2d9432b175f6850[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2d9432b175f6850.exe
Size

70.0MB
MD5

1ea341a63eb812835ada6b4a1489d2b8
SHA1

0dd8cc042c45d8ec9e00d38a9c48513c56536593
SHA256

bbbb8999b2349d20758f7b7703532b7f0c1b6a714451d631ea4cbdf7849cd35d
SHA512

abddff8fdf418ff9d8e313a7963e3aad4aee68f33586427561e4d70dc36ced6d27a8137427d2bdfbabd8dc8d53e7f8a2c92f589f0daaa761bacb64861033c077
SSDEEP

1572864:uCmz0GM6X0O8BZSY5s1Vkehi7XI9n8UFjS9kX23ZY+V+SqgzGW/:uCkMW0O0oVkehiqNdSOGpN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d9432b175f6850.exe

Files

2d9432b175f6850.exe
.exe windows:6 windows x64 arch:x64

448fcc0a4b895fa84c18b1f78ae4ccac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadProcessMemory
WriteProcessMemory
FreeResource
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadResource
LockResource
SizeofResource
LocalAlloc
LocalSize
LocalFree
FormatMessageA
FormatMessageW
lstrcmpiA
lstrlenA
QueryFullProcessImageNameW
FindResourceA
VerifyVersionInfoA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Process32Next
Module32Next
K32EnumProcesses
TerminateThread
TerminateProcess
ExitProcess
OpenProcess
GetCurrentProcess
QueueUserAPC
WaitForMultipleObjects
Sleep
SetWaitableTimer
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
TlsGetValue
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetEndOfFile
HeapReAlloc
GetTimeZoneInformation
DeleteFileW
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetPriorityClass
TlsFree
GetCurrentProcessId
TlsSetValue
OutputDebugStringW
CreateEventW
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
WriteFile
SetFilePointerEx
DuplicateHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
WriteConsoleW
RtlUnwind
GetEnvironmentStringsW
TlsAlloc
LoadLibraryExW
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
ResetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
DecodePointer
EncodePointer
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetFileInformationByHandleEx
CopyFileW
AreFileApisANSI
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
QueryPerformanceFrequency
FindFirstFileExW
FindClose
SleepEx
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
GetLastError
CloseHandle
CreateDirectoryA
VerSetConditionMask
MultiByteToWideChar
HeapAlloc
GetCurrentDirectoryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionEx
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetEnvironmentVariableA
MoveFileExW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForSingleObjectEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
RaiseException
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
GetLocaleInfoEx
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete

user32

GetKeyboardState
GetKeyNameTextW
SendInput
MapVirtualKeyExW
GetKeyboardLayout
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
RegisterClassA
CreateWindowExA
ShowWindow
GetCursorPos
MoveWindow
SetWindowPos
ScreenToClient
GetWindowLongPtrA
SetWindowDisplayAffinity
SetWindowLongPtrA
FindWindowA
GetWindowThreadProcessId
LoadCursorA
MonitorFromWindow
GetMonitorInfoA
GetDpiForWindow
GetCursorInfo
GetForegroundWindow
SetLayeredWindowAttributes
SetCursor
MessageBoxA
SetForegroundWindow
GetKeyState

gdi32

AddFontResourceA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

vcomp140

omp_get_max_threads
omp_get_thread_num
_vcomp_enter_critsect
_vcomp_for_static_end
_vcomp_for_static_simple_init
_vcomp_fork
_vcomp_set_num_threads
_vcomp_leave_critsect

d2d1

ord9
ord1
ord2

dwrite

DWriteCreateFactory

ws2_32

WSARecvFrom
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
setsockopt
select
ntohl
ioctlsocket
closesocket
getaddrinfo
freeaddrinfo
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSASend
WSAWaitForMultipleEvents
ntohs
inet_ntop
inet_pton
htons
socket
bind
recvfrom
sendto
accept
getsockname
listen
WSAIoctl
htonl
__WSAFDIsSet
connect
recv
getpeername
gethostname
WSASendTo
WSASocketW
getsockopt

winmm

PlaySoundA

dwmapi

DwmExtendFrameIntoClientArea
DwmGetWindowAttribute

ntdll

RtlCaptureContext
RtlVirtualUnwind
NtSetTimerResolution
NtQueryTimerResolution
RtlPcToFileHeader
RtlLookupFunctionEntry

crypt32

PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore

bcrypt

BCryptGenRandom

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lol0
Size: - Virtual size: 62.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lol1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lol2
Size: 70.0MB - Virtual size: 70.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 639B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

448fcc0a4b895fa84c18b1f78ae4ccac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

vcomp140

d2d1

dwrite

ws2_32

winmm

dwmapi

ntdll

crypt32

bcrypt

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 3.6MB

.rdata Size: - Virtual size: 564KB

.data Size: - Virtual size: 133KB

.pdata Size: - Virtual size: 112KB

_RDATA Size: - Virtual size: 348B

.lol0 Size: - Virtual size: 62.5MB

.lol1 Size: 2KB - Virtual size: 2KB

.lol2 Size: 70.0MB - Virtual size: 70.0MB

.rsrc Size: 1024B - Virtual size: 639B

.text
Size: - Virtual size: 3.6MB

.rdata
Size: - Virtual size: 564KB

.data
Size: - Virtual size: 133KB

.pdata
Size: - Virtual size: 112KB

_RDATA
Size: - Virtual size: 348B

.lol0
Size: - Virtual size: 62.5MB

.lol1
Size: 2KB - Virtual size: 2KB

.lol2
Size: 70.0MB - Virtual size: 70.0MB

.rsrc
Size: 1024B - Virtual size: 639B