a2d76de939d9cd5e8fe101407d4c2397

Sharing

Copy URL Twitter E-mail

General

Target

a2d76de939d9cd5e8fe101407d4c2397
Size

489KB
MD5

a2d76de939d9cd5e8fe101407d4c2397
SHA1

b8e5c8ee25b85faeae768718e4f3d2bf54aa4086
SHA256

eaff323ad1946495a9e43610da854e87d0aaae54ba7631f78109a62775d9fd1e
SHA512

73866cd1a600a05005e9565eeabad84c41b8b4b8e9339b300a8c4cd88f2b2b82db0b2a3d96440e320ef5f700a7221a3d2ca4864a3f9b0e36a8afd1206c6aabcd
SSDEEP

12288:i5rYV3EiGnsqpjxX3hzu32hfsID6ezLj3ODzIgHT+m+Lq:rV3SUW0grLj+HIgHcL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2d76de939d9cd5e8fe101407d4c2397

Files

a2d76de939d9cd5e8fe101407d4c2397
.exe windows:4 windows x86 arch:x86

56b577027332ec521c68ebdb90dd9f09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
InterlockedIncrement
EnterCriticalSection
FreeEnvironmentStringsA
GetVersionExA
GetCommandLineA
HeapAlloc
LoadLibraryA
GetEnvironmentStrings
TlsAlloc
FreeEnvironmentStringsW
CompareStringW
GetCPInfo
GetLocaleInfoW
WideCharToMultiByte
WriteFile
GetLastError
HeapSize
InitializeCriticalSection
FreeLibrary
UnhandledExceptionFilter
GetStartupInfoA
InterlockedDecrement
GetStartupInfoW
CompareStringA
IsValidLocale
GetTimeZoneInformation
HeapDestroy
GetProcAddress
GetCurrentThread
HeapCreate
HeapFree
EnumSystemLocalesA
GetProcessHeap
RemoveDirectoryW
LCMapStringA
VirtualQuery
Sleep
LCMapStringW
TlsGetValue
GetLocaleInfoA
LeaveCriticalSection
GetDateFormatA
GetUserDefaultLCID
HeapReAlloc
SetUnhandledExceptionFilter
ExitProcess
GetCommandLineW
GetACP
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
SetEnvironmentVariableA
GetModuleHandleA
GetStringTypeW
MultiByteToWideChar
SetConsoleCtrlHandler
GetCurrentThreadId
TlsSetValue
IsDebuggerPresent
GetOEMCP
GetTimeFormatA
GetCurrentProcessId
GetModuleFileNameA
SetHandleCount
GetModuleFileNameW
DeleteCriticalSection
GetTickCount
IsValidCodePage
GetEnvironmentStringsW
GetStringTypeA
VirtualFree
TlsFree
RtlUnwind
GetStdHandle
GetSystemTimeAsFileTime
InterlockedExchange
SetLastError

shell32

DoEnvironmentSubstA
SHFormatDrive
CommandLineToArgvW
ExtractAssociatedIconW
SHGetDataFromIDListA
FindExecutableW
SheSetCurDrive
SheGetDirA
RealShellExecuteExA
SHGetSpecialFolderPathA
SHAddToRecentDocs
DragFinish
SHFreeNameMappings
DuplicateIcon
SHInvokePrinterCommandW
SHGetNewLinkInfo
SHChangeNotify
ShellHookProc
SHFileOperation
SHGetPathFromIDListW
DragAcceptFiles
RealShellExecuteA
SHGetFileInfoA
FreeIconList

wininet

FindNextUrlCacheEntryW
FtpGetFileW
InternetSetDialState
FreeUrlCacheSpaceA
InternetTimeFromSystemTimeW
InternetAutodial

comdlg32

ChooseFontA
GetSaveFileNameW
GetSaveFileNameA
PrintDlgW

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56b577027332ec521c68ebdb90dd9f09

Headers

File Characteristics

Imports

kernel32

shell32

wininet

comdlg32

Sections

.text Size: 165KB - Virtual size: 165KB

.data Size: 313KB - Virtual size: 312KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 165KB - Virtual size: 165KB

.data
Size: 313KB - Virtual size: 312KB

.rsrc
Size: 9KB - Virtual size: 9KB