9b299a6370a25b0c0a316ac5d3b9b305 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9b299a6370a25b0c0a316ac5d3b9b305
Size

490KB
MD5

9b299a6370a25b0c0a316ac5d3b9b305
SHA1

f81a555006daade325e1ee92a15b878990deb213
SHA256

45f918e0d6b24cec490164ee06f5b8c0c0c4eb2e05e394697b5011d4beb52d22
SHA512

b46d0f5a7ddf13e43724c0102f13d00646ff38ae6ffb8ce662d249788daa1a8fd6180eac3fc8b4be1a6462634327119f6e7654b771a711a5c098386404585935
SSDEEP

12288:xseraFIW6UBPHLfWDupGJ3gh+5FGGUkQgiM:xseGFwUprlp2wcdj/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/w2loader PRO30/w2loader PRO30/wloader.exe

Files

9b299a6370a25b0c0a316ac5d3b9b305
.zip
w2loader PRO30/ELITEGROUNDS.txt
w2loader PRO30/w2loader PRO30/ELITEGROUNDS.txt
w2loader PRO30/w2loader PRO30/readme.txt
w2loader PRO30/w2loader PRO30/wloader.exe
.exe windows:4 windows x86 arch:x86

043c8e21cfef6c160bfbc2f6f8c3cac7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

urlmon

URLDownloadToFileA

winmm

sndPlaySoundA

wsock32

WSACleanup

Sections

pec1
Size: 240KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE