweE9T9NscsIE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c89091fcfafe847ce7ffc605c037114

Files

2c89091fcfafe847ce7ffc605c037114
.dll windows:4 windows x86 arch:x86

137e6f86664f060109990b350a3f7b16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
OpenProcess
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
LoadLibraryA
WriteProcessMemory
VirtualAllocEx
FindClose
FindNextFileA
lstrcpynA
lstrcpyA
lstrcmpA
FindFirstFileA
VirtualProtectEx
GetProcAddress
Module32Next
Process32First
ReadFile
GetModuleFileNameA
ReleaseMutex
TerminateProcess
GetCurrentProcess
lstrcmpiA
Process32Next
GetSystemDirectoryA
lstrlenA
FindResourceA
SizeofResource
LoadResource
CreateFileA
WriteFile
GetTempPathA
GetTickCount
CreateToolhelp32Snapshot
WinExec
CreateMutexA
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
CreateThread
CloseHandle
Module32First
GetCurrentProcessId

user32

SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
wsprintfA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shlwapi

StrStrIA

msvcrt

strcpy
strcmp
_purecall
strcat
strlen
atoi
memset
memcpy
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z

wininet

InternetCloseHandle

Sections

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

137e6f86664f060109990b350a3f7b16

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

wininet

Sections

.bss Size: - Virtual size: 12KB

.data Size: 11KB - Virtual size: 11KB

.shared Size: 1KB - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 12KB

.data
Size: 11KB - Virtual size: 11KB

.shared
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB