2d6f6bff90d25bd054b6eb932e162cd6

Sharing

Copy URL Twitter E-mail

General

Target

2d6f6bff90d25bd054b6eb932e162cd6
Size

478KB
MD5

2d6f6bff90d25bd054b6eb932e162cd6
SHA1

31c844503047776dd2bdcc2df03d9b4768458f94
SHA256

5590a867263b2351eec829b91380b82833df15e6672324df28ee54dc41ca1f44
SHA512

9a853880e6abb8b1e3b5738f89963929dcef98380e52c2378d88820b308e5cdd3716e5de13acb669204d7bd3617414d95a46d9b8bf7dde461dfb72bce15095cb
SSDEEP

12288:usMH0eVq/ulMOtLws4lDYOq7e009ZQwW0:dMH0eV2udClDYz7e003QF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d6f6bff90d25bd054b6eb932e162cd6

Files

2d6f6bff90d25bd054b6eb932e162cd6
.exe windows:4 windows x86 arch:x86

1de9d029ce007db52129ddfcaf6c5c00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHBrowseForFolderW

comctl32

InitCommonControlsEx

user32

RegisterClassExA
RegisterClassA
GetThreadDesktop
CreatePopupMenu

advapi32

CryptDuplicateHash
LookupPrivilegeNameA
CryptGetProvParam
RegCreateKeyA
CryptAcquireContextA
RegQueryMultipleValuesW
RegReplaceKeyW
RevertToSelf
CryptSetProvParam
CryptGenRandom
CryptContextAddRef
CryptSetKeyParam
RegEnumValueA
RegQueryValueW
LookupPrivilegeValueA
RegOpenKeyExW
GetUserNameA
LookupAccountNameW
LookupPrivilegeDisplayNameW
RegQueryInfoKeyW
RegOpenKeyA
AbortSystemShutdownA

kernel32

GetVersion
InitializeCriticalSection
CloseHandle
FreeEnvironmentStringsA
GetCommandLineA
HeapDestroy
TerminateThread
EnterCriticalSection
GetEnvironmentStrings
SetStdHandle
GetCPInfo
InterlockedDecrement
LeaveCriticalSection
SetLastError
GetStringTypeA
GetSystemTime
SetHandleCount
LCMapStringW
WriteFile
DeleteCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
InterlockedIncrement
QueryPerformanceCounter
CreateMutexA
RtlUnwind
GetCurrentThreadId
CompareStringA
OpenMutexA
TlsGetValue
EnumResourceNamesW
GetStdHandle
GetCurrentProcessId
GetCurrentDirectoryA
GetCurrentProcess
GetTickCount
SetEnvironmentVariableA
GetModuleHandleA
UnhandledExceptionFilter
IsBadWritePtr
GetACP
TerminateProcess
GetLastError
SetFilePointer
GetOEMCP
VirtualFree
HeapAlloc
GetProcessHeap
GetEnvironmentStringsW
TlsSetValue
VirtualAlloc
VirtualQuery
HeapFree
GetStartupInfoA
GetCurrentThread
GetFileType
InterlockedExchange
TlsAlloc
FreeEnvironmentStringsW
LoadLibraryA
GetTimeZoneInformation
TlsFree
FlushFileBuffers
ExitProcess
MultiByteToWideChar
ReadFile
HeapCreate
GetLocalTime
CompareStringW
GetProcAddress
HeapReAlloc
WideCharToMultiByte
GetModuleFileNameA
LCMapStringA

wininet

ShowX509EncodedCertificate
FtpOpenFileA
GetUrlCacheGroupAttributeA
InternetOpenUrlA
InternetTimeToSystemTime
GetUrlCacheEntryInfoW

gdi32

EnumFontsA
GetEnhMetaFilePaletteEntries
GetDCOrgEx
EnumFontsW
ExtFloodFill
gdiPlaySpoolStream
StrokePath
GetGlyphOutline
FixBrushOrgEx
FillRgn
DeleteObject
CreatePolygonRgn
ExtCreateRegion
CopyEnhMetaFileW
GetWindowExtEx
GetCharacterPlacementW
GetBoundsRect

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1de9d029ce007db52129ddfcaf6c5c00

Headers

File Characteristics

Imports

shell32

comctl32

user32

advapi32

kernel32

wininet

gdi32

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 43KB - Virtual size: 74KB

.data Size: 102KB - Virtual size: 102KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 43KB - Virtual size: 74KB

.data
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 16KB - Virtual size: 15KB